The WBA Digital Inclusion Benchmark measures and ranks the world's most influential companies on their efforts to advance digital inclusion, tracking how companies are expanding access to digital technologies, improving digital skills and literacy, and ensuring safe and inclusive digital environments for all. The 2026 edition assessed 200 companies across key sectors of the digital economy including telecommunications, software, hardware, and digital platforms. The benchmark is developed in close collaboration with an Expert Review Committee and partners including GRI, ITU, and the Alliance for Affordable Internet, with a methodology designed to incentivise companies to understand where digital exclusion risks are highest and act to bridge the digital divide, while keeping human rights and social impacts at its core.
More information can be found
here.
Cybersecurity threats discourage Internet use as they give rise to fears about online safety. Digital companies are at particular risk as the digital industry is one of the most targeted by cybercriminals.xix Yet, companies often do not assign sufficient high-level accountability for cybersecurity. The United States Securities and Exchange Commission requires public companies to disclose cybersecurity risks and incidents.xx Companies need to assure stakeholders that they take cybersecurity seriously and assign high-level accountability and resources to maintaining it.
Senior-level oversight of cybersecurity can serve to indicate that the company dedicates appropriate accountability, managerial capacity and resources to preventing, mitigating and resolving cybersecurity risks.xxi If companies are proactive about cybersecurity, digital inclusion will improve because users will feel safer using digital technologies.
Rapid response to information security incidents is essential. Companies have created special units (e.g. computer emergency response team, computer security incident response team) to protect, detect and respond to cybersecurity incidents. As cyber threats often extend across borders, global cooperation is essential. The Forum of Incident Response and Security Teams, with over 500 members, fosters global ‘cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large’.xxii
Research Guidance:
The company has an established security incident response team responsible for managing cybersecurity incidents that may affect the organisation. The company must disclose the existence of a formal security response team‚Äîsuch as a CERT (Computer Emergency Response Team), CSIRT (Computer Security Incident Response Team), PSIRT (Product Security Incident Response Team), or a functionally equivalent team. The team may exist at a business unit level, provided it carries out incident response for that part of the company. The team must address organization-wide cybersecurity threats, including internal systems, enterprise infrastructure, and supply chain vulnerabilities. A customer-only incident response team (e.g. one that responds only to customer data breaches or external-facing services) is not accepted. The presence of the word ‚response‚ and evidence of remediation capabilities are critical to assess this element.