The UK and the US have better defences against cyberattacks than China, partly because they have better internal data-sharing practices, according to a McAfee report.
The top-ranked countries in cyber-defence were Israel, Sweden and Finland, according to the report, published on Monday. These nations have dynamic defences that help to isolate and contain the damage caused by cyberattacks, said the authors of Cyber Security: The Vexed Question of Global Rules, put together by the Brussels-based Security & Defence Agenda for McAfee.
"[China] was not sharing information within government organisations, so was ranked lower," Sal Viveros, a senior public relations director at McAfee, told ZDNet UK.
The UK, the US, the Netherlands, Germany, France, Estonia and Denmark had similar abilities to repel attacks that were quite far in advance of countries such as China and Russia, according to the report. Mexico was the country least able to defend itself.
The report was based on the opinions of 80 cybersecurity experts, and on interviews with 250 ministers and IT specialists. This subjectivity is a useful indicator of strength, since a country's reputation is part of its defences, according to Raj Samani, chief technology in EMEA for McAfee.
"It's subjective — it's perceptions that breed confidence," Samani told ZDNet UK. "Seeing countries such as Finland higher than the US and the UK could amaze people."
The UK is among the countries seen as already having cybersecurity policies in place. However, the UK Cyber Security Strategy, announced in November 2011, has been criticised by security expert Peter Sommer as half of the £650m funding for the strategy will go intelligence agencies, limiting transparency about its efficacy.
The private sector, especially companies that provide critical national infrastructure, should share data with each other and with government to improve a nation's resilience, the report's authors recommended.
Sommer noted that data-sharing is part of the UK Cyber Security Strategy, and that for many years, the Centre for the Protection of National Infrastructure (CPNI) has been involved in data-sharing initiatives such as Warning and Reporting Points (WARP).
"We've been trying to [share data] for quite a long time," Sommer told ZDNetUK.
The strength of data sharing is that it means there are fewer points of contact between the many organisations involved, said Sommer. One weakness is that smaller UK companies may not learn of cyberthreats, if they are excluded from discussions between incumbent critical national infrastructure providers.
Real-time global information sharing and financial incentives, rather than regulations, will improve computer security in the private sector, according to the report.