Tech Insight : New Index Reveals Cyber Criminal Countries

In this insight, we look at how a recently developed ‘World Cybercrime Index’ appears to show the globe’s key cybercrime hotspots by ranking the most significant sources of cybercrime at a national level. 

Three Years To Develop 

The world-first World Cybercrime Index (WCI) was developed by following three years of intensive research as part of a joint partnership between the University of Oxford and the University of New South Wales (UNSW), funded by CRIMGOV (an EU-supported project). Details of the research and findings were published on PLOS ONE, the Public Library of Science open-access journal. 

Why? 

Co-author of the study, Dr Miranda Bruce (University of Oxford and UNSW Canberra) said that the index produced by the study will enable both the public and private sectors to focus their resources on key cybercrime hubs, thereby spending less time and funds on cybercrime countermeasures in countries where the problem is not as significant.  

Dr Bruce says that WCI will also “help remove the veil of anonymity around cybercriminal offenders, and we hope that it will aid the fight against the growing threat of profit-driven cybercrime.” 

Deeper Understanding 

It’s also hoped that having an index of this kind will bring a “deeper understanding of the geography of cybercrime” and shows how different countries specialise in different types of cybercrime. Continuing to collect such data may also enable monitoring of the emergence of any new hotspots, meaning that interventions could be made in at-risk countries “before a serious cybercrime problem even develops.” 

This WCI can also inform policymakers for better resource allocation in combating cybercrime effectively. 

What Is The Index and How Does It Work? 

The World Cybercrime Index (WCI) was developed to provide a comprehensive ranking of countries based on their cybercrime threats and vulnerabilities. The methodology of the WCI involved surveying 92 leading cybercrime experts globally. The experts assessed five categories of cybercrime: technical products/services, attacks and extortion, data/identity theft, scams, and cashing out/money laundering. They then nominated the countries they deemed the most significant sources of each type and rated these countries based on the impact, professionalism, and technical skill of their cybercriminals. 

By analysing these expert opinions, researchers were able to generate scores for each category, combining them into an overall metric to create the WCI.  

Which Countries? 

The index shows that a relatively small number of countries house the greatest cybercriminal threat. Topping the list is Russia, followed by Ukraine, China, the USA, Nigeria, and Romania, with the UK coming in at number eight. 

Invisible Before – Index Is A First Step 

Co-author of the WCI, Associate Professor Jonathan Lusthaus, from the University of Oxford’s Department of Sociology and Oxford School of Global and Area Studies, has highlighted how getting information from surveys about cybercrime has been challenging up until now because offenders often mask their physical locations by hiding behind fake profiles and technical protections. 

The index, therefore, is being seen as a valuable first step to a broader aim of understanding the local dimensions of cybercrime production across the world. 

For example, co-author of the study, Professor Federico Varese from Sciences Po in France says: “Many people think that cybercrime is global and fluid, but this study supports the view that, much like forms of organised crime, it is embedded within particular contexts”. 

What Does This Mean For Your Business? 

This index appears to follow ‘Pareto’s Principle’, in that the majority of output(s) can be attributed to a minority of input(s) … commonly known as the 80/20 law. For example, 80% of people only use 20% of their computers’ features, or 80% of profits come from 20% of clients.

The development of the World Cybercrime Index (WCI) could have significant implications for businesses across the globe. Understanding the key cybercrime hotspots and the nature of cyber threats they pose may enable businesses to better protect themselves and allocate resources more efficiently. 

By highlighting the countries that are the most significant sources of cybercrime, the WCI could help companies operating in or dealing with these regions to take more stringent cybersecurity measures. Being aware of these hotspots may, therefore, enable businesses to more accurately focus their cybersecurity investments on the most pressing threats and on mitigating risks more effectively. 

The index’s detailed breakdown of cybercrime categories, e.g. technical products/services, attacks and extortion, data/identity theft, scams, and cashing out/money laundering, also provides businesses with insights into specific types of cyber threats they might face. This granular understanding could help tailor cybersecurity strategies to address the most relevant threats, enhancing overall resilience against cyber-attacks. 

Also, the WCI may serve as a valuable tool for policymakers, influencing regulations and cybersecurity frameworks that businesses must comply with. By aligning corporate cybersecurity policies with national and international regulations informed by the index, businesses may be able to ensure they are not only compliant but also optimally protected. This proactive approach could prevent legal and financial repercussions associated with data breaches and cyber-attacks.