Cybersecurity – a Priority in the Digital Transformation Journey

July 1, 2026
Three illustrated icons of cybersecurity concepts featuring people interacting with phones and laptops.

Two Sides of Digitalization

The advent of digital technologies has significantly transformed the development landscape by expanding access to information, services, and markets at unprecedented speed and scale. However, there are two sides to digitalization.

On one hand, digital technologies can accelerate developmental progress by fostering social, economic and digital inclusion. This is evident in the proliferation and use of mobile phones and mobile connectivity. The International Telecommunication Union (ITU) estimated that in 2025, 6 billion people, approximately three quarters of the world’s population were internet users. In countries where physical infrastructure is limited, internet connectivity and digital applications enable citizens in rural or remote areas to access education, healthcare and government services. Online communication and learning platforms allow students to access lessons that may otherwise be unavailable due to shortages of schools or teachers. Telemedicine applications allow patients to consult doctors without travelling long distances, improving early diagnosis and treatment outcomes.

Beyond fostering inclusion, digital technologies can also improve national capacities and governance, enhancing the effectiveness and reach of public service delivery. For instance, digital public infrastructure (DPI), such as digital identification systems, payment platforms, and data-sharing frameworks enable seamless interaction between governments, businesses, and citizens. DPI helps facilitate delivery of government services more efficiently and transparently. It lowers barriers to accessing essential services and makes it easier for governments to distribute social benefits directly to citizens, reducing corruption and administrative delays.

On the other hand, the increased prevalence of digital technologies increases societal and systemic risk, including through broader cybersecurity risks, as well as increases individuals’ exposure to potential online harms. Technology may be misused to conduct malicious activities such as phishing scams, impersonating legitimate individuals or organisations to trick individuals and steal their account login credentials, financial information and personal data. Social media platforms may be used for cyber bullying or disinformation campaigns¹.

Cybersecurity Risks and Potential Impact of Cyber Attacks

Digitalization concentrates activities, data, and critical functions into highly interconnected systems, significantly expanding the cyber-attack surface — the sum of digital and physical pathways that can be exploited to gain unauthorized access or launch an attack. The very features that make digital ecosystems so powerful, such as their connectivity, interoperability, scalability, and data-centricity, also introduce severe risks. As more devices, users, and platforms come online, the number of potential entry points for attackers increases. This growing dependency on interconnected technologies compounds vulnerability.

When digital technologies and infrastructure are integrated across organisations and sectors, a breach in one system can trigger cascading disruptions across others, particularly where services depend on shared systems, infrastructure or data flows. A successful cyber-attack could result in business disruption, financial loss, disruption of essential services, and in the worst scenarios, cascading failures that may indirectly lead to the loss of life.

The ransomware attack² on Sri Lanka’s government cloud infrastructure in 2023 compromised more than 5,000 official email accounts and led to permanent data loss. Similarly, a ransomware attack on the Costa Rican government in 2022, started with a breach of a single system but spread across multiple government agencies, disrupting tax collection, customs operations, healthcare services, and public sector payroll. The incident reportedly cost the country an estimated USD 30 million per day, amounting to roughly 2.4% of its annual GDP. Incidents like these illustrate that a successful cyber-attack can have severe and devastating impact on a country’s ability to function and growth.

In 2020, a ransomware attack on the Dusseldorf Hospital rendered the hospital computer systems inoperable, forcing a patient to be redirected to another hospital during which the patient passed away. This was the first confirmed death linked to a cyber-attack, demonstrating how attacks on digital systems can have cascading effects and endanger lives.

In a cyber-attack on Ukraine’s power grids in 2015, threat actors managed to install malicious software to get remote access to computer systems at power generation firms in Ukraine, allowing them to flip circuit breakers turning off power to 225,000 people in Ukraine. Similarly, in 2016, another attack resulted in a blackout that lasted about an hour and amounted to a loss of about one-fifth of Kiev’s power consumption at that time. These incidents illustrate that while digitalization is useful to scale and deliver essential services, the scalability and interconnectedness of digital technology also expands the reach and severity of a system compromise.

From the individual’s perspective, according to the Global Anti-Scam Alliance (GASA) Global State of Scams Reports, the scale of scams threat is staggering: the 2024 report estimated global scam losses at a monumental one trillion dollars, while the 2025 report identified $442 billion in losses across the 42 countries surveyed. Globally, more than half of people around the world have been exposed to a digital scam in the last 12 months. Threat actors now exploit these vast digital landscapes, sending an estimated 3.4 billion phishing emails globally every day, with over 82% utilizing artificial intelligence to more effectively impersonate legitimate individuals or organisations to trick individuals and steal their account login credentials, financial information, and personal data.

Cybersecurity a Priority in the Digital Transformation Journey

As countries embark on their digital transformation journey, digital adoption often outpaces the development of cybersecurity capacity, particularly in developing countries. Digital systems are deployed rapidly without adequate safeguards, leaving critical infrastructure and sensitive data exposed to cyber threats. This is because the benefit of strong cybersecurity is not immediately tangible. It is only when a breach or system compromise occurs that the absence of adequate protection is felt, and the true importance of cybersecurity becomes clear. As such, compared to other more immediate national goals such as driving economic growth and expanding connectivity, security considerations are often treated as an afterthought.

However, cybersecurity is an enabler. It allows countries to reach the full potential and enjoy the full benefits of their digital transformation. Research shows that countries with higher levels of national cybersecurity commitments are less prone to cyber-attacks and can also boost economic performance. Specifically, developing countries could increase GDP per capita by 1.5% over a decade if they are able to significantly reduce the number of cybersecurity incidents.

While digitalization can facilitate and accelerate development, digitalization without strong cybersecurity, can undermine or even reverse these gains. Proactive government intervention is vital to ensure that the pace of digital transformation does not outstrip their ability to secure it, leaving critical systems, economic growth, and public trust increasingly vulnerable to cyber threats. Developing a national cybersecurity strategy is a critical first step in which governments can define, organize and prioritize their cybersecurity goals and efforts. However, many countries have a significant cyber-capacity gap: they are looking to enhance their cybersecurity but face resource limitations in terms of staffing, access to equipment and sustainable funding.

UNDP is committed to helping countries build capacity to design and develop cybersecurity policies as part of our digital transformation efforts, that will enable countries to enjoy fully the benefits of digitalization and to achieve their sustainable development goals.

¹ Disinformation is defined as false information spread deliberately in order to deceive people.

² Ransomware is a type of malicious software designed to encrypt a victim’s data or lock them out of their device, demanding payment to restore access.

This is the first blog of the Cybersecurity Series. The next blog will explore how AI can change the cybersecurity scene.