Pacific Islands close ranks on cybercrime as digital threats escalate
PACIFIC SECURITY · DIGITAL GOVERNANCE
June 2026 · Based on PILON Nadi Meeting & ITU GCI 2024 data
Legal architects from eleven Pacific nations convened in Nadi, Fiji this month to finalise a landmark regional handbook — the clearest signal yet that the Blue Pacific Continent is treating cyber sovereignty as a collective imperative, not a national afterthought.
The Pacific Islands Law Officers Network (PILON) Cybercrime Legislation Implementation Handbook Subcommittee brought together senior legal representatives from Fiji, Tonga, Vanuatu, Samoa, Nauru, the Cook Islands, Papua New Guinea, Solomon Islands, the Republic of the Marshall Islands, Kiribati and Australia, alongside technical experts from the Council of Europe. The gathering — the third in-person meeting of its kind — marks a turning point in how the region collectively frames cybercrime as a shared legal and sovereign challenge.
Opening proceedings, Fiji's Acting Attorney-General Siromi Turaga framed the initiative in language that went beyond legislation. "We are all dedicated to a shared and vital cause: safeguarding our digital borders and strengthening the rule of law across our Blue Pacific Continent," he said. The handbook is designed to protect communities, secure economies and empower legal systems for generations.
"It is a handbook that will enable those who are a little further behind to catch up quickly and become part of the international and regional effort to combat cybercrime." — Linda Folaumoetu'i, Attorney-General of Tonga & PILON Cybercrime Working Group Chair
The handbook — expected to be finalised before the 2026 PILON Annual Meeting — will cover three core areas: policy development, legislative drafting, and practical implementation. It is designed as a tiered tool, allowing nations at different stages of cyber maturity to adapt the guidance to their specific legal contexts.
A region catching up — and catching on
The Nadi meeting comes against a backdrop of escalating threats. The Pacific Security Outlook 2023–2024 noted that Pacific nations continue to show varying levels of cybersecurity maturity, with most lacking effective cybersecurity policies or legal frameworks. Phishing remains the most prevalent threat, followed by ransomware and malware. State-sponsored actors have targeted critical government infrastructure in Vanuatu and telecommunications networks in the Marshall Islands with highly disruptive effects.
Yet the data also reveals a region actively mobilising. The ITU's Global Cybersecurity Index (GCI) 2024 shows significant score gains across multiple Pacific nations over the past four years. Vanuatu recorded one of the strongest improvements globally, rising from 12.88 in 2020 to 69.29 in 2024. Papua New Guinea climbed to 62.6 and Kiribati surged to 55.64, both surpassing the 2020 SIDS average of 22 with considerable room to spare.
From Budapest to the Blue Pacific
Fiji's own trajectory illustrates how international frameworks are being domesticated. The country has acceded to the Budapest Convention on Cybercrime — the gold standard for national cyber legal frameworks — and signed the UN Convention Against Cybercrime in December 2025. Domestically, the Cybercrime Act 2021 sits alongside the National Digital Strategy 2025–2030 and the National Cybersecurity and Resilience Strategy 2026–2031, providing a coherent policy stack that smaller nations are now looking to emulate.
Tonga's chair of the PILON Cybercrime Working Group, Linda Folaumoetu'i, placed the handbook explicitly in this international context. The document is designed to anchor Pacific nations within the broader global legal architecture, lowering the technical and resource barriers that have historically prevented smaller island states from translating political will into enforceable law.
Cyber Maturity Table — Pacific Island Nations (ITU GCI 2024)
| Country | GCI 2024 | GCI 2020 | Change | Maturity Tier | Budapest Convention |
|---|---|---|---|---|---|
| Vanuatu | 69.3 | 12.9 | +56.4 | Tier 1 – Pioneering | ★ Yes |
| Papua New Guinea | 62.6 | 26.3 | +36.3 | Tier 1 – Pioneering | No |
| Kiribati | 55.6 | 13.8 | +41.8 | Tier 2 – Advancing | No |
| Fiji | 53.8 | 29.1 | +24.7 | Tier 2 – Advancing | ★ Yes |
| Samoa | 43.1 | 29.3 | +13.8 | Tier 2 – Advancing | No |
| Tonga | 33.8 | 21.0 | +12.8 | Tier 3 – Establishing | No |
| Nauru | 21.6 | 21.4 | +0.2 | Tier 3 – Establishing | No |
| Tuvalu | 20.3 | 5.8 | +14.6 | Tier 3 – Establishing | No |
| Solomon Islands | 17.7 | 7.1 | +10.6 | Tier 4 – Building | No |
| Marshall Islands | 14.2 | 4.9 | +9.3 | Tier 4 – Building | No |
| Micronesia | 8.8 | 0.0 | +8.8 | Tier 4 – Building | No |
Maturity tiers: Tier 1 Pioneering (≥60), Tier 2 Advancing (35–59), Tier 3 Establishing (20–34), Tier 4 Building (<20). Sources: ITU Global Cybersecurity Index 2024; Pacific Ecommerce Initiative; Pacific Security Outlook 2023–24.
What comes next
The PILON handbook is expected to be adopted at the 2026 PILON Annual Meeting, at which point member countries will be encouraged to initiate formal review cycles of their domestic cybercrime legislation against the handbook's benchmarks. Observers note that for the framework to endure, it will need to be accompanied by sustained investment in institutional capacity — trained digital forensics officers, adequately resourced cybercrime prosecution units, and reliable information-sharing protocols between national CERTs.
For the Pacific, the stakes extend beyond individual nations. As digital infrastructure — undersea cables, satellite connectivity, mobile banking — becomes the connective tissue of regional trade and governance, the weakest link in any chain represents a vulnerability for all. The Nadi meeting is both a recognition of that interdependence and a concrete step toward closing the gaps that adversaries have long exploited.
This article builds on reporting from the PILON Cybercrime Legislation Implementation Handbook Subcommittee meeting in Nadi, Fiji, supplemented with data from the ITU Global Cybersecurity Index 2024, the Pacific Security Outlook Report 2023–24, and the Pacific Ecommerce Initiative.
Member discussion