UK cybercrime, victims and reporting: a systematic review

Individuals and organisations based in the United Kingdom often fall foul of cyber criminals. Unfortunately, these kinds of crimes are under-reported [66][115][123]. This under-reporting hampers the ability of crime fighting units to gauge the full extent of the problem, as well as their ability to pursue and apprehend cyber criminals [13][77].

To comprehend cybercrime under-reporting, we need to explore the nature of United Kingdom’s (henceforth: UK) cybercrime and its impact on UK-based victims. We investigated the entire landscape by carrying out a systematic literature review, covering both academic and grey literature. In our review, we sought to answer three research questions: (1) What characterises cybercrime in the UK? (2) What is known about UK cybercrime victims? and (3) What influences and deters cybercrime reporting in the UK?

Our investigation revealed three types of reportable cybercrime, depending on the targets: (a) individuals, (b) private organisations, and (c) public organisations.
Victimhood varies with various identified dimensions, such as: vulnerability aspects, psychological perspectives, age-related differences, and researcher attempts to model the victims of cybercrime. ... mehrWe also explored UK victims’ reported experiences in dealing with the consequences of falling victim to a cybercrime.

In terms of cybercrime reporting, we identify three kinds of reporting: (a) Human-To-Human, (b) Human-To-Machine, and (c) Machine-To-Machine. In examining factors deterring reporting, we incorporate discussions of policing, and the challenges UK police forces face in coping with this relatively novel crime. Unlike traditional crimes, perpetrators possess sophisticated technological skills and reside outside of UK’s police jurisdiction. We discovered a strong social dimension to reporting incidence with the UK government‘s cyber responsibilization agenda likely playing a major role in deterring reporting. This strategy involves governments providing a great deal of advice and then expecting citizens to take care of their own cybersecurity. If they do not act on the advice, they should know that they will have to accept the consequences. Improvements in cybercrime reporting, to date, have been technologically focused. This neglects the social dimensions of cybercrime victimhood and does not acknowledge the reporting-deterring side effects of the UK's cyber responsibilization agenda. We conclude with suggestions for improving cybercrime reporting in the UK.