Finland succeeds in cyber security comparisons
The National Cyber Security Index is a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI index has 46 different indicators which measures for example cyber security policy development, cyber threat analysis, fight against cybercrime and protection of digital services. Look all the indicators here.
The NCSI Score shows the percentage the country received from the maximum value of the indicators. The maximum NCSI Score is always 100 (100%) regardless of whether indicators are added or removed.
The National Cyber Security Index top 20 countries

Greece gets the highest score in 2021 Cyber Security Index. Finland ranks tenth in the comparison with 85,71 points. Almost all leading countries are European countries. Last in the comparison are Tuvalu, Solomon Islands, Burundi and Congo with 2.6 points and South Sudan with 1.3 points.
Read more: NCSI
Finland ranks 22nd in the ITU Cyber Security Index
The Global Cybersecurity Index (GCI) is an initiative of the International Telecommunication Union (ITU), the UN specialized agency for ICTs. The year 2022 edition of the Global Cybersecurity Index is based on data and questionnaire collected in 2020.
The Global Cybersecurity Index top 22 countries

The United States has received the highest scores in the ITU index. The other top countries are Great Britain, Saudi Arabia and Estonia. Finland is 22nd with 95,78 points. The last countries in the comparison are North Korea (1,35 points), Equatorial Guinea (1,46 points) and Eritrea, Burundi and Djibouti (1,73 points). Due to the different methodology, the results are not comparable with the NCSI index.
Read more: ITU
The security budgets vary widely across the EU
The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. In 2020, ENISA published its first report on network and information systems (NIS) investments in an attempt to collect data on how Operators of Essential Services (OES) and Digital Service Providers (DSP) identified in the European Union’s directive on security of network and information systems (NIS Directive) invest their cybersecurity budgets and how this investment has been influenced by the NIS Directive. Data was collected through a survey of 947 organizations identified as OES/DSP across the 27 Member States – with a minimum of 35 per Member State.
The average IT spending of a typical OES/DSP in the EU was EUR 125 million in 2020 while the average spending for information security was EUR 10.4 million. In the graph below, data on investments refers to average among surveyed OES/DPS and not Member State investments.
Information security spending of OES/DSP surveyed per Member State 2020

In 2020 OES/DSP in France spent an average of EUR 8 million on information security. The Finnish organizations involved in the ENISA study spent an average of EUR 3 million on information security.
About 10% of security budgets are dedicated to the implementation of the NIS directive
The ENISA report also looked at the size of the budget allocated by OES / DSP operators to the implementation of the NIS Directive. According to the study, the average was EUR 98 000, which corresponds to about 10.5% of the security costs of the organizations involved in the study. In the graph below, data refers to average among surveyed OES/DPS and not Member State investments.
Budget allocated to implementing the NIS Directive for OES/DSP surveyed per Member State 2020

Italy, France, Austria and Poland had the highest budgets for the implementation of the NIS Directive. In Finland the average was 80 000 euros.
Read more: Enisa