G7 Research Group G7 Information Centre
Summits |  Meetings |  Publications |  Research |  Search |  Home |  About the G7 Research Group
University of Toronto

G7 Performance on Cybersecurity, 1975–2020

Duja Muhanna, G7 Research Group
June 9, 2021

Cybersecurity is a topic of key importance for G7 members, particularly in the financial sector, where work is coordinated to protect financial systems from cyber threats. The G7 has committed to identifying and addressing cybersecurity risks, as the threat of cybercrime, the theft of personal information and compromised individual privacy have grown over recent years. Recently, the G7 has been concerned by malicious cyber activities of a growing number of state and non-state actors, and the rising threats of cyberattacks, including some involving cryptocurrencies and energy supply chains. A major ransomware attack that shut down one of America's most strategic pieces of energy infrastructure (and source of climate-warming emissions) — the Colonial Pipeline — in May this year has only shown how vulnerable countries are to similar attacks.

Although the subject of cybersecurity was first raised at the 2006 St. Petersburg Summit, the focus on cybersecurity issues intensified during the Japan's 2016 G7 presidency. That year it adopted the G7 Principles and Actions on Cyber, which promotes security and stability in cyberspace as well as the digital economy. G7 members urged all countries to join the Budapest Convention on Cybercrime to strengthen cooperation in promoting the rule of law in cyberspace, capacity building, confidence building and fighting cybercrime. The G7 Ise-Shima Leaders' Declaration contains a section on cyber, reflecting its growing importance in today's world.

At the 2017 Taormina Summit, G7 leaders endorsed the G7 Declaration on Responsible States Behaviour in Cyberspace, which reiterates most of the statements from the 2016 G7 Principles and Actions on Cyber and the Ise-Shima declaration. The 2019 Biarritz Summit produced a strategy for an Open, Free and Secure Digital Transformation. The commitments in that document include bolstering capabilities to address hybrid threats, including in the areas of cybersecurity.

The issue of cybersecurity has also been discussed in an array of G7 ministerial meetings, such as the meetings of the G7 finance ministers and central bank governors. In 2016, finance ministers published the G7 Fundamental Elements of Cybersecurity for the Financial Sector, a set of guidelines that encapsulate effective practices for global financial systems and institutions. The following year, finance ministers published the G7 Fundamental Elements for Effective Assessment of Cybersecurity in the Financial Sector, which outlines five processes for organizations to use when assessing their level of cybersecurity. 

[back to top]

The G7's Overall Cybersecurity Performance

Conclusions

G7 summits have dedicated 2,162 words of their public declarations to cybersecurity, with the first mention coming in 2006 at St. Petersburg (see Appendix A). That first mention was also the least number of words on the subject: 46 words (0.1%). Ise-Shima, where cybersecurity was a major topic, produced the most words at 1,344 words (6%). As mentioned, that summit produced a standalone document on cyber, which contained 25 paragraphs on related issues. The G7 Ise-Shima Leaders' Declaration also contained a paragraph on cyber.

Between 2017 to 2019, G7 members devoted 441 words on cybersecurity, or 1% on average per summit. In 2020, all the G7's attention was diverted by the shock of the COVID-19 crisis; the leaders met virtually to respond to the crisis in March 2020 but their regularly scheduled summit never took place.

Commitments

From 2006 to 2020, the G7 made 30 politically binding commitments on cybersecurity (see Appendix B). The first was in 2006. In 2018, it made two and in 2015 it made one, with none made in the years in between. In 2016, the number of commitments spiked to 20. Here the G7 focused on improving cybersecurity in areas such as finance, transportation and telecommunication. Commitments included "taking decisive and robust measures in close cooperation against malicious use of cyberspace both by states and non-state actors, including terrorists" and enhancing cybersecurity in the energy sector. From 2017 on, the number of commitments dropped, but attention was sustained at every summit, until COVID-19 struck. In 2017, the G7 made three cyber commitments. In 2018, it made two and in 2019 it made one. Again, 2020 had no cyber commitments.

Compliance

The G7 Research Group has assessed two of the 30 cybersecurity commitments for compliance by G7 members. Compliance averaged 84% (see Appendix C). This is higher than all subjects overall, which average 75%. The assessed commitment from 2016 had high compliance of 94%. The one from 2018 had 75%.

France, Germany, Japan and the European Union lead with 100%, having fully complied with both commitments. Canada, Italy and the United Kingdom each has 50%, having fully complied with one commitment and partially complied with the other. The United States has an average of 0% or non-compliance — it fully complied with one commitment but failed to comply with the other.

After the G7 foreign and development ministers meeting in London on May 4, 2021, British foreign minister Dominic Raab urged global cooperation to strengthen cybersecurity against state actors and criminals seeking to subvert democratic norms. Raab's statement followed a call by foreign ministers for a more coordinated approach to tackle global threats, including in cyberspace. In the G7 foreign and development ministers' communiqué, five commitments were made on cybersecurity including "a shared commitment to uphold international law, which is an essential and binding element of the framework for state action in cyberspace." The foreign ministers from Australia, India, South Africa and Korea also participated in the foreign ministers meeting, with Raab saying gaining the trust of like-minded countries cooperating on cyber was essential.

At this year's G7 leaders' summit in Cornwall on June 11–13, members will tackle global issues with security high on the agenda. It will be an important opportunity for the G7 to discuss cybersecurity concerns and push for strong commitments to enhance cyber resilience and fight cybercrime.

[back to top]

Appendix A: G7 Conclusions on Cybersecurity (2006–2020)

 

#
words

% total
words

#
paragraphs

% total
paragraphs

#
documents

%
total documents

# dedicated documents

2006

46

0.1

1

0.1

1

6

0

2007

0

0

0

0

0

0

0

2008

199

1.2

2

0.8

1

16

0

2009

0

0

0

0

0

0

0

2010

0

0

0

0

0

0

0

2011

0

0

0

0

0

0

0

2012

0

0

0

0

0

0

0

2013

0

0

0

0

0

0

0

2014

0

0

0

0

0

0

0

2015

132

1

1

0.4

1

50

0

2016

1,344

5.8

25

5.4

3

43

0

2017

151

1.7

3

1.9

2

50

0

2018

232

2

2

1.1

2

25

0

2019

58

0.8

1

0.8

1

10

0

2020

0

0

0

0

0

0

0

Total

2,162

12.6

35

10.5

11

200

0

Average

46

0

1

0

0

4

0

Note: There were no cybersecurity conclusions during the periods of 19757–2005 and 2009–2014.

[back to top]

Appendix B: G7 Commitments on Cybersecurity

Summit

Cybersecurity

2006 St. Petersburg

1

2007 Heiligendamm

0

2008 Hokkaido Toyako

2

2015 Elmau

1

2016 Ise-Shima

20

2017 Taormina

3

2018 Charlevoix

2

2019 Biarritz

1

Total

30

2006 St. Petersburg, Russia

We reaffirm our commitment to collaborative work, with our international partners, to combat the terrorist threat, including effectively countering attempts to misuse cyberspace for terrorist purposes, including incitement to commit terrorist acts, to communicate and plan terrorist acts, as well as recruitment and training of terrorists.

2008 Hokkaido Toyako 

We will strengthen our cooperation, including experience-sharing, to fight against transnational organized crime, including trafficking in persons, smuggling of migrants, illicit manufacturing of and trafficking in firearms, illicit traffic in narcotic drugs and psychotropic substances, cybercrime and money laundering.

We will reinforce our efforts to tackle a wide range of threats including the abuse of information and communication technology as well as identity-related crime.

2015 Elmau, Germany

[We will] launch a new cooperative effort on enhancing cybersecurity of the energy sector.

2016 Ise-Shima, Japan

We strongly support an accessible, open, interoperable, reliable and secure cyberspace as one essential foundation for economic growth and prosperity.

We will take decisive and robust measures in close cooperation against malicious use of cyberspace, both by states and non-state actors, including terrorists.

We endorse the G7 Principles and Actions on Cyber and commit to take decisive actions.

We strongly support an accessible, open, interoperable, reliable and secure cyberspace as one essential foundation for economic growth and prosperity.

We commit to promote a strategic framework of international cyber stability consisting of the applicability of existing international law to state behavior in cyberspace, the promotion of voluntary norms of responsible state behavior during peacetime, and the development and the implementation of practical cyber confidence building measures between states.

We commit to facilitate the free flow of information to ensure openness, transparency and freedom of the Internet, and a fair and equal access to the cyberspace for all actors of digital economy while respecting privacy and data protection, as well as cyber security.

We endorse the G7 Principles and Actions on Cyber, as set out in the Annex to promote and protect an open, interoperable, reliable and secure cyberspace.

We decide to establish a new G7 working group on cyber to enhance our policy coordination and practical cooperation to promote security and stability in cyberspace.

We also commit to our continuous work on enhancing cybersecurity in energy sector and strengthening our cooperation in the field of electricity security.

Increase cooperation and G7 donor coordination in affected regions including Asia, in addition to already existing coordination mechanism in areas such as countering violent extremism, aviation security, border security and cyber-related capacity.

We emphasize our commitment to a multi-stakeholder approach to Internet governance.

We enjoy the same human rights online as well as offline, we dedicate ourselves to promoting and protecting human rights and principles of rule of law online.

We pledge to take decisive and robust measures in close cooperation against malicious use of cyberspace both by states and non-state actors, including terrorists.

We commit to promote a strategic framework of international cyber stability consisting of the applicability of existing international law to state behavior in cyberspace, the promotion of voluntary norms of responsible state behavior during peacetime, and the development and the implementation of practical cyber confidence building measures between states.

We support the continued development and implementation of cyber confidence building measures between states to promote trust and reduce the risk of conflict stemming from the use of ICTs.

We endeavor to strengthen our cooperation to promote security and stability in cyberspace, including through the promotion of cooperation among national computer security incident response teams, capacity building, and awareness raising.

We commit to enhance cybersecurity threat information sharing

[We commit] cooperate for improvement of cybersecurity of critical infrastructure such as finance, energy, transportation, and telecommunication.

We commit to promote collaboration on research and development in security, privacy, and resilience that accelerates prosperity, protects innovations, and enhances security in cyberspace.

We commit to close collaboration to promote cybersecurity at large international events such as Olympic/Paralympic Games and multilateral summit meetings when hosted within one of the G7 countries.

2017 Taormina, Italy

The recent cyber attacks hitting critical infrastructures worldwide reinforce our commitment to increased international cooperation to protect an accessible, open, interoperable, reliable and secure cyberspace and its vast benefits for economic growth and prosperity.

We will work together and with other partners to tackle cyber attacks and mitigate their impact on our critical infrastructures and the well-being of our societies.

[We commit ourselves to] strengthening cyber-related capacities.

2018 Charlevoix, Canada

We will work together to enforce existing international rules and develop new rules where needed to foster a truly level playing field, addressing in particular non-market oriented policies and practices, and inadequate protection of intellectual property rights, such as forced technology transfer or cyber-enabled theft.

Investing in cybersecurity, the appropriate enforcement of applicable privacy legislation and communication of enforcement decisions

2019 Biarritz, France

We will continue to bolster our capabilities to address hybrid threats, including in the areas of cybersecurity, strategic communications and counter-intelligence.

[back to top]

Appendix C: Cybersecurity Compliance Scores

 

Canada

France

Germany

Italy

Japan

United Kingdom

United States

European Union

 

Average

2016 Commitment

+1

+1

+1

0

+1

+1

+1

+1

94%

Average

100%

100%

100%

50%

100%

100%

100%

100%

 

2018 Commitment

0

+1

+1

+1

+1

0

−1

+1

75%

Average

50%

100%

100%

100%

100%

50%

0

100%

[back to top]

Duja Muhanna is a research analyst with the G7 and G20 Research Groups. She joined the G7 Research Group in 2013 and has served as a compliance analyst and lead analyst. She was a member of the field summit team at the G7 summit in Charlevoix in Canada in 2018. She also worked as a knowledge management advisor for the 2020 G20 Saudi Presidency. Duja graduated from the University of Toronto with an honours bachelor of arts in political science and history with a focus in international relations.

[back to top]


G7 Information Centre

Top of Page
This Information System is provided by the University of Toronto Libraries and the G7 Research Group at the University of Toronto.
Please send comments to: g7@utoronto.ca
This page was last updated June 09, 2021.

All contents copyright © 2021. University of Toronto unless otherwise stated. All rights reserved.