Sergey Nivens - Fotolia
Following the Netherlands is Estonia (58%), France and Italy (57%) and the UK (56%). Conversely, the least prepared nations are Slovakia and Malta (34%), Greece (35%), Spain (38%) and Lithuania (40%).
The overall scores are an average of the cyber security commitment rating and pecentage of protected internet connections for each country.
Estonia has the highest commitment rating of 85%, compared with the UK’s 78%, while Italy has the highest percentage of protected internet connections (51%) compared with the UK’s (33%).
Although being rated at the most prepared, the Netherlands is second only to Romania in terms of its cyber crime “victimhood” rating of 21%, compared with Romania’s 23%. The Netherlands is followed by Portugal (20%), Poland (20%) and Italy (19%).
Countries with the lowest cyber crime “victimhood” ratings are Finland (12%) and Slovakia (14%), along with Germany, Ireland and Austria, which all have a rating of 15%.
Taking into account a range of factors including previous encounters with cyber crime, malware encounter rates, commitment to cyber security initiatives, and how exposed each country’s internet connections are, the study shows that Malta is the EU nation most at risk of cyber crime, with a vulnerability score of 42%.
Despite ranking in the middle of the pack for malware and cyber crime encounters, it was Malta’s high percentage of exposed internet connection ports (73% of all ports), lack of cybersecurity legislation and poor international co-operation that pushed it to the top of the vulnerability index.
This means that Malta’s population, despite encountering a lower incidence of cyber crime than their European neighbours, are actually at far more risk in the long run with few protective or preventative measures in place.
Malta is followed by Romania and Slovakia, which both have a vulnerability rating of 41%, Spain (40%), and Portugal, Lithuania, Cyprus and Hungry with a rating of 39%.
On the opposite end of the scale, Finland was deemed the most cyber-secure country with a vulnerability rating of just 29%, which the report ascribed to the fact that Finland has one of the lowest cyber crime encounter rates in Europe and is one of the most prepared nations too, second only to the UK.
The UK’s vulnerability rating is 31%, along with France and Italy, and second only to Estonia, Germany and the Netherlands, all with a vulnerability rating of 30%.
Europe’s cyber vulnerability a ‘cause for alarm’
James Kiernan, director of WBE, said that with the threat of cyber crime becoming more evident each day, cyber security on an international level is more important than ever if countries want to protect their interests and residents.
“While it is reassuring to see countries such as the UK and Germany among the safer nations, the level of cyber vulnerability across Europe is still cause for alarm, especially in the wake of June’s massive [NotPetya] cyber attack,” he said.
The NotPetya attack appears to have targeted mainly organisations in Ukraine, including the central bank, the Ukrenego electricity supplier, the Chernobyl nuclear power plant, and airport and metro services throughout the country.
However, companies outside the Ukraine were also affected, including London-headquartered WPP, US-based pharmaceutical company Merck, multinational law firm DLA Piper, Russian oil company Rosneft, Netherlands-based shipping company TNT and French construction materials company Saint-Gobain.
Danish transport and shipping giant AP Moller–Maersk is believed to have been one of the hardest hit, with the financial impact of the attack estimated at $200m to $300m (£222m), while the UK’s WPP estimates the cost at between £10m and £15m before insurance.
Technical systems ‘not built for people’
UK National Cyber Security Centre (NCSC) technical director Ian Levy recently warned that the UK risks a C1-level national cyber security incident if organisations do not change their approach to cyber security.
He said the NCSC wants to publish data and evidence to ensure that people really understand how to do risk management properly. “Cyber security is just risk management, which is not fundamentally different to HR, legal or financial risk management,” he said.
Levy also believes that the way technology tends to be designed currently makes impossible security demands on people.
As a result, he said security professionals have spent the past 25 years saying people are the weakest link. “But this is stupid,” he said. “People cannot be the weakest link [because] they are people who do jobs, and they are people who create value in their organisations.
“What this tells us is that the technical systems are not built for people. Techies build systems for techies, not normal people,” said Levy.