RECORD numbers of Britons are fleeing the country for more appealing climates, lower taxes, more affordable property and fewer traffic jams.
Latest figures from the Office for National Statistics show that 200,000 people left Britain for good last year, and the majority of them were retirees.
However, many of those who live the dream underestimate the financial implications. Many couples retiring to Spain, for example, think they will pay lower tax, only to be hit by a wealth tax of 0.2% to 0.5% of their worldwide assets.
And many couples fail to realise that in Spain and France, unlike in Britain, inheritance tax can be levied on assets passed between a husband and wife – and the rate is 30% on average.
Today, we reveal the best places in the world to retire, based on eight key financial categories – income tax, inheritance tax, property tax, property costs, ease of gaining residency, healthcare, climate and culture.
The comprehensive research, conducted by the Homebuyer and Property Investor Show, gave the 10 most popular retirement countries a mark out of 10 in each category, to come up with an overall score out of 80.
Cyprus tops the list of destinations because it has an income-tax rate of just 5% on pensions for retired residents, as well as low property prices and no inheritance tax. It also scores highly on related issues such as ease of gaining residency, low property buying and selling costs and benefits for pensioners.
Nick Clark, managing director of Homebuyer Events, said: “Not only does Cyprus offer a warm, sunny climate, it also benefits from favourable taxation and healthcare policies.”
Panama, now infamously the chosen destination of “back from the dead” canoeist John Darwin and his wife Anne, comes a close second. This is largely thanks to its pensionado scheme, which offers attractive discounts for pensioners (see below).
CYPRUS
Southern Cyprus is a four-and-a-half hour flight from Britain. It is favoured by retirees because of its hot, dry summers and mild winters – not to mention its preferential 5% tax rate on pensions.
English is widely spoken and they even drive on the same side of the road as in the UK.
Tax
Retired residents from overseas are taxed on their pensions at the rate of 5% above about €3,417 (£2,554) a year, whether it is a state, company or personal pension. To qualify for the low rate, you must have lived in the country for at least 183 days.
Alternatively, you can pay the normal rates, in which case the first €19,500 is tax free, rising to 30% on €36,301. So the smaller your income, the better off you are under the normal system.
Remember that if you continue to have assets in Britain, such as bank accounts or an investment portfolio, you will still be liable for UK tax on any income, even if you are resident in Cyprus. Many retirees therefore move their assets offshore, and then bring the income into Cyprus, in which case there would be no tax to pay, according to Jonathan Spring-Rice of adviser Towry Law.
British retirees will also be attracted by the fact that Cyprus abolished inheritance tax in 2000. However, to benefit from this, expatriates will have to prove they have severed all links with Britain – and this may not be as easy as you think.
It can take more than five years and involves closing down all accounts and selling all UK property, and cancelling your registration with your doctor and dentist, among other things.
Property costs
Property prices in Cyprus start from about £77,000 – although the island is rapidly catching up with prices in more established retirement hotspots such as France and Spain.
Stamp duty is 0.15% for properties worth up to about £130,000 and 0.2% on more expensive homes, compared with 1% to 4% in Britain.
However, there may be property transfer fees of 3% of the first £65,000 or so, 5% on homes worth between £65,000 and £130,000 and 8% on those valued at more than £130,000.
Ease of gaining residency
Retired EU nationals do not require a visa to move to southern Cyprus, but they do need a temporary residence employment permit that should be applied for on arrival.
Those wanting to buy property must also prove they have adequate income or financial resources to live without working. The minimum requirement is about £8,000 a year.
Healthcare
Now that southern Cyprus has joined the European Union, pensioners from other EU countries are entitled to use the public health system.
However, there are few state residential nursing homes or hospices for the terminally ill on the island, so many people needing long-term care simply return home to Britain.
PANAMA
Panama’s main attraction, apart from its year-round 30C temperature, lies in the fact that English is widely spoken.
Other benefits include a low cost of living, a minimal crime rate and, for retirees, its “pensionado” scheme – which offers discounts on services such as healthcare, travel and leisure activities.
Panama’s main currency is also the US dollar, so with just under $2 to the pound it has become increasingly attractive for British retirees recently.
Income from assets outside Panama, whether they be your pension, bank deposits or your investment portfolio, is completely free from tax.
However, there is a 5% transfer tax on goods and services, which is roughly equivalent to British Vat.
Don’t think you will escape tax completely, however. While there is no inheritance tax as such, gifts of property attract rates from 4% to 33% depending on your relationship with the beneficiary.
Panamanian property is not as cheap as you might think, with a typical property likely to set you back about £110,000. However, there are some useful perks for people who intend to rent out property there.
If you receive rental income from a property, you will normally be liable for income tax up to a maximum of 27% on income of more than $30,000 (£15,000).
If you invest in one of Panama’s special “tourism zones”, though, you may be exempt from income tax for 15 years.
Anyone buying property may apply for permanent residence one year after having applied for a residence visa, as long as the value of the property and any local bank deposits equal $200,000 or more.
Despite the best efforts of the security community, the details of a critical internet vulnerability discovered by Dan Kaminsky about six months ago have leaked. Hackers are racing to produce exploit code, and network operators who haven't already patched the hole are scrambling to catch up. The whole mess is a good illustration of the problems with researching and disclosing flaws like this.
The details of the vulnerability aren't important, but basically it's a form of DNS cache poisoning. The DNS system is what translates domain names people understand, like www.schneier.com, to IP addresses computers understand: 204.11.246.1. There is a whole family of vulnerabilities where the DNS system on your computer is fooled into thinking that the IP address for www.badsite.com is really the IP address for www.goodsite.com -- there's no way for you to tell the difference -- and that allows the criminals at www.badsite.com to trick you into doing all sorts of things, like giving up your bank account details. Kaminsky discovered a particularly nasty variant of this cache-poisoning attack.
Here's the way the timeline was supposed to work: Kaminsky discovered the vulnerability about six months ago, and quietly worked with vendors to patch it. (There's a fairly straightforward fix, although the implementation nuances are complicated.) Of course, this meant describing the vulnerability to them; why would companies like Microsoft and Cisco believe him otherwise? On July 8, he held a press conference to announce the vulnerability -- but not the details -- and reveal that a patch was available from a long list of vendors. We would all have a month to patch, and Kaminsky would release details of the vulnerability at the BlackHat conference early next month.
Of course, the details leaked. How isn't important; it could have leaked a zillion different ways. Too many people knew about it for it to remain secret. Others who knew the general idea were too smart not to speculate on the details. I'm kind of amazed the details remained secret for this long; undoubtedly it had leaked into the underground community before the public leak two days ago. So now everyone who back-burnered the problem is rushing to patch, while the hacker community is racing to produce working exploits.
What's the moral here? It's easy to condemn Kaminsky: If he had shut up about the problem, we wouldn't be in this mess. But that's just wrong. Kaminsky found the vulnerability by accident. There's no reason to believe he was the first one to find it, and it's ridiculous to believe he would be the last. Don't shoot the messenger. The problem is with the DNS protocol; it's insecure.
The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won't prevent every vulnerability, but it's much more secure -- and cheaper -- than the patch treadmill we're all on now.
What a security engineer brings to the problem is a particular mindset. He thinks about systems from a security perspective. It's not that he discovers all possible attacks before the bad guys do; it's more that he anticipates potential types of attacks, and defends against them even if he doesn't know their details. I see this all the time in good cryptographic designs. It's over-engineering based on intuition, but if the security engineer has good intuition, it generally works.
Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's discovery. Bernstein didn't discover Kaminsky's attack; instead, he saw a general class of attacks and realized that this enhancement could protect against them. Consequently, the DNS program he wrote in 2000, djbdns, doesn't need to be patched; it's already immune to Kaminsky's attack.
That's what a good design looks like. It's not just secure against known attacks; it's also secure against unknown attacks. We need more of this, not just on the internet but in voting machines, ID cards, transportation payment cards ... everywhere. Stop assuming that systems are secure unless demonstrated insecure; start assuming that systems are insecure unless designed securely.
---
Bruce Schneier is chief security technology officer of BT, and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.