The WBA Digital Inclusion Benchmark measures and ranks the world's most influential companies on their efforts to advance digital inclusion, tracking how companies are expanding access to digital technologies, improving digital skills and literacy, and ensuring safe and inclusive digital environments for all. The 2026 edition assessed 200 companies across key sectors of the digital economy including telecommunications, software, hardware, and digital platforms. The benchmark is developed in close collaboration with an Expert Review Committee and partners including GRI, ITU, and the Alliance for Affordable Internet, with a methodology designed to incentivise companies to understand where digital exclusion risks are highest and act to bridge the digital divide, while keeping human rights and social impacts at its core.
More information can be found
here.
Cybersecurity threats discourage Internet use as they give rise to fears about online safety. Digital companies are at particular risk as the digital industry is one of the most targeted by cybercriminals.xix Yet, companies often do not assign sufficient high-level accountability for cybersecurity. The United States Securities and Exchange Commission requires public companies to disclose cybersecurity risks and incidents.xx Companies need to assure stakeholders that they take cybersecurity seriously and assign high-level accountability and resources to maintaining it.
Senior-level oversight of cybersecurity can serve to indicate that the company dedicates appropriate accountability, managerial capacity and resources to preventing, mitigating and resolving cybersecurity risks.xxi If companies are proactive about cybersecurity, digital inclusion will improve because users will feel safer using digital technologies.
Rapid response to information security incidents is essential. Companies have created special units (e.g. computer emergency response team, computer security incident response team) to protect, detect and respond to cybersecurity incidents. As cyber threats often extend across borders, global cooperation is essential. The Forum of Incident Response and Security Teams, with over 500 members, fosters global ‘cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large’.xxii
Research Guidance:
Cybersecurity refers to the safeguarding of digital assets and infrastructure from cyberattacks, and it is distinct from,but mayinclude,data privacy.
The company mustdisclosea formal statement approved at the highest level (e.g. board of directors, executive leadership) that includes specific commitment(s)to cybersecurity. A generic or high-level mention of security or privacy is not sufficient.The statement must explicitly mention ‚cybersecurity‚,‚information security‚,or recognized synonyms.The statementmustdefinewhat is covered(e.g. systems, personnel, third parties, data, users) anddistinguishcybersecurity from general IT or data protection.
This element requires a company to make a commitment in aformalpublicly disclosedgovernance document such as standalone cybersecurity policy, code of conduct, corporate governance statement, business principles, dedicated webpage. WBA does not accept a commitment found in a report (e.g. an annual or sustainability report that is updated annually) even if the company explains that it is company policy and/or it is approved by the highest governing body. This requires the company to make a commitment using strong languagesuch as, but not limited to‚We respect‚,‚We commit to respect‚,‚We adhere to‚,‚We uphold‚,‚We are committed to‚.