World-first Cybercrime Index maps the global geography of cybercrime

World-first Cybercrime Index maps the global geography of cybercrime

Image of code on a computer screen

Researchers from the Department of Sociology have compiled the first ever ‘World Cybercrime Index’, which identifies the globe’s major cybercrime hotspots by ranking the most significant sources of cybercrime at a national level.

Published today in PLOS One, the Index shows that the threat of cybercrime is not evenly distributed worldwide. In fact, a relatively small number of countries house the greatest cybercriminal threat - Russia tops the list, followed by Ukraine, China, the USA, Nigeria, and Romania. The UK comes in at number eight.

The World Cybercrime Index was created by the Department's Miranda Bruce, Jonathan Lusthaus and Ridhi Kashyap, in collaboration with Nigel Phair (Monash University) and Federico Varese (Sciences Po). It represents three years of intensive research and has been developed as a joint partnership between the University of Oxford and UNSW Canberra.

Cybercrime is a major global challenge, with estimated costs ranging from the hundreds of millions to the trillions. But despite the threat it poses, cybercrime is somewhat of an invisible phenomenon. 

While it is possible to map the geography of cybercrime attacks, the geography of cybercrime offenders – and the corresponding level of ‘cybercriminality’ present within each country – is largely unknown.

Co-author Dr Jonathan Lusthaus explains:

Due to the illicit and anonymous nature of their activities, cybercriminals cannot be easily accessed or reliably surveyed. They are actively hiding.

If you try to use technical data to map their location, you will also fail, as cybercriminals bounce their attacks around internet infrastructure across the world.

The best means we have to draw a picture of where these offenders are actually located is to survey those whose job it is to track these people.

The data that underpins the Index was gathered through a survey of leading cybercrime experts from around the world. Participants were asked to consider five major categories of cybercrime and nominate the countries that they considered to be the most significant sources of each of these types of crime.

The five categories were:

1.    Technical products/services (such as malware)
2.    Attacks and extortion 
3.    Data/identity theft (such as hacking or phishing)
4.    Scams (such as business email compromise or online auction fraud)
5.    Cashing out/money laundering (such as credit card fraud)

The survey then asked participants to rank each nominated country according to the impact, professionalism, and technical skill of its offenders. 

The results indicate that a relatively small number of countries house the greatest cybercriminal threats. Six countries – China, Russia, Ukraine, the US, Romania, and Nigeria – appeared in the top ten of each category of cybercrime. 

Russia was ranked number one overall, with Russian cybercriminals considered to be the most professional and technically skilled in the world, with their crimes having the most impact.

World map showing the World Cybercrime Index scores of certain countries

Countries with the greatest cybercrime threat

In comparison, many countries across the world were not associated with cybercrime in any serious capacity. 

The survey also found that countries that are cybercrime hubs tend to specialise in particular types of cybercrime.

The reveal of these cybercrime hotspots will have a great impact on policy discussions – allowing public and private sectors to concentrate their resources on these areas and spend less time and funds on cybercrime countermeasures in countries where the problem is limited.

Dr Miranda Bruce, of the University of Oxford and UNSW Canberra, said:

The research that underpins the Index will help remove the veil of anonymity around cybercriminal offenders, and we hope that it will aid the fight against the growing threat of profit-driven cybercrime.

By continuing to collect this data, we’ll be able to monitor the emergence of any new hotspots and it is possible early interventions could be made in at-risk countries before a serious cybercrime problem even develops.

For the first time, we have reliable data on the location of cybercriminals, and we also have a way to measure their impact. Government agencies and private enterprises tasked with tackling cybercrime now have a much better understanding of the scale of the problem in their own backyard. 

Debate exists over the best ways to reduce cybercrime, with policies offering a variety of approaches, including improving cyber-law enforcement capacity, increasing legitimate job opportunities and access to youth programmes, and reducing corruption.

By demonstrating the geographical, economic, and political diversity of the top cybercrime hotspots, the Index shows that the likelihood that a single strategy will work in all cases is low. 

Co-author Professor Federico Varese explained that the Index is the first step in a broader aim to understand the local dimensions of cybercrime production across the world:

We are hoping to expand the study so that we can determine whether national characteristics like educational attainment, internet penetration, GDP, or levels of corruption are associated with cybercrime.

Many people think that cybercrime is global and fluid, but this study supports the view that, much like forms of organised crime, it is embedded within particular contexts.

Original Publication

Bruce, M., Lusthaus, J., Kashyap, R., Phair, N., Varese, F. (2024) Mapping the global geography of cybercrime with the World Cybercrime Index. PLoS ONE 19(4): e0297312.