The WBA Digital Inclusion Benchmark measures and ranks the world's most influential companies on their efforts to advance digital inclusion, tracking how companies are expanding access to digital technologies, improving digital skills and literacy, and ensuring safe and inclusive digital environments for all. The 2026 edition assessed 200 companies across key sectors of the digital economy including telecommunications, software, hardware, and digital platforms. The benchmark is developed in close collaboration with an Expert Review Committee and partners including GRI, ITU, and the Alliance for Affordable Internet, with a methodology designed to incentivise companies to understand where digital exclusion risks are highest and act to bridge the digital divide, while keeping human rights and social impacts at its core.
More information can be found
here.
Cybersecurity threats discourage Internet use as they give rise to fears about online safety. Digital companies are at particular risk as the digital industry is one of the most targeted by cybercriminals.xix Yet, companies often do not assign sufficient high-level accountability for cybersecurity. The United States Securities and Exchange Commission requires public companies to disclose cybersecurity risks and incidents.xx Companies need to assure stakeholders that they take cybersecurity seriously and assign high-level accountability and resources to maintaining it.
Senior-level oversight of cybersecurity can serve to indicate that the company dedicates appropriate accountability, managerial capacity and resources to preventing, mitigating and resolving cybersecurity risks.xxi If companies are proactive about cybersecurity, digital inclusion will improve because users will feel safer using digital technologies.
Rapid response to information security incidents is essential. Companies have created special units (e.g. computer emergency response team, computer security incident response team) to protect, detect and respond to cybersecurity incidents. As cyber threats often extend across borders, global cooperation is essential. The Forum of Incident Response and Security Teams, with over 500 members, fosters global ‘cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large’.xxii
Research Guidance:
The companydisclosesa document(s) or an equivalent webpage(s) that explains how cybersecurity is managed within the organisation. The company must provide a structured and operationally specific description of its cybersecurity management processes, not just a general statement of intent.
For this element to be met, the company should:1) explain how the company identifies vulnerabilities in its information systems that may pose a data security risk;2) describe the company's operational response to identified cybersecurity risksand vulnerabilities,such asoperational procedures, management processes, product structures, business partner selection, employee training, and use of technology.
The document should show a systematic and proactive cybersecurity management approach, rather than isolated measures. The focus must be on the company‚s internal cybersecurity management, not customer-facing product security.
The company mustdisclosethat it has a process for protecting the following from cyber threats: data (e.g. internal, customer, or partner data), information systems (e.g. IT networks, infrastructure, applications), users (e.g. employees, customers, or third-party users interacting with the company‚s digital systems)