Which countries are most (and least) at risk for cybercrime?

The risk of cybercrime is not spread equally across the globe. Cyberthreats differ widely, with internet users in some countries at much higher risk than those in nations that offer more security due to strong cybercrime legislation and widely implemented cybersecurity programs, according to fraud-detection software company SEON.

SEON combined data from a variety of cybersecurity indices and indicators to come up with a global ranking of countries that are least and most at risk of cybercrime. Cybersecurity for internet users is strongest in Denmark, where people are protected from cybercrime through both legislation and technology, according to the SEON ranking. It is followed, in order, by Germany and the US.

How cybersecurity rankings were determined

To arrive at its Global Cyber-Safety Index, SEON first collected data from the National Cyber Security Index (NCSI), which ranks every country based on the strength of their cybersecurity measures. The company then took data from a similar ranking, the Global Cybersecurity Index 2020, which also ranked countries based on their respective cybersecurity practices. Data from both of these sources were used since they used different criteria to rank each country.

SEON also used the Basel AML Index: 9th Edition, which ranks countries based on the risk of money laundering and terrorist financing. This illegal activity is most commonly done digitally, so it is a good indicator of how well-policed and secure the internet is in each country.

To come up with its overall ranking, SEON also took into account the Cybersecurity Exposure Index (CEI) 2020, which measures how at-risk internet users are in each country.

In addition to these various indices, SEON looked at the strength of cybercrime legislation in each country.

“We assigned each country one point for each piece of legislation, and half a point if the legislation was only in draft form. We then added an extra point for each regulatory category that this covered, thereby including the coverage of legislation as a part of the scoring process. The scores from all of these factors were converted into a single, equally-weighted score out of 10,” says Gergo Varga, author of the report.

The lowest-risk countries for cyberthreats

At the top of the ranking for most cybersecure countries, Denmark secured an overall cybersafety score of 8.91, doing particularly well on the Cybersecurity Exposure Index, where it scored just 0.117.

SEON

Germany had a cybersafety score of 8.76, while the US scored 8.73. The relatively overall high rank for US was due in part to its first place score in the Global Cybersecurity Index, while also ranking well in terms of overall cybersecurity exposure and strong legislation.

Other countries that made it to the top 10 of most secure countries were, in order of ranking, Norway, the UK, Canada, Sweden, Australia, Japan and Netherlands.

At the other end of the scale are the countries that offer the least protection against cybercrime. These countries have very weak legislation regarding cybercrime or even none at all, and therefore carry the greatest risk to transactions that involve personal information, the report said.

The highest-risk countries for cyberthreats

Myanmar has the worst ranking for internet safety, scoring just 2.22 on SEON’s Global Cyber-Safety Index. The country scored poorly across the board, especially in terms of legislation, as hardly any has been enacted to put barriers in the way of cybercriminals.

“Based on the methodology of the report, most of the rationale behind the risk ranking comes down to legislation and an involved government infrastructure focused on regulation and enforcement,” said Liz Miller, a vice president at Constellation Research.

SEON

“But if we are being honest, a regulatory environment will only get you so far, for example, even if a country has passed or is in the process of passing legislation around consumer privacy or digital safety, if there are no real ramifications or consequences to those crimes, be it for the criminals executing those crimes or for businesses who refuse to invest in compliance or those who purposefully ignore privacy and safety regulations … then what? You have a piece of paper with great intentions and no teeth,” Miller added.

Cambodia follows Myanmar with a cybersafety score of 2.67, the second-worst overall score in the SEON rankings. Cambodia performs marginally better than Myanmar in every metric other than the Global Cybersecurity Index.

Honduras takes third place with a score of 3.13. The Central American country scored lowest on the Global Cybersecurity Index of any in the study while performing poorly in all other areas. However, Honduras does perform twice as well as Myanmar and Cambodia in terms of anti-cybercrime legislation.

The other countries in the list of those most at risk of cyberthreats are (from most at risk to least): Bolivia, Mongolia, Algera, Zimbabwe, Nicaragua, Bosnia-Herzegovina, and El Salvador.

Most common forms of cybercrime

The SEON report also focuses on the most commonly reported cybercrimes of 2020. It said that phishing emails and pharming are the top online threat to US internet users, accounting for 32.9% of all reported cybercrime in the country in 2020. Phishing and pharming refer to the fraudulent practice of luring people into revealing personal information, such as passwords, login details and credit card numbers.

The second most common type of cybercrime was non-payment and non-delivery, which was reported 108,869 times and made up 14.9% of cybercrimes in the US. Non-payment refers to a buyer not paying for goods or services received, while non-delivery refers to the failure to deliver goods or services that have been paid for.

Extortion is the third most common form of cybercrime, with 76,741 reported incidents in 2020 in the US, reflecting 10.4% of all cybercrime in the country. Extortion comes in several forms, with the most common being the use of ransomware to seize access to files and devices, followed by a demand for money, cryptocurrency, gift cards or any other form of payment.

Strong security requires resources

To really dig into why some countries may be at higher risk than others, resources and the wealth of targets need to be considered, Constellation Research’s Miller said. Security requires  resources that some organizations in some countries may not have access to, be it the budget to implement proactive protection measures or the talent and time to staff security teams and operations. Companies that lack resources may also prioritize operations over security and that, according to Miller, creates an environment that is opportunistic for bad actors looking to exploit vulnerabilities.

Countries that are most at risk should take steps toward regulation and public education, Miller says.

 “The average consumer simply does not see themselves as part of the vulnerability supply chain, with some calling for the government to resolve these issues of faceless strangers lurking in basements wearing hoodies. But we all know that the faceless hoodie guy didn’t click the link in the email that really didn’t come from the bank,” Miller says.

If a government is truly serious about addressing threats, partnerships will be key, Miller says. The public and private sectors will need to come together on solutions and shared intelligence for the purpose of early detection and rapid mitigation in order to stay ahead of bad actors.