World Bank Programme

PROGRESS is the sector methodology developed at Tel Aviv University. The World Bank Sectoral Cybersecurity Maturity Model (SCMM) applies that logic with World Bank development teams inside project and advisory cycles.

In 2021 to 2023, the Cyber Resilience Laboratory (TAU CRL) provided customized and practical roadmaps for improvement in four sectors across 11 countries in Asia and Africa.

To support cyber resilience in critical sectors, the World Bank Digital Development (DD) team, in collaboration with Tel Aviv University's Blavatnik Interdisciplinary Cyber Research Center (ICRC) and the Cyber Resilience Laboratory (CRL), developed the new Sectoral Cybersecurity Maturity Model.

The World Bank Group, which committed $118.5 billion in financing across loans, grants, equity, and guarantees in fiscal year 2025, increasingly treats cyber resilience as a precondition for safe digital transformation. It is working to integrate cybersecurity assistance into infrastructure projects, guide beneficiary countries on protecting critical infrastructure, and manage cyber risks to its debt portfolio. Tel Aviv University partnered with the World Bank to develop the Sectoral Cybersecurity Maturity Model (SCMM), along with its methodology and user guide. The SCMM is a key tool in the World Bank's project cycle for cybersecurity.

The SCMM is the primary tool of the World Bank's new Critical Infrastructure Protection (CIP) Toolkit, used throughout the project cycle.

From assessment to roadmap

World Bank and Cyber Week descriptions of SCMM use the sequence below: examine a critical sector, identify and analyze gaps, then develop a roadmap to mature the sector's ability to manage cyber risk.

Where we applied it

The flagship programme (2021 to 2023) spans four sectors (financial, healthcare, electricity, and telecommunications) across 11 countries in Asia and Africa. Financial services form the largest cluster in documented coverage, followed by healthcare, telecommunications, and electricity. Country, sector, and programme year are summarized in the table; the map gives a geographic view.

Countries where the sectoral approach was applied.

What it delivered

Sources and References

Core sources, event records, and research references for the World Bank SCMM work.

1) Core document

• World Bank SCMM report - Primary source for model scope, publication details, and official reference metadata.

2) Event records and source trail

• World Bank seminar page (June 21, 2023) - Official event context, venue format, and discussion framing.
• World Bank Cyber Resilience Event Series - Programme-level context for seminar and training activity.
• Cyber Week 2023 event page - Agenda, participants, and institutions.
• Cyber Week 2023 gallery - Visual record linked to the same event.
• SCMM session recording - Video record used in the source chain.

3) Research trace

• PROGRESS peer-reviewed article (Springer) - Academic publication connecting method and implementation.

Implementation context

Digital Development Partnership (DDP). Through the DDP, TAU CRL explores cooperation on sectoral cyber assessments and framework development that can help optimize efforts and investments in digital transformation. Contact the CRL to discuss engagement.

Cybersecurity Multi-Donor Trust Fund. Israel participates in the Cybersecurity Multi-Donor Trust Fund under the DDP Umbrella Program, focused on sharing cybersecurity expertise to support growth in emerging economies, digital transformation, and secure adoption of new digital opportunities.

GFCE. CRL participants contribute to Global Forum on Cyber Expertise (GFCE) activities and related international dialogue, in coordination with Tel Aviv University's Blavatnik ICRC participation. GFCE is one forum for capacity-building exchange.

Next geographies and sectors

New country coverage depends on borrower demand and how task teams scope cybersecurity inside World Bank projects and TA. Published sector maturity methodology, the Sectoral Cybersecurity Maturity Model (SCMM), remains in the World Bank's formal document catalogue for operational reference. Additional geographies and sectors follow standard development-finance partnership channels (for example DDP-aligned trust mechanisms). Contact the CRL on collaboration.

Frequently asked questions

What is the main result of the World Bank collaboration?

From 2021 to 2023, TAU CRL supported sector assessments that produced practical cyber-resilience roadmaps across four sectors in 11 countries.

Which sectors were covered?

Financial services, healthcare, telecommunications, and electricity.

Which World Bank sources show SCMM after 2023?

The Sectoral Cybersecurity Maturity Model (SCMM) stays published as Bank reference material tied to strengthening cyber resilience in developing countries.

The Korea Digital Development Program completion report (P177256, cleared June 2024) describes task-level coordination between the KoDi initiative and Digital Development Global Practice, including dissemination of the Sectoral Cybersecurity Maturity Model alongside critical-infrastructure cybersecurity work.

Whether a scheduled project adopts SCMM-style diagnostics is determined in each operation; CRL does not certify country-by-country use.

Where can I review official references and findings?

Sources and References: World Bank SCMM landing page, seminar and event URLs, Cyber Week listings, Springer article.