The Legal and Regulatory Framework was based on whether laws and policies maximize the value of the Internet and cyberspace, favoring openness, security, and collaboration. Security and openness were not seen as contradictory since some measures work to benefit both. Economic and Social Context measured societies’ capacity to adopt information technology into their lives. Technology Infrastructure was defined as “core infrastructure; mechanisms and incentives to invest, invent, and innovate; and strategies to improve” in order to develop and maintain cyber power. Lastly, Industry Adoption compared countries abilities to integrate cyber technologies into their core industries such as health, finance, and energy.
Overall, several trends emerged. The countries near the top, the UK, the US, Australia, Germany, and Canada, were developed Western countries with a long history of Internet use. While there were minor differences across factors, these countries were fairly consistent, ranking in the top 7 for all 4 categories. There was also a large discrepancy between the best and worst performers, with Great Britain achieving a total score roughly three times as high as Saudi Arabia. The United States was a close second to the UK in Legal and Regulatory Framework, first in Economic and Social Context, a more distant second behind the UK in Technology Infrastructure Adoption, and third in Industry Application behind Australia and South Korea. Despite concerns over Chinese and Russian cyber attacks, both countries ranked near the bottom in Legal and Regulatory Framework and Technology Infrastructure, implying difficulty developing and implementing security policy. From the results, technical skills, high educational attainment levels, open trade policies, and an innovative business environment were discovered to be the foundation to cyber power and excelling across categories.