The United States has been on the receiving end of more significant cyber-attacks over the last 14 years than triple any other country, according to new research from password management firm Specops Software.

Specops this month published the findings of its study into significant cyber-attacks by country between May 2006 and June 2020. The firm defined “significant” to include cyber-attacks on government agencies, defense, and high-tech companies, or economic crimes with losses equating to more than $1 million. Specops analyzed data from the Center for Strategic and International Studies in determining its findings.

According to the data, the United States experienced 156 significant cyber-attacks between May 2006 and June 2020, including 30 in 2018 alone. The second most victimized country over the analyzed timespan was the United Kingdom at 47, followed by India in third at 23.

Specops graphic

Source: Specops Software

Germany (21) and South Korea (18) round out the top five, while other world superpowers like China (15) and Russia (8) were largely able to avoid being targeted at the same rate.

The findings of the study mirror a recent push by some U.S. Congressional members to enhance the country’s cyber-security controls. A bipartisan bill proposed last month floated the creation of a position in government to act as the president’s top advisor on cyber-security—a role that has notably been abandoned by the Trump administration after being used by previous presidents. The proposal was derived from one of a handful of recommendations by the Cyberspace Solarium Commission—a group Congressionally chartered in 2018 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.”

According to Specops’ study, the most commonly used techniques behind significant cyber-attacks include denial of service attacks (DOS), SQL injection attacks, “man-in-the-middle” attacks, and phishing attempts.