UK Security Threat Index (UK-STI) – Explanation

Transparency & Methodology

This page explains how our UK Security Threat Index (UK-STI) is calculated. The goal is transparency: the model is repeatable, auditable, and based on publicly available sources plus clearly stated rules.

The UK-STI produces two headline numbers for every country:

  • ThreatScore (0–100): higher = greater threat to UK interests
  • SecurityRating (0–100): higher = safer / lower threat
    (SecurityRating = 100 − ThreatScore)

We also publish the component scores that sit underneath the headline rating.

What the index is (and what it isn’t)

What it is

A structured, open, country-by-country comparison that blends:

  • Non-state risks (terrorism and instability)
  • State capability risks (military capability)
  • State posture risks (hostile intent and cyber actor status)
  • Alliance alignment (NATO and Five Eyes offsets)

What it isn’t

  • It is not a UK Government intelligence assessment.
  • It does not use classified data.
  • It does not predict specific incidents.
  • It’s designed for screening, transparency, and consistent comparisons.

Data sources used

We use the most recent versions available at the time of update.

  1. Global Terrorism Index (GTI) — provides a country score (0–10) reflecting terrorism impact.
  2. Fragile States Index (FSI) — provides a country total (0–120) reflecting state fragility and instability.
  3. SIPRI Military Expenditure Database — provides military spending by country (current US$), used as a proxy for military capability.
  4. UK security posture anchors (public statements / frameworks) — used only to anchor Hostile Intent and Cyber tiers for specific states clearly identified in UK threat framing.

We keep a “Model” tab in the downloadable spreadsheet that lists the sources and the exact rules used.

Outputs

For each country we publish:

  • HostileIntentScore (0–10)
  • CyberScore (0–10)
  • MilitaryScore (0–10)
  • TerrorismScore (0–10)
  • InstabilityScore (0–10)
  • AllianceOffset (0–15 points)
  • ThreatScore (0–100)
  • SecurityRating (0–100)

The calculation

Step 1 — Component scores (0–10 each)

A) TerrorismScore (0–10)

Source: GTI score (already 0–10).

  • If GTI score is missing, we set it to 0 for calculation purposes (i.e., no evidence in the GTI dataset).
    (We prefer to be conservative and transparent rather than invent values.)

B) InstabilityScore (0–10)

Source: FSI total score (0–120), scaled to 0–10:

InstabilityScore = (FSI_Total ÷ 120) × 10

  • If FSI total is missing, we fill it with the global median FSI score so the country remains in the table without artificially looking “perfect.”

C) MilitaryScore (0–10)

Source: SIPRI 2024 military expenditure (current US$).

Because military spend varies hugely, we use a log scale (so the USA doesn’t dwarf everyone else), then scale to 0–10:

  1. Compute: log10(spend + 1)
  2. Min–max scale across all countries to 0–10

This produces a comparable capability proxy, not an “intent” measure.

D) CyberScore (0–10)

Cyber is partly capability and partly posture. We use:

  • A baseline derived from capability + instability
  • Plus explicit anchored tiers for states widely identified as major state cyber actors in UK public threat framing

Baseline (for non-anchored countries):

  • CyberScore = 2.0 + (0.4 × MilitaryScore) + (0.2 × InstabilityScore)
  • Then capped to 0–10

Anchored examples (illustrative of the rules we publish in the Model tab):

  • Russia = 10
  • China = 9
  • Iran = 8
  • North Korea = 8

E) HostileIntentScore (0–10)

This score measures UK-directed hostile state intent, not military strength.

We set:

  • A baseline of 1 (“neutral / no persistent hostile activity indicated in our anchors”)
  • And use anchored tiers for states consistently treated as hostile in UK public threat framing.

Anchored examples (illustrative of the published rules):

  • Russia = 10
  • Iran = 9
  • China = 7
  • North Korea = 7
  • Belarus = 6
  • Syria = 5

Step 2 — Separate “capability” from “intent” for allies

A key design principle is that high capability does not equal hostile intent.

So for NATO and/or Five Eyes member states:

  • HostileIntentScore is set to 0

This prevents powerful allies being incorrectly ranked as threats just because they have large militaries or advanced cyber capability.

Step 3 — Weighted ThreatScore (0–100)

We then combine the five 0–10 components using fixed weights:

  • Hostile Intent: 30%
  • Cyber: 20%
  • Military capability: 20%
  • Terrorism: 15%
  • Instability: 15%

Formula:

ThreatScore_raw (0–100) = 10 × (0.30×H + 0.20×C + 0.20×M + 0.15×T + 0.15×I)

Where:

  • H = HostileIntentScore (0–10)
  • C = CyberScore (0–10)
  • M = MilitaryScore (0–10)
  • T = TerrorismScore (0–10)
  • I = InstabilityScore (0–10)

Step 4 — AllianceOffset (0–15 points)

We apply an explicit alignment reduction so strong allies don’t appear as high threats due to capability:

  • NATO member (excluding the UK): subtract 10 points
  • Five Eyes member (excluding the UK): subtract 5 points
  • Cap total offset at 15 points

ThreatScore = max(0, ThreatScore_raw − AllianceOffset)

Step 5 — SecurityRating (0–100)

SecurityRating = 100 − ThreatScore

Higher SecurityRating = safer / lower threat.

How to reproduce the index

If you want to independently reproduce the results:

  1. Download the latest GTI, FSI, and SIPRI datasets used in the current release.
  2. Normalise country names (e.g., “United States of America” and “United States” must map to the same key).
  3. Compute the component scores exactly as described above.
  4. Apply the weights.
  5. Apply the AllianceOffset.
  6. Sort by ThreatScore ascending (or SecurityRating descending).

We publish:

  • The full ranked output table
  • The component columns
  • The “Model” tab showing weights and anchor rules

Interpreting the results

A country can score poorly for different reasons:

  • High non-state risk: high Terrorism + high Instability
  • High state capability risk: high MilitaryScore (log-scaled)
  • High posture risk: high HostileIntent + high CyberScore
  • Allied capability: may have high MilitaryScore but low HostileIntent and a strong AllianceOffset

This is intentional: the index tries to explain why a country is ranked where it is.

Limitations & fairness notes

  • Open data only: we do not use classified sources.
  • Country naming and data gaps: we keep countries in the list even if one dataset is missing, using conservative fill rules (documented above).
  • Anchors are explicit: where we apply anchored tiers (cyber/hostile intent), the rules are published so they can be challenged and improved.
  • This is not “country risk” for travel: it’s about security threat to UK interests, not tourist safety.

Update schedule & versioning

We regenerate the UK-STI on a scheduled basis (e.g., monthly), using the latest available published datasets at that time.

Each published output includes:

  • Generation date
  • Dataset versions (where available)
  • A change log if any weights/rules/anchors change

Contact / feedback

If you believe a country’s score is incorrect, or you want an alternative weighting profile (e.g., finance-heavy, defence-heavy, CNI-heavy), contact us with:

  • The country name
  • The component(s) you dispute
  • Any public evidence you believe should change the anchored tiers or the fill rules

We review suggested changes and, where accepted, publish them transparently with version notes.

If you want, I can also format this into:

  • a clean Gutenberg block layout (with callouts and summary boxes), or
  • a printable PDF “Methodology Note” to sit alongside the spreadsheet downloads.