The Countries with the Best (and Worst) Cybersecurity in the World

Press Release

GDS Modellica

10/01/2022

We often dedicate time to this blog to cybersecurity subjects, which we have to take seriously, given that the risks of data theft or filtering, identity theft, and asset maintenance represent an ever-growing list of challenges for financial institutions. For one thing, their very survival as a business is at stake. Still, the subject is also a source of constant friction regarding the customer experience in an increasingly demanding market. Furthermore, the regulatory environment is becoming ever stricter. Any company that overlooks cybersecurity is taking a huge gamble further down the line.

The specialist fraud-prevention company SEON has recently published a very ambitious Global Cybercrime Report, ranking 94 countries by combining the scores of existing recognised and prestigious indices. “While the combination of public and private sector efforts to tame the digital Wild West has made it more difficult for online fraudsters in some respects,” says the executive summary, “cybercrime remains a persistent threat for internet users.”

Aside from the ranking itself, which we will get to shortly, the other interesting thing about the study is the choice of data sources used to create the report. The first is the National Cyber Security Index (NCSI), which ranks each country according to the strength of its cybersecurity measures. It was created by the e-Governance Academy, an institution based in Tallinn, Estonia.

The second source used is the Global Cybersecurity Index 2020, which ranks countries based on their respective cybersecurity. It is published by the International Telecommunications Union (ITU), the UN specialised agency for information and communications technologies (ICT). The SEON report explains that the ITU and NCSI rankings differ due to differences in their assessment criteria.

Moving on from these sources, we come to the Basel AML Index, which is already in its 9^th edition and ranks countries according to the risk of money laundering and terrorist financing. Why? Because this illegal activity is increasingly being done digitally, making it a good indicator of how well-policed and secure the internet is in each country.

The fourth measure used was each country’s score from the Cybersecurity Exposure Index (CEI), which measures how at-risk internet users are in their country. This is something that the report’s authors considered to be “a good alternative take on the other cybersecurity indices… as it looks at the problem from a different angle, helping to create an overall clearer picture of the cybercrime landscape”.

Lastly, the fifth source of data was an analysis of how strong anti-cybercrime legislation is in each country. For this, the report looked at the Global Cyber Strategy Index, recording the number of strategies and pieces of legislation that have been enacted in each country, as well as the number of fields that said legislation covers. Using this data, each country was assigned one point for each piece of legislation and half a point if the legislation was in draft form. An extra point was added for each regulatory category covered by the legislation.

“The scores from all of these factors were converted into a single, equally-weighted score out of ten”, the report explains, allowing them to “rank the countries for their overall internet safety, revealing the best and worst countries for cybersecurity”. To this, the report also adds snapshots of the most common forms of cybercrime using data from Statista and used other data from the Centre for Strategic and International Studies (CSIS).

The most low-risk country in the world, in other words, those with the best score from all these data sources, is Denmark, scoring 8.91 out of 10. They are followed by Germany with 8.76 and the United States, which has to settle for third place despite being the only country to score 100/100 in the ITU index. The top 10 are then completed by Norway, the United Kingdom, Canada, Sweden, Australia, Japan, and the Netherlands, scoring 8 out of 10.

Looking at the other extreme, we find the 10 most high-risk countries, with scores ranging from the 2.22 scored by Myanmar to the 3.51 achieved by El Salvador. Between the two, from lowest to highest score, we find Cambodia, Honduras, Bolivia, Mongolia, Algeria, Zimbabwe, Nicaragua and Bosnia-Herzegovina.

Spain is positioned in the top half of the ranking in 25^th place, below Turkey, South Korea, and Portugal and above Croatia, Slovenia and Mauritius. This is due to a rather poor CEI and Global Cyber Strategy Index score and a particularly low score in the NCSI. However, here at GDS Modellica, we are open to the possibility that this is a scoring error since the NCSI itself puts Spain at a much-improved 6^th in the world.

Regardless of this possible error, reading the report in full, as well as the highly valuable sources of information we have mentioned, is well worth the trouble for anyone interested in the “geopolitics of cybersecurity” and looking to keep up to date regarding the strengths and weaknesses of the various regions around the globe.