Journal article Open Access

Cyber Crime Nation Typologies: K-Means Clustering of Countries Based on Cyber Crime Rates

Kigerl, Alex

K Jaishankar

Cyber crime is a worldwide problem, with a global reach. Cyber crimes do not respect national boundaries, and so can be sent to and from anywhere in the world. Many reports, mostly by cyber security firms, regularly release information ranking the different nations in terms of top cyber crime output, broken down into varying cyber crime types. However, little has been done to classify nations according to separate cyber crime typologies using any multivariate methods. Instead, reporting is descriptive and unidimensional.  The present research sought to fill this gap by conducting K-means clustering analysis on a sample of 190 countries using seven dimensions of cyber crime ranging from malware, fraud, spam, and digital piracy, as well as measures of GDP and internet use. The findings determined that nations can be broken down into four distinct categories based on cyber crime activity: low cyber crime countries, non-serious cyber crime countries, advance fee fraud countries, and phishing scam countries. The implications of these findings and the directions for future research are discussed.

Files (289.2 kB)
Name Size
289.2 kB Download
  • Aalsma, M. C., & Lapsley, D. K. (2001). A typology of adolescent delinquency: Sex differences and implications for treatment. Criminal Behaviour and Mental Health, 11(3), 173-191. Aaron & Rasmussen (2013). Global Phishing Survey: Trends and Domain Name Use in 2H2012. APWG, July-December 2012 report. Alt-N Technologies (2013). Internet threats trend report, April 2013. Retrieved from: APWG (2014). Phishing activity trends report. APWG, 2nd quarter 2014. Retrieved from: Bureau of Intelligence and Research (July 29, 2009). Independent states in the world. U.S. Department of State. Retrieved from Cavusgil, S. T., Kiyak, T., & Yeniyurt, S. (2004). Complementary approaches to preliminary foreign market opportunity assessment: Country clustering and country ranking. Industrial Marketing Management, 33(7), 607-617. Choo, K. K. R. (2008). Organized crime groups in cyberspace: a typology. Trends in organized crime, 11(3), 270-295. Conway, D. & White, J. M. (2012). Machine Learning for Email. Sebastopol, CA: O'Reilly Media. Cormack, G. V., & Lynam, T. R. (2007). Online supervised spam filter evaluation. ACM Transactions on Information Systems (TOIS), 25(3), 11. Cuevas, R., Kryczka, M., Cuevas, A., Kaune, S., Guerrero, C., & Rejaie, R. (2010). Is content publishing in BitTorrent altruistic or profit-driven? Co-NEXT '10 Proceedings of the 6th International Conference. ACM New York, NY, USA. ISBN: 978-1-4503-0448-1. Cyveillance (October, 2008). The cost of phishing: Understanding the true cost dynamics behind phishing attacks. A Cyveillance report. Envisional (January, 2011). Technical report: An estimate of infringing use of the internet. Technical report. Fawcett, T. (2004). ROC graphs: Notes and practical considerations for researchers. Machine learning, 31, 1-38. Fossi, M., Turner, D., Johnson, E., Mack, T., Adams, T., Blackbird, J., Entwisle, S., Graveland, B., McKinney, D., Mulcahy, J. & Wueest, C. (April, 2010). Symantec global internet security threat report. Symantec, 15. Gazet, A. (2010). Comparative analysis of various ransomware virii. Journal in computer virology, 6(1), 77-90. Gudkova, D. (January, 2013). Kaspersky security bulletin: Spam evolution 2012. Securelist. Hartigan, J. A. (1975). Clustering algorithms. New York, NY: Wiley, 1975. Kigerl, A. (2012). Routine activity theory and the determinants of high cyber crime countries. Social Science Computer Review, 30(4), 470-486. Kigerl, A. (2013). Infringing nations: Predicting software piracy rates, BitTorrent tracker hosting, and p2p file sharing client downloads between countries. International Journal of Cyber Criminology, 7(1), 62. Kigerl, A. (2016). Routine Activity Theory and Malware, Fraud, and Spam at the National Level. Unpublished manuscript. Kindsight (2012). Malware report Q2 2012. Kindsight Security Labs. Retrieved from Kohavi, R. (1995, August). A study of cross-validation and bootstrap for accuracy estimation and model selection. Ijcai, 14(2), 1137-1145. Lachhwani, V., & Ghose, S. (2012). Online information seeking for prescription drugs. International Journal of Business and Systems Research, 6(1), 1-17. Leisch, F. (2005). flexclust: Flexible Cluster Algorithms. R package. Liaw, A., & Wiener, M. (2002). Classification and regression by random Forest. R news, 2(3), 18-22. Ponemon (2013). 2013 Cost of cyber crime study. United States. Ponemon Institute. Price, D. (2013). Sizing the piracy universe. NetNames Envisional, September, 2013. Project honey pot statistics (2016). Project Honey Pot. Retrieved from on March 13, 2016. Rao, J. M., & Reiley, D. H. (2012). The economics of spam. The Journal of Economic Perspectives, 26(3), 87-110. Rosenberg, M. (June 14, 2010). The number of countries in the world. Retrieved from RSA (2014). 2013 A year in review: Fraud report. Spamhaus (2016). The World's Worst Botnet Countries. Spamhaus Blocklist database. Retrieved from Stabek, A., Watters, P., & Layto, R. (2010, July). The seven scam types: mapping the terrain of cyber crime. In Cyber crime and Trustworthy Computing Workshop (CTC), 2010 Second (pp. 41-51). IEEE. Symantec (2014). Internet security threat report. 2013 Trends, 19. Terrill, W., Paoline, E. A., & Manning, P. K. (2003). Police culture and coercion. Criminology, 41(4), 1003-1034. Ultrascan (2013). 419 advance fee fraud statistics 2013. Ultrascan Advanced Global Investigations. Ultrascan (2014). 419 advance fee fraud statistics 2013. Ultrascan Advanced Global Investigations. PRE-Release 1.5 Amsterdam, 23 July, 2014. Retrieved from: V.I. Labs (2014). Top 20 Countries for Software Piracy and License Misuse. Code Confidential: The V.i. Labs Blog. Retrieved from
All versions This version
Views 9393
Downloads 99
Data volume 2.6 MB2.6 MB
Unique views 9292
Unique downloads 99


Cite as