Global Cybercrime Report: Which Countries Are Most at Risk in 2023?

How Does the Threat of Cybercrime Differ Around the World?

There are innumerable ways that cybercrime differs from country to country, but there are also certain factors that can be observed internationally, such as instances of phishing and data breaches. Here we look at how each country can be rated for its levels of cyber safety and ultimately consolidate the data of various security authorities to conclude how each country fares in its attempts to remain safe in the digital world.

Indeed, the digital frontier that we enjoy today opens up a world of risk as well as opportunity. With everyone on the planet just a click of a button away, it has never been easier for fraudsters and other criminals to find unsuspecting victims.

This has led to a booming new province for the criminally-minded, who can attack innocent internet users from the comfort and security of their own homes.

In fact, the remote working and isolation seen in the COVID lockdowns of 2020 have bolstered the landscape for cyberattacks, which have played a significant role in worsening the security of online software and financial systems – all of which has led to a new decade of increased economic uncertainty.

The threat isn’t limited to individuals either, with governments and multinational corporations also in the cybercriminals’ crosshairs.

The Center for Strategic & International Studies (CSIS) tracks these cyber attacks on government bodies, defense agencies, and high-tech companies, as well as economic crimes that amount to a loss of at least $1 million. 

CSIS reported that in January 2023, a joint advisory warning was issued from three US-based cybersecurity authorities – the CISA, NSA (National Security Agency), and MS-ISAC (Multi-State Information Sharing and Analysis Center) – about the increase in phishing and other attacks against civilian branches of the US Government.

To counteract these increasing cyber threats, countries have been developing strong cybersecurity programs and enacting legislation aimed at tackling cybercrime and protecting themselves from digital dangers.

In addition to this, the private sector has been at the forefront of developing innovative cybersecurity solutions ranging from antivirus programs to dedicated fraud prevention software.

For instance, businesses can vastly reduce risk by utilizing anti-fraud products such as data enrichment and browser fingerprinting to block suspicious logins, prevent account takeovers, and detect when someone is using multiple accounts.

While the combination of public and private sector efforts to tame the digital Wild West has made it more difficult for online fraudsters in some respects, cybercrime remains a persistent threat for internet users.

But what are the most common forms of cybercrime? And is this threat spread equally around the globe?

The Cyber Threat Around the Globe

To find out if the dangers of cybercrime are equally spread across the globe we’ve taken a look at 93 countries to see what geolocations have fraud peaks, which have valleys, and why.

Combining data from three major cybersecurity authorities, namely the National Cyber Security Index (NCSI) (updated on a live basis), the Global Cybersecurity Index (GCI) (2020), and the Cybersecurity Exposure Index (CEI) (2020), we’ve created a global ranking to present the ten countries that are, respectively, the least and most risky for internet users.

The results have been determined by finding the cybersecurity scores, all three of which needed to be expressed as percentages, of the NCSI, GCI, and CEI – and assigned each of those scores to the 93 countries that we’ve reported on. We then calculated the mean average of those two scores for each of the said countries. This mean average of the NCSI, GCI, and CEI’s total scores is what we refer to here as the Cyber-Safety Score.

Let’s now take a look at the top ten most low-risk and top ten most high-risk countries based on this scoring system.

The Top 10 Lowest-Risk Countries for Cyber Threats

These are the countries where cybersecurity is strongest, and people are most protected from cybercrime through legislation and technology. 

The top three are Belgium, Finland, and Spain, which have a Cyber-Safety Score of 90.69, 90.16, and 88.61 respectively.

The Cyber-Safety Scores are calculated by adding the NCSI, GCI, and CEI’s most recent scores and then calculating the mean average of those three data points.

You can learn more about how these scores were assigned by checking out the Commentary section further down the page.

The Top 10 Highest-Risk Countries for Cyber Threats

At the other end of the scale are the countries that offer the least protection against cybercrime. These countries have very weak legislation regarding cybercrime – or even none at all – and therefore carry the greatest risk when processing sensitive transactions. Here we’ve listed the ten countries with the lowest overall Cyber-Safety Score.

The top three countries in terms of having a low Cyber-Safety Score are Afghanistan, Myanmar, and Namibia, which have a Cyber-Safety Score of 5.63, 18.60, and 19.72 respectively.

The Most Common Forms of Cybercrime

Here we can see the most commonly reported cybercrimes of 2022, and all the way back to 2018. These figures come from the FBI-run US Internet Crime Complaint Center (IC3), so they are limited only to cybercrimes committed in the United States and reflect only those crimes that were actually reported – likely a minority of cases.

However, they do provide insight into the current trends followed by cybercriminals, showing the ways in which the internet is most commonly used for illegal activity.

Phishing and Pharming – 2022 USA Victim Count: 300,497

Data focused on 2022 found that the most common type of cybercrime in the US is phishing and pharming. Phishing and pharming refer to the fraudulent practice of luring people into revealing personal information, such as passwords, login details, and credit card numbers. 

When carried out via email this practice is referred to as phishing, whereas it’s referred to as pharming when the victim is directed to a fake website disguised as a legitimate one.

Personal Data Breach – 2022 USA Victim Count: 58,859

Data focused on 2022 found that the second most common type of cybercrime in the US are personal data breaches. Typically, data breaches online are when a hacking attack successfully accesses a database of sensitive information, most often personal data, payment information, or login credentials.

Data breaches can lead to a victim’s personal info being sold on digital marketplaces, and, depending on the nature of the breached data, can lead to common but potentially devastating cybercrime-like synthetic identity fraud, account takeovers (ATO), and other forms of payment fraud.

Non-Payment/Non-Delivery – 2022 USA Victim Count: 51,679

The second most common type of cybercrime was non-payment and non-delivery, which was reported 51,679 times in 2022. Though they are at two ends of the customer-merchant relationship, they are not necessarily linked. Non-payment refers to a buyer not paying for goods or services received – often a headache in the ecommerce space, particularly for marketplaces with no-return policies.

This kind of fraud – often referred to as first-party fraud – is both on the rise and very difficult to detect. Meanwhile, non-delivery refers to the failure to deliver goods or services that have been paid for. In the cybercrime field, non-delivery is often associated with fraudulent storefronts set up at online marketplaces, phishing, classified ads posted by scammers, and other person-to-person scams, such as forex fraud.

Cybercrime Affecting US Businesses

Online threats have become a major problem for businesses in the USA. Activities such as using ransomware to extort money out of organizations and leaking the personal information of customers and employees are both now bigger threats than ever.

‘The financial cost of fraud report 2021’ by Crowe LLP and The University of Portsmouth found that fraud costs businesses and individuals a total of £137 billion (roughly equivalent to $189 billion) each year.

Whether they’re involved in ecommerce fraud or credit card fraud, these criminals now have a plethora of tools at their disposal to trick you into handing over your money. This puts both consumers and businesses at risk when conducting transactions online – with fraudsters counting both parties as fair targets.

According to research by Juniper published in mid-2022, the ecommerce industry saw a $41.4 billion loss due to fraud in 2022. And yet, despite this, only 34% of companies are investing in fraud prevention and mitigation measures.

This suggests that many businesses would benefit from investing in new counter-fraud systems and technologies which would enable them to scale to better fit the expanding global market, while not assuming the burden of losses to fraud and cybercrime.

While fraud has become a huge drain on ecommerce businesses and their customers, data leaks can also pose a threat to their employees, customers, and clients. Data leaks – the resulting dissemination of sensitive info as a result of a data breach – have become a serious issue in the USA, with thousands of data breaches taking place each year.

To look into the risks further, check out the below graph, which is based on 2023 data from Statista and covers the US’s instances of data compromises, individuals impacted, and records exposed.

Here we can see that the risks of compromised cybersecurity practices are multifaceted: Far from it being the case that the data compromises, individuals impacted, and the number of records exposed only ever increase with time, the lines on the graph fluctuate considerably throughout those three metrics. 

These stark fluctuations can largely be attributed to major data breach events throughout the last several years. Statista’s data commentary, published in April 2023, emphasizes that dramatic increases in such compromises are largely industry-specific. As of 2022, the enormous sectors of healthcare, financial services, and manufacturing have seen the biggest data breaches.

One thing that is consistent, however, is the general upward trend involved in the total number of data compromises. This has increased from 785 million in 2015 to 1.802 billion in 2022.

The graph also reflects the fact that cybercrime is not only a danger to large industries and organizations with highly sensitive information, but it also poses a significant risk to individuals. Between 2021 and 2022, in fact, the number of individuals impacted rose from 298.08 million to 422.14 million.

Major incidences appear to be the biggest factor in these impacted individuals. For example, March 2018 saw the third biggest data breach, when India’s national identification database, Aadhaar, was exposed leading to the exposure of 1.1 billion records.

Full Global Cyber-Safety Index

This is our full Cyber-Safety Index, looking at data from 93 countries. The countries are ranked from low risk to high risk, according to their overall Cyber-Safety Score.

This score has been formulated by combining data based on each country’s performance on a range of indices relating to cybersecurity, digital fraud, and cybercrime, as well as the breadth of legislation and government strategies for cybersecurity in each location.

The overall cyber-safety score is based on the mean average that we arrived at when calculating the NCSI, GCI, and CEI’s results for the 93 countries observed. In the case of each data point, the score has been presented as a percentage for the sake of this report (see Commentary for more information on the methodology involved).

Commentary

This global cybersecurity report was updated in Q1, 2023. It looks at the cybersecurity data that has been made available since the start of 2020.

The limitations of the reporting come down to the fact that it uses a broad timeframe: While the NCSI’s data is updated on a live basis, the other cybersecurity authority sourced, the GCI, was published in 2020, with a new Global Cybersecurity Index report planned for publication in late 2023/early 2024.

Our Cyber-Safety Score reflects a calculation of the average of the scores sourced. Though there are some metrics that cross over between the scoring systems, we feel that the score we computed gives a robust idea of the country’s overall cybersecurity environment, based on factors taken into account by the respective data sources, such as the level of commitment to cybersecurity, comprehensiveness of any existing legal frameworks, and rate of implementation of technical security measures.

Notably, to calculate this mean average-based cyber-safety score, we converted some data so all our data sources could be computed hygienically. Unlike the NCSI and GCI, which use percentage-based scoring – 0 being the worst and 100 being the best – the CEI (Cybersecurity Exposure Index) 2020 uses a rating score of 0 to 1.

On this 0 to 1 scoring scale, 0 means the least exposed to cyberattacks (meaning the best possible score), 1 is the most exposed to cyberattacks (meaning the worst possible score), and 0.500 is a completely neutral result. Accordingly, each of the CEI’s scores from 0 to 1 was converted into the corresponding percentage. This meant, for example, that 0.300 translates to 70.00%. Each country’s Cybersecurity Exposure Index score went through this process so that the mean average calculation would always be made up of percentage scores throughout the NCSI, GCI, and CEI’s international data.

Ultimately, this report, published in Q1, 2023, has taken authoritative, recent data, all of which can be updated over the years to come in ways that will ultimately show trends in Cyber-Safety Scores throughout the ever-changing cybersecurity landscape.