Finland has been named the “least exposed country” in the world when it comes to cybercrime due to a three-point government strategy implemented last year.

The country topped a study of 108 nations, with Afghanistan the country most exposed to attacks.

The insight was published in the Cybersecurity Exposure Index 2020, which assessed the impact of Covid-19 on cyber security, with focus on unauthorised access, data theft, extortion and cloud attacks designed to compromise and weaponise virtual machines.

According to Josh Frisby, founder of which produced the report, Finland has learned from experience. 

He said: “One of the main reasons why Finland has managed to reduce its exposure and address threats effectively is because the strategies in place have been influenced by waves of new cyberattacks that have been designed to worm their way through and penetrate antiquated security systems.

“This is a far cry from other countries, especially African states, where very few have developed rigorous national cybersecurity strategies, let alone regulations and laws,” he added.

Unveiled last year, Finland’s strategy is composed of three parts: international cooperation; coordination of cybersecurity management, planning, and preparedness; and cybersecurity competence.

However, the country isn’t immune to attempted attacks.  Last year, Finland’s National Bureau of Investigations and National Cyber Security Centre jointly investigated a spate of cyberattacks launched during Q2, the most serious of which brought down the national police force website and other public services.

Previously, hackers have targeted the municipal computer system for the city of Lahti and the IT system managing the official online results for the Finnish parliamentary elections in April 2019.

RegionLeast exposed countryMost exposed country
North AmericaUnited StatesEl Salvador
South AmericaUruguayVenezuela

In its methodology, the index analysed the ITU’s Global Cybersecurity Index along with information from Microsoft on malware encounter rate, ransomware encounter rate, cryptocurrency mining encounter rate, drive-by download page encounter rate and cloud provider related incoming attacks.

Europe was a top performer on the regional level, with 70.73% of European countries classified in the low and very low exposure groups. Finland was followed by Denmark, Luxembourg, Estonia, and Norway.

The continent as a whole boasted the lowest exposure score per country at 0.329, followed by North America at 0.462.

At the other end of the spectrum, Afghanistan was the most exposed followed by Myanmar, Ethiopia, Palestine, and Venezuela. By continent, Africa had the highest exposure score per country at 0.643, followed by South America at 0.577.

Meanwhile, the Asia-Pacific region accounted for 40% of high and very high exposure countries globally.

“The stark reality is that cybercriminals relentlessly search for unprotected endpoints to find a crack in the security shield of enterprises that they can exploit,” said Frisby.

“The issue is that as enterprises scale, so do the number of endpoints, and if there is a lack of asset management diligence, which there often is, these new endpoints can be the demise of security infrastructures,” he added.