2013 Microsoft Computing Safety Index Methodology
The Microsoft Computing Safety Index (MCSI) measures the steps that consumers take to help keep themselves and their families safe online based on self-reports of their own experience. Each protective behavior was grouped into one of three categories and assigned points using factor analysis.
Foundational: five basic protections including leaving the computer’s firewall turned on, using up-to-date antimalware software, and running automatic software updates. One of the goals of the Index is to measure consumer use of these settings. Doing this requires guiding respondents to check the settings on their computers. For this reason, survey participants were limited to responding on devices, whether computer, smartphone, or tablet, that use some version of the Windows operating system.
Technical: use of technology tools that suggest a higher level of technical sophistication and a heightened behavioral awareness of online risk. These include controlling privacy settings, actively managing one’s online reputation, using filters that warn against phishing, and locking mobile devices with a PIN or password.
Behavioral: seven protective behaviors that require an increased degree of user vigilance to combat socially engineered risks, from using unique passwords for each account or website to looking for HTTPS when making online transactions and otherwise limiting one's activities to trustworthy sites.
Through statistical analysis, researchers grouped individual questions and assigned points to each so that each respondent receives a score of 0 to 100. The more steps respondents report taking, the higher their Index score—a measure of how much they are doing to protect themselves online—with 100 being the highest rating. Because the Index has been designed to reflect the evolution of devices and the ever-changing issues consumers face online, specific items are added and deleted from the Index year to year.
The original 2011 MCSI survey was conducted in Brazil, France, Germany, the United Kingdom, and the United States. In 2012, the MCSI was expanded to include 20 countries and regions where 60 percent of the globe’s 2.4 billion Internet users live, and the MCSI in 2013 followed suit.
2013 Microsoft Computing Safety Index
In May 2013, researchers recruited 10,484 adults age 18 and older, with samples reflecting the age and gender mix of those who go online in each of the 20 countries or regions. (For a breakdown of respondents by gender and age, see Slide 25 in the
2013 MCSI Worldwide Report.)
The 2013 survey consisted of 24 protective steps and the average global score was 34.6 out of a possible 100 points.
How MCSI researchers calculated the high cost of trouble on the Internet
Researchers surveyed 500 adult Internet users in each of 20 countries or regions, with a combined population of 3.1 billion—approximately half of the world’s population and 60% of all Internet users.
All survey participants were asked about their experience of 11 online safety and security problems (illustrated above).
Did they (or a member of their immediate family) experience any of these problems in the previous 12 months?
If so, what was the nature of the harm for each negative experience: financial, damage to computer, loss of time or data?
If they suffered a financial loss, how would they estimate the cost of the loss or of correcting the problem?
Researchers computed the median financial loss in the local currency from each type of experience within the country or region and converted that to US dollars.
Example: In Australia, the median financial loss for individuals resulting from phishing was AUD$140; converted to US dollars, the loss was US$128.
To calculate the total financial loss for each problem type, they multiplied the median financial loss by the percentage of respondents who experienced it personally. They then multiplied that number by the number of adults who use the Internet in that country or region.
Example: For Australia, US$128 (the median loss) x 1.5% (the percent of Australian respondents who personally experienced a financial loss from phishing) x 15.6 million Internet-using Australians, to get a total loss due to phishing of US$30 million.
They added the financial loss for all 11 types of problems to arrive at the total cost for that country or region.
Example: For Australia, this was US$265 million.
Researchers added this financial loss of all 20 countries or regions for a total of US$23 billion.