Which countries have the worst (and best) cybersecurity?
PAUL BISCHOFF TECH WRITER, PRIVACY ADVOCATE AND VPN EXPERT
@pabischoff UPDATED: March 3, 2020
With so much of our personal data stored online, cybersecurity is of the utmost importance.
So just where in the world are you cyber safe, if anywhere?
Last year, our study looked at 60 countries and found huge differences in a number of categories, from malware rates to cybersecurity-related legislation. In fact, not one country was “top of the class” across the board. All of the countries we analyzed needed some significant improvements.
So have things improved or are they getting worse?
We ranked these 60 countries from the least cyber safe to the most cyber safe based on seven criteria:
- The percentage of mobile devices infected with malware
- The percentage of computers infected with malware
- The number of financial malware attacks
- The percentage of all telnet attacks by originating country
- The percentage of users attacked by cryptominers
- The best-prepared countries for cyber attacks
- The countries with the most up-to-date cybersecurity legislation
We found most countries’ scores improved since last year. But due to greater cybersecurity efforts from the majority of countries, this means some of the best-performers from last year have dropped down the rankings. This includes the US, which has dropped from the fifth most cyber-secure country to the 17th.
We added 16 new countries to the study thanks to more data becoming available. This means countries are now ranked from one to 76 with one being the least cyber-secure country and 76 being the most cyber-secure country.
Which is the least cyber-secure country in the world?
According to our study, Algeria is still the least cyber-secure country in the world despite its score improving slightly. With no new legislation (as was the same with all countries), it is still the country with the poorest legislation (only one piece of legislation — concerning privacy — is in place). It also scored poorly for computer malware infection rates (19.75%) and its preparation for cyberattacks (0.262). Nevertheless, only its score for lack of preparation that worsened over the last year (and its score for legislation which couldn’t get any worse). In all of the other categories, attacks declined, as was the common trend for most countries.
Other high-ranking countries were Tajikistan, Turkmenistan, Syria, and Iran, which took over from last year’s Indonesia, Vietnam, Tanzania, and Uzbekistan.
The highest-scoring countries per category were:
- Highest percentage of mobile malware infections – Iran – 52.68% of users
- Highest number of financial malware attacks – Belarus – 2.9% of users
- Highest percent of computer malware infections – Tunisia – 23.26% of users
- Highest percentage of telnet attacks (by originating country) – China – 13.78%
- Highest percentage of attacks by cryptominers – Tajikistan – 7.9% of users
- Least prepared for cyber attacks – Turkmenistan – 0.115
- Worst up-to-date legislation for cybersecurity – Algeria – 1 key category covered
Apart from Algeria, China was the only country that stayed at the top of one of these lists – all of the other countries are new since last year.
Which is the most cyber-secure country in the world?
Our findings revealed Denmark to be the most cyber-secure country in the world, taking over from Japan, which dropped four places to the fifth most cyber-secure country. Last year’s fourth most cyber-secure country, Denmark, scored incredibly low across the majority of categories, only scoring a little higher in the legislation category due to it not having specific laws that cover content and cybercrime.
Other top-performing countries included Sweden, Germany, Ireland, and Japan. France, Canada, and the United States were all pushed out of the top five most cyber-secure countries and into ninth, sixth, and 17th place, respectively.
Sweden’s score improved across all categories except for telnet attacks, but this was only due to a very slight increase from 0.45% to 0.49% and its legislation (which remained the same). Sweden was also the best-scoring country for financial malware attacks with only 0.1% of users affected.
Germany’s score improved dramatically due to a huge decline in financial malware attacks, dropping from 3% of users to 0.5%. Ireland’s score came from improvements in all categories, bar telnet attacks (where there was a minimal increase from 0.06% to 0.07%), and a significant improvement in preparation for cyberattacks (up to 0.784 from 0.675).
Japan’s poorer score came from an increase in mobile ransomware (from 1.34% to 1.97%), an increase in computer ransomware (from 8.3% to 9.17%), and telnet attacks from the country (while these reduced from 1.23% to 1.06%, this was still a higher figure than quite a few other countries). Its score for preparation for cyberattacks and cryptominer attacks did improve, however.
France fell out of the top 5 best countries due to a high rate of computers being infected with malware (over 15%). While Canada’s overall score improved, its position declined due to better scores from other countries. Canada also scored quite high for computer malware infection rates (10.24%). And the United States’ score declined significantly due to high computer malware infection rates (9.07%) and a high number of telnet attacks coming from the country (4.71%).
The lowest-scoring countries per category were:
- Lowest percentage of mobile malware infections – Finland – 0.87% of users
- Lowest number of financial malware attacks – Denmark, Ireland, and Sweden – 0.1% of users
- Lowest percent of computer malware infections – Denmark – 3.15% of users
- Lowest percentage of telnet attacks (by originating country) – Turkmenistan – 0%
- Lowest percentage of attacks by cryptominers – Japan – 0.17% of users
- Best prepared for cyber attacks – United Kingdom – 0.931 score
- Most up-to-date legislation for cybersecurity – France, China, Russia, and Germany – all seven categories covered
|Rank 2019||Rank 2020||Country||Score 2019||Score 2020||% of Mobiles Infected with Malware||Financial Malware Attacks (% of Users)||% of Computers Infected with Malware||% of Telnet Attacks by Originating Country (IoT)||% of Attacks by Cryptominers||Best Prepared for Cyberattacks||Most Up-to-Date Legislation|
|-||15||Bosnia & Herzegovina||-||35.43||5.68||0.7||10.63||0.08||0.72||0.204||2|
|23||41||United Arab Emirates||36.88||23.31||9.18||0.6||13.64||0.26||0.95||0.807||4|
What’s changed over the last year?
Please note: the 16 new countries added this year (Bosnia & Herzegovina, Chile, Estonia, Finland, Jordan, Kazakhstan, Kyrgyzstan, Lithuania, Moldova, Norway, Oman, Serbia, Switzerland, Syria, Tajikistan, and Turkmenistan) aren’t included in the above chart due to their omission in 2019.
As we can see from the above chart, most countries’ scores have improved from last year – some more than others. Indonesia’s score improves dramatically, going from 54.89 last year to 31.33 this year, with quite a few European countries also noticing significant improvements, too (e.g. Ukraine, Germany, Portugal, Bulgaria, and Croatia).
Only the United States, Brazil, Japan, France, Iran, and Singapore who have worse scores than the previous year. While there is only a slight difference in all cases, as we have seen with the US, it is enough to contribute to quite a drop in rankings due to the improvements from many other countries.
What can we take away from these findings?
It is encouraging to see that most countries have improved overall. No country dominates every category, so every country still has room for improvement. Whether they need to strengthen cybersecurity legislation or users need better protection on their computers and smartphones, there’s still a long way to go.
Plus, as the landscape of cybersecurity constantly changes (cryptominers are growing in prevalence, for example), countries need to try and get one step ahead of cybercriminals.
Our methodology: how did we find the countries with the worst cybersecurity?
We considered seven criteria, each of which had equal weight in our overall score. These were:
- The percentage of mobiles infected with malware – software designed to gain unauthorized access to, destroy, or disrupt a device’s system
- The percentage of computers infected with malware – software designed to gain unauthorized access to, destroy, or disrupt a computer’s system
- The number of financial malware attacks – malicious programs created to steal a user’s money from the bank account on their computer system
- The percentage of all telnet attacks by originating country (based on the number of unique IP addresses of devices used in the attacks) – a technique used by cybercriminals to get people to download a variety of malware types
- The percentage of users attacked by cryptominers – software that’s developed to take over a user’s computer and use its resources to mine currency (without the user’s permission)
- The best-prepared countries for cyberattacks
- The countries with the most up-to-date legislation
Apart from the latter two, all of the scores were based on the percentage of users attacked during Q3 of 2019. The best-prepared countries for cyberattacks were scored using the Global Cybersecurity Index (GCI) scores. The most up-to-date legislation was scored based on existing legislation (and drafts) that covered seven categories (national strategy, military, content, privacy, critical infrastructure, commerce, and crime). Countries received a point for having legislation in a category or half a point for a draft.
For each criterion, the country was given a point based on where it ranked between the highest-ranking and lowest-ranking countries. Countries with the least cyber-secure scores were given 100 points, while countries with the most cyber-secure scores were allocated zero points. All of the countries in between these two scores received a score on a percentile basis, depending on where they ranked.
The total score was achieved by averaging each country’s score across the seven categories.
All of the data used to create this ranking system is the latest available, and we have only included countries where we could cover all of the data points.