Despite all of Silicon Valley’s efforts, China is still the a major software thief — at a cost of $8.7 billion a year.

America leads the world in software piracy at $9.1 billion, but the theft level in the U.S. is only 17 percent. China’s theft may amount to slightly less in dollars, but over 70 percent of all the software used in China is pirated. The worst foreign thief by percentage is Indonesia at 84 percent.

The use of unlicensed software is a $45 billion problem, according to a recent report published by the Business Software Alliance. About 39 percent of all software installed on PCs around the world in 2015 was not properly licensed.

The report highlights that the other leading foreign thieves of software are India at $2.7 billion, France at $2.1 billion, the United Kingdom at $1.9 billion, Brazil at $1.8 billion, Germany at $1.7 billion, Russia at $1.3 billion, Italy at $1.3 billion, and Indonesia at 1.1 billion.

The Alliance also found that there is a strong correlation between unlicensed software and malware. Those who use unlicensed PC software are significantly more likely to run into problems with malware at some point, according to the report. That explains why larger businesses that are sensitive to cyber attacks tend actually to pay for software to minimize their exposure to attacks that cost, on average, about $11 million in 2015.

That cost does not include the devastating “reputational fallout should customer data be compromised.” The Alliance estimates the true cost of cyber attacks for businesses in 2015 was $400 billion.

An Alliance survey of major company chief information officers (CIOs) revealed that most CIOs do not know how much software employees are installing software onto their networks. CIOs estimate that around 15 percent of their employees loaded software on the network without their company’s knowledge.

But a survey of employees found that 26 percent of employees admitted making unauthorized software installations, and 84 percent of that software was unlicensed.

About 49 percent of CIOs identified security threats from malware due to unlicensed software as a major corporate threat and a “critical reason for ensuring the software running in their networks is legitimate and fully licensed.”

Despite the growing use of mobile devices by business, about “70 percent of enterprises reported having only an informal policy or none at all” regarding personal mobile devise accessing business networks.