The Ministry of Digital Transformation, together with the State Service of Special Communications and Information Protection of Ukraine, the National Cybersecurity Coordination Centre at the National Security and Defence Council of Ukraine, and BRDO, presented a draft National Cyber Hygiene Strategy — a visionary document that defines how Ukraine will systematically develop a culture of secure online conduct by 2030.
The Strategy aims to build sustainable skills for secure online behaviour, enabling Ukrainians to use technology confidently and responsibly.
The document outlines three strategic objectives, each with an implementation plan featuring specific actions and measurable outcomes. This framework allows for progress assessment and evidence-based policy adjustments.
“Ukraine already ranks among the world’s top five countries for digital public services and was the first to introduce digital passports, online marriage, and hundreds of services through the Diia application. Today, over 23 million Ukrainians use 30 digital documents and 60 services, as the state transforms into a service that is convenient, efficient, and user-centric. We are building an ecosystem of solutions—from Diia.Business and Diia.Osvita to Diia.City and Diia.Engine—to ensure every citizen can learn, work, and remain secure online. The draft National Cyber Hygiene Strategy is the next step: common security standards for citizens, businesses, and the state. This is the foundation for a future where Ukraine is not only a digital leader but also a symbol of secure and conscious technology use,” stated Valeriia Ionan, Advisor to the First Vice Prime Minister – Minister of Digital Transformation of Ukraine on Innovations, Digitalisation, and Global Partnerships.
By 2030, the draft strategy envisions:
- training 4 million Ukrainians in digital skills and increasing digital literacy by 2% annually;
- engaging 2 million citizens in cyber hygiene programmes and increasing public awareness by 10%;
- implementing security standards in 90% of state institutions and conducting a pilot with 100 large companies;
- ensuring that 80% of civil servants obtain a cyber hygiene certificate;
- integrating cyber hygiene courses into 10% of schools by 2027 and 20% by 2030;
- strengthening awareness among vulnerable groups, including minors, older adults, and veterans.
“The level of cyber threats is growing daily; therefore, a culture of cyber hygiene is not just about personal caution but about national resilience. We want every Ukrainian—from schoolchildren to civil servants—to understand the fundamental principles of security in the digital environment and apply them in daily life. This draft strategy creates a systemic framework that will help the state, businesses, and citizens become more resilient to cyber threats,” noted Vitalii Balashov, Deputy Minister of Digital Transformation of Ukraine for Cybersecurity.
The draft strategy incorporates the cyber hygiene recommendations stipulated in the European NIS2 Directive and the best practices implemented by ENISA, which define core cyber hygiene standards:
- multi-factor authentication;
- vulnerability management;
- data backup;
- regular user training.
“During the war, our state has demonstrated progress not only in digital transformation but also in cybersecurity. The National Cyber Security Index (NCSI) showed that in 2020, Ukraine ranked 25th out of 120 countries, and this year, we have risen to 13th. I believe that this strategy, once adopted, will earn us additional points, allowing us to climb several more places and secure a strong position among the top ten leading nations,” said Oleksandr Potii, Chairman of the State Service of Special Communications and Information Protection of Ukraine.
The strategy also draws on the experience of the USA, UAE, Estonia, Singapore, Finland, and Japan, where state-run cyber hygiene training programmes are already in place.
Discussions on the draft Strategy involved the Ministry of Digital Transformation, the SSSCIP, the NCSCC at the NSDC of Ukraine, the National Bank of Ukraine, the Cyberpolice, and the BRDO, as well as analytical and technology partners such as Cyber Unit Technologies, The State Cyber Protection Centre of the SSSCIP of Ukraine, the Centre for Countering Disinformation, Molfar, and the National University of Kyiv-Mohyla Academy.
“During the war, cyberspace has become another front in the conflict. Adhering to digital security rules is a daily practice that enhances our collective resilience. The enemy actively exploits the human factor, so systemic cyber hygiene in government bodies, military structures, critical infrastructure, business, and education is an integral component of cybersecurity. This is a matter not only of technology but also of awareness, discipline, and responsibility,” emphasised Nataliia Tkachuk, Secretary of the NCSCC at the NSDC of Ukraine.
The event was attended by over 150 representatives from state institutions, business, the financial sector, education, and the cyber community.
“We have been living in a state of war for over eleven years, and cyber threats have become a constant backdrop to our reality. The enemy relentlessly seeks our vulnerabilities—in the state, in business, and in critical infrastructure. To withstand this and counter it, we need an effective state—one that acts proactively, rather than reacting after the fact. That is why the emergence of the National Cyber Hygiene Strategy is a logical and timely step. It fosters a security culture where everyone, from civil servants to entrepreneurs, understands their role in our collective defence. Cyber resilience begins not with technology, but with an awareness of cyber threats, shared discipline, and daily habits that make us stronger as a society and as a state,” commented Oleksii Voloshyn, an advisor at the Better Regulation Delivery Office (BRDO).
Ukraine is already systematically teaching citizens digital skills on the Diia.Osvita platform. To date, Ukrainians have received over 4.9 million certificates, including more than 1.1 million for cyber hygiene training. The ‘Digital Competence’ test, which helps assess digital skills, has already been completed by 1.5 million users.
These results demonstrate that cyber hygiene is already becoming part of a daily culture of security—from the personal actions of every Ukrainian to state policy.
Join in developing your own cyber resilience on Diia.Osvita.
The presentation was held with the support of the US Cybersecurity for Critical Infrastructure in Ukraine Activity, which the U.S. Government funds.