To paraphrase a quote attributed to the great American novelist F. Scott Fitzgerald: ‘Rich countries aren’t like you and me. They have less malware.’
That’s the conclusion of a special Security Intelligence Report released by Microsoft on Wednesday, which found that the rate of malware infections was relatively lower in countries that were wealthy than those with lower gross income per capita.
The study, “Linking Cybersecurity Policy and Performance” investigated the links between rates of computer infections and a range of national characteristics including the relative wealth of a nation, observance of the rule of law and the rate of software piracy. The conclusion: wealthier nations, especially in Europe, do a better job preventing malware infections than poorer and developing nations.
The report marks an effort by Microsoft to dig into some of the underlying causes of cyber insecurity globally. Using data gathered from its Malicious Software Removal Tool (MSRT) and gathered from its global enterprise and consumer deployments, Microsoft set out to explain why infection rates (measured in “computers cleaned per mille” – or CCM) varied from country to country. More specifically: Microsoft looked at a set of 34 national characteristics that correlated – positively or negatively – with a nation’s CCM. The company then identified countries that seemed to out perform (had a lower CCM than they should), or under perform in cyber security (had a higher CCM than they should), based on Microsoft’s predictive model.
So what makes countries more or less “secure”? The answer is “complicated,” as they say.
Cyber security (by Microsoft’s definition: low rates of malware infection) correlated positively with many characteristics of wealthy nations – high Gross Income Per Capita, higher broadband penetration and investment in R&D and high rates of literacy. It correlated negatively with characteristics common in poorer nations – like demographic instability, political instability and lower levels of education.
But wealth wasn’t the only factor keeping cybercrime rates down (or up). Policies also mattered. Specifically: countries that passed and enforced laws relating to cyber crime and those that participated in trans-national cybercrime treaties, like the Council of Europe Convention on Cybercrime, had lower-than-expected rates of infections. The relative tolerance of software piracy also correlated with malware infection rates, Microsoft found.
Trans-national agreements and treaties can spur governments to action on domestic cyber cime laws and provide them with tools to pursue international cybercrime, Microsoft said.
With shifting demographics, the coming years will bring an explosion in Internet use in developing and BRIC (Brazil, Russia, India, China) nations. Policymakers should pay attention to those shifts and push for international agreements that build on the success of initiatives that have already borne fruit in Europe and North America.