World Bank experts urge more investment in DPI security, resilience

Three World Bank experts have cautioned that the rapid deployment of digital public infrastructure (DPI) must be matched with security preparedness which is a key element that enhances trust.

The trio of Idah Pswarayi-Riddihough (Global Director, Digital Solutions, Digital Vice Presidency), Ghislain de Salins (Global Lead for Cybersecurity, Digital Transformation), and Marie Eichholtzer (Digital Development Specialist with the Identification for Development (ID4D) program), made their case in a recent World Bank blog.

In their argument which is apparently inspired by conversations during the Global DPI Summit in Cape Town last month, they acknowledge the massive gains that DPI systems can bring forth such as in the areas of enabling faster welfare delivery, easier access to healthcare, and general interest services.

This notwithstanding, it is their view that DPI rollout, especially in developing economies, doesn’t get the appropriate security considerations it should, due to lack of investment in cybersecurity and resilience programs.

Per the authors, insecure DPI systems undermine trust, which of course determines the level of adoption and impact. Without trust, they argue, citizens are likely to avoid digital services and revert to analog alternatives which can lead to stagnation in digital inclusion efforts.

Such security risks, the writers say, are even higher these days with AI-driven security threats as cyber criminals exploit vulnerabilities as more services get digitally connected.

They cite an example of 2022 in Costa Rica where a ransomware attack hit hospital and tax systems costing the state losses which were equivalent to about 2.4 percent of the country’s GDP.

For countries building DPI system, the authors propose four concrete steps which they can take in order to strengthen their security architectures, and make their systems trustworthy and potentially more impactful.

Priorities for DPI security

Mainstreaming basic cyber hygiene should be a priority, according to the experts, who suggest that common vulnerabilities can be plugged through measures such as asset inventories, regular system updates, deploying multi-factor authentication, and conducting awareness campaigns. They also make the case for investment in Computer Security Incident Response Teams (CSIRTs) which they say only 20 percent of low-income countries have fully functional ones.

Other priorities, according to them, include investing in security-by-design DPI systems and requiring compliance with international standards in procurements, strategic partnerships with the private sector like Vietnam’s partnership with Google which enabled the launch of a badge for official government app to help people avoid fake apps, and scaling innovative practices by introducing aspects like bug bounty programs that allow ethical hackers to report vulnerabilities. The Aadhaar digital ID system is an example in this regard, having launched a bug bounty initiative in 2022.

Four foundations for AI readiness

The advocacy by the trio of experts on DPI security and resilience comes at a time the World Bank has also released the Digital Progress and Trends Reports 2025. The report looks at the state of AI readiness and recommends what countries must do in order not to be left behind in the AI race.

Per report, there are four critical foundations which countries must invest in. They include connectivity which must be reliable and affordable, compute to facilitate access to processing power for things like AI chips, aligning AI with contextual needs, and building the necessary competency in digital and AI skills.

The report notes that despite the challenges in AI adoption, countries are actively adopting “small AI solutions” which are “more affordable, easier-to-use applications designed to run on everyday devices like mobile phones.”

In order to strengthen those efforts and make AI more commonplace, the report calls on governments to implement other measures which include improving data governance, privacy, and AI safety frameworks; modernizing education and labour policies; and promoting open, responsible AI and avoiding overregulation that stifles local innovation.

Article Topics

cybersecurity  |  digital identity  |  digital public infrastructure  |  digital trust  |  World Bank