The public and, hence governments, have always worried about crime. Therefore, policymakers have always put energy in collecting enough information on crime in order to be able to tell what is going on. As researchers and policymakers, we know a lot about ‘traditional’ offline crime. This is, among other things, because it is well defined, and we know how to measure it. We know, for instance, that crime increased a lot since WWII, stabilized, and then started declining in the nineties. This ‘crime drop’ has puzzled crime scientist, but it is generally agreed that increased prevention and security is the main reason for this decrease in ‘traditional, offline’ crime rates.
The rise of cybercrime
However, today we are online, and so are criminals. So, what do we know about cybercrime? The switch of everyone and everything to the internet has led to many problems for policymakers and crime scientists. Some of these issues are: how do we define cybercrime? How can we measure it? Does cybercrime replace offline crime? What types of internet consumers are most vulnerable to become victims? What are the characteristics of cyber criminals? And how does this all compare to our offline crime science? We are only at the beginning of getting a picture of all of this.
Banks used to tell the police that there had been a robbery, but they will not tell anyone about money stolen from online bank accounts.
The first step in this endeavor is to try to get accurate descriptions of cybercrime, to understand better what is going on. However, while a lot of data has been collected and research has been done on ‘traditional’ offline crime, data on cybercrime is harder to come by, for official statistics do not cover all forms of cybercrime. Victims of cybercrime often do not report crime to the police and therefore official statistics often do not tell us a lot about cybercrime. For instance, banks used to tell the police that there had been a robbery, but they will not tell anyone about money stolen from online bank accounts. Also, the police have no experience in reporting online modus operandi. Accordingly, they ‘disguise’ ICT-related crime as ‘fraud’ or ‘threats’. In the Netherlands in 2011 we found that 16% of the threats and 41% of all frauds were ‘ICT-related’, done via email, WhatsApp, etc. Therefore, official statistics do not tell us a lot about cybercrime.
Analyzing victim surveys
Fortunately, there are victim surveys. To get a better picture of cybercrime, we decided to review the evidence on the prevalence of cybercrime based on these victim surveys. We started in Europe, searching for surveys that used a large random sample representative for their country, and produced annual crime victimization rates.
We found nine surveys, and analyzed the results for the six main types of cybercrime: online shopping fraud, online banking and payment fraud, other types of fraud (such as advanced fee fraud), cyber threats/harassment, malware and computer viruses, and hacking. We selected data for the period since 2010, and below we present the four crimes for which time trends are available.
Only two crime surveys, from Sweden and the Netherlands, could provide longitudinal data. Both surveys show no increase in cyber-bullying. In the Netherlands though, the questions are more extensive (asking about threats and stalking), which results in higher prevalence rates. The Dutch survey shows an increase in online shopping fraud, the Swedish survey does not. Online banking fraud seemed to have increased in Sweden but decreased in the Netherlands. And the Dutch survey shows a downward trend for hacking.
Cybercrime is on the rise
In contrast to offline crime, most cybercrime trends are either stable or increasing.
In contrast to offline crime, most cybercrime trends are either stable or increasing. But there also two trends that show a decrease in victimization. It’s remarkable that trends for online shopping and online banking frauds seem to be different for Sweden and the Netherlands. Is this a real difference?—which could be explained by opposing developments in terms of online banking or payment systems, or differences in security measures. Or is this due to a difference in measurement? Does the questionnaire in one country for example comprise more appearances of the crime than the other? The Dutch banking association believes the decrease is due to the security measures that were put into place, namely geo-blocking, physically protecting ATMs against skimming, transaction monitoring and cooperation with the police. However, Swedish banks mentioned to us that they had taken the same measures. We are still investigating if the differences in trends can be explained.
Work to be done
A serious problem in our comparison is that all surveys use different wording of questions, which makes comparison difficult. We propose that statistical agencies in Europe agree to use identical questions.
At present we hardly know the consequences of cybercrimes: are they equally serious as offline crimes, do they cost less or more money to the victims? How big is the emotional impact?
At present we hardly know the consequences of cybercrimes: are they equally serious as offline crimes, do they cost less or more money to the victims? How big is the emotional impact? Cybercrime poses specific problems. For example, victims do not necessarily know whether they were ‘victims’: how does one know if there is malware on one’s computer or if it’s part of a botnet? Whereas, for offline crime, victims know if they were burglarized.
Offenders vs. Victims
Finally, in related studies we found that the characteristics of offenders and victims of crime change when they go online. Victims of offline crime resemble offenders, to some extent. But victims of online crime differ from offline victims. For instance, victims of offline crime tend to be male, but victims of online fraud were more often female (40%). Similarly, offenders of online crime more often have a job than offenders of offline crime and tend to have fewer previous police contacts. In other words, they are less ‘deviant’. We suggested that, when crime goes online, it is ‘normalizing’: we have placed the instruments of crime into the hands of everybody, so everyone can do it. We are only starting the research to understand what changes when humans go online.