ISPs need legal incentives to work with law enforcement and other service providers, said a draft version of the report, while stronger security breach disclosure requirements are required beyond what it calls "stopgap measures at a state level" in the US.
"Banks in particular must be given strong legal and commercial incentives to introduce more secure technology and better fraud detection systems, or they will inevitably cut margins on security as they struggle to ride out the credit crunch," it added.
Software vendors should be subject to limited liability measures when not following best practice security measures in design and operation, said the report, singling out browsers and email clients as particular areas for concern. This global recommendation mirrors advice given by the House of Lords in the UK last year, which the Government there largely ignored.
Anti-cybercrime efforts are also crippled by a lack of interenational co-operation, said the document, which hinted that senior officials in Russia have links to organised crime. "The implication is that elements of Russia's intelligence agencies are protecting the country's cybercriminals," said the report, referring to comments made by security experts.
The international community has tried to formalise domestic laws to an international standard with the Cybercrime Convention, created by the Council of the European Union in 2001. However, of 45 countries that signed the Convention, only half (including the US) have ratified it, said the report.
"The Council of Europe tried to set some common ground for dealing with cybercrime, but that’s a first step," said Greg Day, EMEA security analyst at McAfee. "We still need to educate the public in terms of how they keep and pull together the forensics and evidence. Then law enforcement needs the expertise to process that."
The US is ahead of the rest of the world in terms of cash investment in cybersecurity, according to the report. The Department of Homeland Security spent $155m on cybersecurity this year, and is gunning for $200m next year, it said. But the National Cybersecurity Initiative has come under fire for irresponsible spending on areas such as domestic surveillance rather than fighting direct attacks, the report concluded.