Cybersecurity Exposure Index (CEI) 2020

As each country begins to adapt to a new, unprecedented, post-COVID 19 world, cybersecurity becomes increasingly imperative to secure digital infrastructures.

From endpoint attacks that are designed to gain unauthorized access, steal data, and extort money by blocking access to files or computer systems, to cloud attacks that are designed to compromise and weaponize virtual machines, cybercrime can take many forms.

So, to reveal the countries that are the most and least exposed to cybercrime, we’ve compiled data of five of the most significant types of end-point and cloud cyberattacks alongside the level of commitment to cybersecurity across 108 countries.

Our data reveals the very latest insights into which countries are most exposed, least exposed, and everything in-between.

From 0 to 1, the Cybersecurity Exposure Index (CEI) calculates the level of exposure to cybercrime by country. The higher the score, the higher the exposure.

First, let’s take a look at the definition of exposure:

The fact of experiencing something or being affected by it because of being in a particular situation or place Cambridge Dictionary

Where risk is the probability (i.e. the chance that an event or situation will happen), exposure is the extent to which risk can have an affect. With exposure defined as the fact of experiencing or being affected by something, we chose to research the frequency of malicious attacks alongside the level of cybersecurity commitment to accurately assess each country’s exposure to cybercrime.

Six data sets were used to create the Cybersecurity Exposure Index (CEI):

  • Malware Encounter Rate (2019/20)
  • Ransomware Encounter Rate (2019/20)
  • Cryptocurrency Mining Encounter Rate (2019/20)
  • Drive-by Download Page Encounter Rate (2019/20)
  • Cloud Provider Related Incoming Attacks (2019/20)
  • Level of Commitment to Cybersecurity (2018)

We used the latest available data from:

  • Microsoft – Malware Encounter Rate, Ransomware Encounter Rate, Cryptocurrency Mining Encounter Rate, Drive-by Download Page Encounter Rate, Cloud Provider Related Incoming Attacks (2019/20)
  • International Telecommunication Union – Global Cybersecurity Index (2018)

The Cybersecurity Exposure Index (CEI) was calculated using a ranking system.

Malware, ransomware, cryptocurrency mining, drive-by download page, and cloud provider related incoming attack encounter rates were all ranked from high (being the most exposed and scoring a high exposure rank) to low (being the least exposed and scoring a low exposure rank).

The level of commitment to cybersecurity was ranked from high (being the most committed and scoring a low exposure rank) to low (being the least committed and score a high exposure rank).

Each respective country ranking was then added together and divided by 290 to calculate the scale of exposure from 0-1 (low-high).

Note: The total sum of each country rank was divided by 290 because this was the highest sum of all country ranks (Afghanistan) and set the upper-level of exposure.

The Forumla Used to Calculate Exposure Score

We will use the following abbreviations for simplicity:

  • MERR – Malware Encounter Rate Rank
  • RERR- Ransomwear Encounter Rate Rank
  • CMERR – Cryptocurrency Mining Encounter Rate Rank
  • DBDPERR – Drive-by Download Page Encounter Rate Rank
  • CPRIA – Cloud Provider Related Incoming Attack Rank
  • LOCTCR – Level of Commitment to Cybersecurity Rank

(MERR + RERR + CMERR + DBDPERR + CPRIAR + LOCTCR) / 290 =  Exposure Score

Example Calculations:

Afghanistan:

(MERR 105 + RERR 23 + CMERR 36 + DBDPERR 31 + CPRIAR 1 + LOCTCR 94) / 290 = 1.000

Finland:

(MERR 4 + RERR 1 + CMERR 2 + DBDPERR 5 + CPRIAR 2 + LOCTCR 18) / 290 = 0.110

To better understand the landscape of exposure and distribution across the world and each continent we also employed an exposure classification scale. See below:

Exposure ClassifcationScore Range
Very High0.800 – 1.000
High0.600 – 0.799
Moderate0.400 – 0.599
Low0.200 – 0.399
Very Low0.00 – 0.199

Malware Encounter Rate

Malware is malicious software designed to gain unauthorized access and/or cause damage to data and virtual systems.

Find out more about malware here.

Ransomware Encounter Rate

Ransomware is another type of malicious software but designed to extort money from victims by threatening to publish stolen data or block access to files or computer systems. Ransomware is lifted once a ransom is paid, however, this is not always the case.

Find out more about ransomware here.

Cryptocurrency Mining Encounter Rate

As the value of cryptocurrency increases or falls, so does the number of cryptocurrency mining attacks.

Attackers inject mining software into their victim’s machine and then use the machine’s CPU processing resources to mine for cryptocurrency. The profits of the newly acquired cryptocurrency are then directed into the wallet of the attacker.

Find out more about cryptocurrency mining here.

Drive-by Download Page Encounter Rate

A drive-by download is an unintentional download of malicious code to a computer or mobile device.

Drive-by downloads exploit security flaws of web browsers, operating systems, and even apps to successfully infect a user’s device. A user doesn’t need to click on a link, download a file, or open an email attachment to become infected – all it takes is a simple visit to an infected website.

Attackers use drive-by downloads to spy and collect data, sell stolen data, penetrate further systems, networks, or accounts, and in advanced cases, install malicious software such as ransomware and cryptocurrency mining.

Find out more about drive-by download pages here.

Cloud Provider Related Incoming Attacks

As opposed to endpoint attacks that are designed to gain unauthorized access, steal data, and extort money by blocking access to files or computer systems, cloud attacks compromise and weaponize virtual machines.

The virtual machines can then be used to initiate a range of cyberattacks.

Find out more about cloud incoming attacks here.

Level of Commitment to Cybersecurity

We used the (ITU) Global Cybersecurity Index to assess the level of commitment to cybersecurity in each country. The ITU classifies each country according to their level of cybersecurity commitment across five pillars:

  1. Legal: Measures based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime.
  2. Technical: Measures based on the existence of technical institutions and frameworks dealing with cybersecurity.
  3. Organizational: Measures based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level.
  4. Capacity building: Measures based on the existence of research and development, education and training programmes, certified professionals, and public sector agencies fostering capacity building.
  5. Cooperation: Measures based on the existence of partnerships, cooperative frameworks, and information sharing networks.

Find out more here.

Global

The Good:

  • Out of 108 countries, Finland is the least exposed, followed by Denmark, Luxembourg, Australia, and Estonia.
  • Europe has the lowest exposure score per country (0.329), followed by North America (0.462).
  • Europe accounts for 67.44% of low and very low exposure countries globally.

The Bad:

  • Out of 108 countries, Afghanistan is the most exposed, followed by Myanmar, Ethiopia, Palestine, and Venezuela.
  • Africa has the highest exposure score per country (0.643), followed by South America (0.577).
  • Asia-Pacific accounts for 60% of very high exposure countries globally.
  • Combined, Asia-Pacific accounts for 40% of high and very high exposure countries globally.

Exposure Classification Distribution:

Figures in the table below represent the number of countries.

ContinentVery HighHighModerateLowVery Low
Europe0210218
North America03411
South America13510
Asia-Pacific311873
Africa111310
Global530303112
Share this on your site:

Europe

The Good:

  • Finland is the least exposed country, followed by Denmark, Luxembourg, Estonia, and Norway.
  • Europe has the lowest exposure score per country (0.329).
  • 70.73% of European countries are classified in the low and very low exposure groups.
  • Europe accounts for 67.44% of low and very low exposure countries globally.

The Bad:

  • Armenia is the most exposed country, followed by Belarus, Bosnia and Herzegovina, Ukraine, and Albania.
  • Although Europe has 2 countries classified in the high exposure group, this only accounts for 4.88% of all European countries – the lowest of all continents.

Exposure Classification Distribution:

Figures in the table below represent the number of countries.

ContinentVery HighHighModerateLowVery Low
Europe0210218
Share this on your site:

North America

The Good:

  • The United States is the least exposed country, followed by Canada, Costa Rica, Mexico, and the Dominican Republic.
  • North America has the second-lowest exposure score per country (0.462).
  • 66.67% of North American countries are classified in the moderate, low, and very low exposure groups.

The Bad:

  • El Salvador is the most exposed country, followed by Honduras, Nicaragua, and Panama.
  • 33.33% of North American countries are classified in the high exposure group.

Exposure Classification Distribution:

Figures in the table below represent the number of countries.

ContinentVery HighHighModerateLowVery Low
North America03411
Share this on your site:

South America

The Good:

  • Uruguay is the least exposed country, followed by Paraguay, Chile, Argentina, and Brazil.

The Bad:

  • Venezuela is the most exposed country, followed by Bolivia, Ecuador, Peru, and Columbia.
  • South America has the second-highest exposure score per country (0.577).
  • 40% of South American countries are classified in the high and very high exposure groups.

Exposure Classification Distribution:

Figures in the table below represent the number of countries.

ContinentVery HighHighModerateLowVery Low
South America13510
Share this on your site:

Asia-Pacific

The Good:

  • Australia is the least exposed country, followed by Japan, New Zealand, Singapore, and Qatar.
  • 31.25% of Asia-Pacific countries are classified in the low and very low exposure groups.

The Bad:

  • Afghanistan is the most exposed country, followed by Myanmar, Palestine, Nepal, and Bangladesh.
  • Asia-Pacific accounts for 60% of very high exposure countries globally.
  • Combined, Asia-Pacific accounts for 40% of high and very high exposure countries globally.
  • 43.75% of Asia-Pacific countries are classified in the high and very high exposure groups.
  • Although Asia-Pacific places in the middle of the continent rankings (0.540), it has some of the most exposed countries globally.

Exposure Classification Distribution:

Figures in the table below represent the number of countries.

ContinentVery HighHighModerateLowVery Low
Asia-Pacific311873
Share this on your site:

Africa

The Good:

  • Mauritius is the least exposed country, followed by South Africa, Egypt, Kenya, and Nigeria.

The Bad:

  • Ethiopia is the most exposed country, followed by Libya, Morocco, Zambia, and Tanzania.
  • Africa has the highest exposure score per country (0.643).
  • 75% of African countries are classified in the high and very high exposure groups.
  • Alongside Asia-Pacific, Africa has the largest number of high exposure countries – accounting for 36.67% of all high exposure countries globally.

Exposure Classification Distribution:

Figures in the table below represent the number of countries.

ContinentVery HighHighModerateLowVery Low
Africa111310
Share this on your site:

When mentioning this data and research, please provide full credit to PasswordManagers.co and the original data source: https://passwordmanagers.co/cybersecurity-exposure-index/

As founder of PasswordManagers.co, my mission is to help you protect your passwords. I launched PasswordManagers.co with three core values: everyday language, real research, and impartial advice. We explain complicated terms using simple language, try every password manager so you don’t have to, and write fair, honest and accurate reviews.

We will be happy to hear your thoughts

Leave a reply

PasswordManagers.co
Logo