I get a helpful security alert for a couple of webservices that I own.
The security alert gives me threat-metrics based on attempts to gain access (or overpower the webservices through a DDoS attack).
The threats are categorised by IP address ranges assigned to countries, and the output is ordered by country.
Which is, of course, meaningless.
As easily as I could GPS-spoof your Satnav, I can IP-spoof a country’s IP ranges.
I suppose security alerts (and the IT security industry in particular) need to hang their hats on something, but using national-specific IP ranges aren’t the right pegs.