The security level of an elliptic curve cryptosystem is determined by the cryptanalytic algorithm that is the least expensive for an attacker to implement. There are several algorithms to consider.
prime-order: shank's baby step giant step, pollard rho, pollard kangaroo/lambda,
non-prime order: Pohlig-Hellman
The order m of the elliptic curve is divisible by the order n of the group associated with the generator; that is, for each elliptic curve group, m = n * c for some number c. The number c is called the "cofactor". [...] It is possible and desirable to use a cofactor equal to 1.