Some interesting research from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter.

It's not, as you may think at first glance, just a matter of the UK getting more spam. The research conducted over the summer, using the US as a baseline, shows Germany getting more spam as a percentage than the UK, US and France. The prevalence of spam and malicious URLs in the total email traffic are not, Proofpoint conclude, therefore correlated. Instead, UK users are being targeted with less spam but with a higher volume of infected spam. Compared to Germany, as much as five times as high in fact. Which begs the question 'why are cybercriminals targeting the UK so relentlessly when compared to other nations?'

Kevin Epstein, VP of Advanced Security & Governance at Proofpoint, doesn't think the answer is all that difficult. If the evidence points, relative to other countries in the report, that there are a startlingly high number of targeted attacks against the UK then given the almost universal financial motivation behind them "this strongly suggests cybercriminals have found UK organizations to be an unusually lucrative target" he insists.

Not that Epstein thinks non-UK email users should be complacent about the level of risk as he says that lower phishing volumes do not appear to have translated into lower criminal impact. "Over 29 million Germans have fallen victim to cybercrime" Epstein says "that's almost 40% of the population." Indeed, Epstein reckons that, historically and taking into account a summer lull in criminal activity, the German economy is the most targeted and most affected by cybercrime worldwide when measured against gross national product. Summing up, he concludes that "the results from France, Germany and the US are not particularly low; rather, the UK is unusually high."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.