CybersecurityGovernanceStrategyPolicyNCS

The new Guide to Developing a National Cybersecurity Strategy. An updated playbook for resilience

By Alessandro Ortalda 5 min read Policy & Strategy

The growing importance of National Cybersecurity Strategies

Digital transformation is reshaping governments, economies, and societies across the globe. As more services, infrastructures, and public functions move online or digitalise, cybersecurity has become a central element of national resilience.

National Cybersecurity Strategies play an essential role in coordinating national efforts in this increasingly complex environment and are a core piece of cybersecurity governance and policymaking.

The global adoption of national cybersecurity strategies continues to expand. More and more governments recognise that a coordinated national approach is essential for managing cyber risk and supporting digital development.

Year-on-year increase of countries with at least one published NCS
YoY increase of countries with a NCS. Data, analysis, and visualisation from Experiree. © 2025 Experiree strategy and advisory

However, adoption remains uneven. Approximately one third of countries worldwide have yet to adopt their first national cybersecurity strategy. At the same time, many countries that adopted strategies earlier are now entering second or third generations of strategies. In other words, the global conversation around national cybersecurity strategies is gradually shifting from “Why do we need a strategy?” to “How do we make it work effectively?”.

Global distribution of NCS's generations
Global distribution of generations across existing NCSs. Data, analysis, and visualisation from Experiree. © 2025 Experiree strategy and advisory

Here is where practical tools and guidance help policymakers.

Release of the third edition of the NCS Guide

In this context, a working group of 37 organisations from multilateral institutions, public and private sectors, academia, and civil society has released the third edition of the Guide to Developing a National Cybersecurity Strategy.

The Guide aims to provide policymakers with a practical blueprint for planning, implementing and continuously improving National Cybersecurity Strategies. It builds on the experience members of the working group gathered over the years from supporting cyber capacity development around the world.

At Experiree, we are pleased to have contributed to the development of this third edition as one of the core contributors. Working alongside the other 36 organisations, the objective was simple: develop a guide that provides practical value for policymakers and national leaders navigating the complex task of organising cybersecurity at the national level.

Key improvements in the new edition

The third edition reflects how cybersecurity and the practice of developing national strategy have evolved. A key improvement is the stronger focus on implementation. While earlier strategies often concentrated on defining priorities and objectives, governments increasingly need guidance on how to translate those priorities into concrete programmes, institutional arrangements and coordinated action across ministries and agencies.

The new edition also puts more emphasis on measurement and continuous improvement. As national strategies mature, policymakers are paying closer attention to monitoring progress, assessing the effectiveness of policies and adapting approaches over time.

At the same time, the Guide addresses the growing complexity of the digital ecosystem. The proliferation of connected devices, the rapid adoption of emerging technologies and the increasing interdependence of digital supply chains all introduce new challenges for national cybersecurity planning.

Finally, the Guide highlights the importance of international cooperation. Cybersecurity is inherently cross-border, and effective national strategies increasingly require collaboration with regional partners, international organisations and the private sector.

Our perspective: supporting the next generation of National Cyber Strategies

At Experiree, supporting governments in the development and implementation of National Cybersecurity Strategies is a core part of our work. Over the years, we have relied extensively on previous editions of the NCS Guide in our work with policymakers. These frameworks have helped structure national discussions, align stakeholders and translate complex cybersecurity challenges into concrete policy priorities.

Our contribution to the third edition draws on this practical field experience. Working with countries at different stages of maturity has shown that while contexts vary significantly, many of the underlying challenges are similar: coordinating across institutions, translating strategy into operational programmes and ensuring that policies remain able to adapt as technologies and risks evolve.

Bridging the gap between policy design and real-world implementation is often where the real work begins, and where practical guidance helps the most. Guidance such as the new edition of the Guide to Developing a National Cybersecurity Strategy can help policymakers navigate this process and build strategies that are well designed and effective in practice.

At Experiree, we remain committed to supporting governments and international partners in developing, implementing and refining national cybersecurity strategies, helping translate policy ambition into practical outcomes.