Similar to the concept “crime”, the term “cybercrime” encompasses various types of illegal online activities (SCOTT: covered in previous classes?). As such, collecting data about cybercrime incidents is challenging; the collection of data about DDoS attacks against a sever requires the use of different tools and research designs than those required for the collection of data about cyber-bullying or identity theft. Moreover, although some cybercrime types could be easily identified and reported by victims (for example online fraud or cyber harassment), other types of cybercrime could go undetected by victims for years (for example hacking and malware infection). As such, data collection efforts around cybercrime incidents varies considerably, and are performed by three types of actors:
Nonprofit organizations – Nonprofit organizations are dedicated to advancing a particular social cause. Several nonprofit organizations gather and measure information on various types of cybercrime in an established systematic fashion that enables them to support their goal. The Privacy Clearning House, for example, believe everyone deserves the opportunity to be informed and be heard. As part of their efforts to provide clarity on complex topics such as cybercrime, they publish educational materials and compile a database around data breaches which could be accessed and downloaded here https://privacyrights.org/
Cybersecurity companies – Cybersecurity companies constantly collect data about cybercrime incidents experienced by their customers in effort to improve their operations and offer better protection to their clients. Those companies use these data to produce annual reports, as well as make some of this data available on their websites. Kaspersky Lab for example, allow users to download statistics and data regarding vulnerabilities they discover here: https://statistics.securelist.com/en/vulnerability-scan/day
Law enforcement agencies- the amount of crime within a specific population is typically estimated though police reporting of crime reported to them. In the United States, police reporting of crimes is standardized by the FBI’s Uniform Crime Report system. Unfortunately, this system does not support the collection and report of cybercrime incidents. Instead, the Internet Crime Complaint Center (IC3) is the official USA based portal which accepts online Internet crime complaints from either the actual victim or from a third party to the complainant. IC3 produces annual reports of the volume of cybercrime in the USA which could be found here: https://www.ic3.gov/default.aspx