Abstract
eCrime is now the typical volume property crime in the United Kingdom impacting more of the public than traditional acquisitive crimes such as burglary and car theft (Anderson et al, 2012). It has become increasingly central to the National Security Strategy of several countries; in the United Kingdom becoming a Tier One threat. While it is apparent to some governments that cybercrimes are now as much of a ‘problem’ as some forms of organised crime, little is known about the perceptions of the broad network of what we call public and private sector ‘eCrime controllers’ in the United Kingdom. A survey of 104 members of the UK Information Assurance community garnered data on the perceptions of the eCrime problem. The results showed an association of cooperation and consumption of data sources with perceptions. It is likely that perceptions within non-specialist corporate and public domains (non-IT and Finance) will begin to change as new cooperation arrangements are introduced as part of the UK Cyber Security Strategy. These findings call for a more in-depth qualitative understanding of the cooperation between eCrime controllers and their data consumption practices. Ascertaining what shapes this cooperation (and non-cooperation) and how perceptions compare with ‘actual’ threats and risks is necessary if we are to better understand the ‘social construction’ of the problem and subsequent policy and operational outcomes.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The term eCrime Controllers is preferred to other terms, such as eCrime Policing or eCrime Regulators: it indicates that a broader range of relevant parties are involved in controlling eCrime, beyond just law enforcement and government regulators.
In this article we define the UKIA community in the broadest sense, including criminal justice agencies, private sector (IT, Finance and SMEs), public sector (criminal justice and non-criminal justice departments), academia, voluntary sector and industry groups and forums. A fuller description is provided in the methods section of the article.
Symantec gathers malicious code intelligence from more than 133 million client, server and gateway systems that have deployed its antivirus products. Additionally, Symantec's distributed honeypot network collects data from around the globe, capturing previously unseen threats and attacks that provide valuable insight into attacker methods.
A process where the engine responsible to altering the behaviour of malware resides outside of the malware itself, usually on a website. By extracting this function from within malware, analysts find it more difficult to identify and eradicate infection.
The Scottish Crime and Justice Survey 2010/11 estimated that 4.5 per cent of adults had experienced card fraud in the 12 months before interview and 0.5 per cent of adults had been a victim of identity theft, where someone had pretended to be them or used their personal details fraudulently. For card fraud, there were roughly the same instances of cards themselves being used without permission (2.4 per cent) and just the card details being used (2.2 per cent).
The BCS included a technology crimes module in 03/04 but it has not since been repeated. The only consistent question in this survey on eCrime relates to identity fraud (since 05/06).
The 2010 ISBS adopted a self-selecting sample framework that reduced the representativeness of the findings and therefore precluded a robust basis for comparison with previous ISBS surveys.
PricewaterhouseCoopers’ research team ensured that questions asked in the first survey (1998) became standard for all subsequent surveys. This ensured that (to the extent that they were the same individuals) respondents became familiar with the terms expressed, resulting in plausibly sounder answers over time.
The data for the ISBS 2010 presented in Graph 1 are derived from the responses from small- to medium-sized firms as they represented the largest group of respondents. It is important to note reports of eCrimes breaches from large firms were far in excess of those reported by SMEs, making the sharp increase in eCrimes attacks in Graph 1 a conservative estimate.
The BCS does not distinguish online from offline frauds, but the former is likely to have accounted for the majority of fraud.
IACG is an initiative within the Government Communications Headquarters (GCHQ) Communications–Electronics Security Group (CESG).
European Network & Information Security Agency
Information Security Forum.
The Information Security Alliance.
The Chartered Institute for IT.
IACG is an initiative within the Government Communications Headquarters (GCHQ) Communications–Electronics Security Group (CESG). See http://www.cesg.gov.uk/Publications/Documents/uk_ia_community.pdf.
Where population estimates are provided they should be interpreted with a degree of caution.
See: https://aoir.org/documents/ethics-guide/.
Model fit statistics are presented in Table 4.
The results of sub-models not presented here, aside from the R 2 statistic. More detailed results available upon request.
Ascertaining ‘causality’ or direction of association is problematic in cross-sectional designs. We address this problem in relation to our data in the discussion section.
This association only approaches conventional levels of significance.
Conversely it could also be argued these organisations had an incentive to develop relationships with their ‘community’ because of their higher risks.
Of course, the inverse is also a possibility.
References
ACPO. (2009) ACPO e-Crime Strategy. London: ACPO, www.acpo.police.uk/documents/crime/2009/200908CRIECS01.pdf, accessed 9 October 2012.
Anderson, R., Boehme, R., Clayton, R. and Moore, T. (2008) Security Economics and the Internal Market. Heraklion, Greece: ENISA.
Anderson, R. et al (2012) Measuring the Cost of Cybercrime. London: Ministry of Defence.
Blom-Cooper, L. and Drabble, R. (1982) Police perception of crime: Brixton and the operational response. British Journal of Criminology 22 (2): 184–187.
Cabinet Office. (2011) The UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World. London: Cabinet Office.
Carr-Hill, R.A. and Stern, N. (1979) Crime, the Police and Criminal Statistics: An Analysis of Official Statistics for England and Wales Using Econometric Methods, Quantitative Studies in Social Relations. London: Academic Press.
Casper, C. (2007) Examining the Feasibility of a Data Collection Framework. Heraklion, Greece: ENISA.
Cohen, J. (1988) Statistical Power Analysis for the Behavioral Sciences, 2nd edn. Hillsdale, NJ: Lawrence Erlbaum.
Council of the European Union. (2000) Proposal for the extension of Europol's mandate to the fight against cybercrime. Note from Presidency to Article 36 Committee. http://www.statewatch.org/semdoc/assets/files/council/12224-00.pdf, accessed 5 October 2012.
CrySyS Lab. (2012) sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex Malware for targeted attacks. Laboratory of Cryptography and Systems Security: Budapest University of Technology and Economics. http://www.crysys.hu/skywiper/skywiper.pdf.
Dorofeev, S. and Grant, P. (2006) Statistics for Real-Life Sample Surveys: Non-simple random Samples and Weighted Data. Cambridge, UK: Cambridge University Press.
Empirica. (2007) Benchmarking in a Policy Perspective: Security and Confidence. Report No.8. Brussels: Empirica.
Farwell, J. and Rohozinski, R. (2011) Stuxnet and the future of cyber war. Survival 53 (1): 23–40.
Garlik. (2009) UK Cybercrime Report 2009. London: Experian.
Giddens, A. (1990) The Consequences of Modernity. Oxford, UK: Polity Press.
Grabosky, P. and Smith, R. (2001) Digital crime in the twenty-first century. Journal of Information Ethics 10 (1): 8–26.
Greer, C. and Reiner, R. (2012) Mediated Mayhem: Media, crime and criminal justice. In: M. Maguire, R. Morgan and R. Reiner (eds.) The Oxford Handbook of Criminology, 5th edn. Oxford, UK: Oxford University Press, pp. 245–278.
HM Government. (2010) A Strong Britain in an Age of Uncertainty: The National Security Strategy. London: The Stationery Office.
HM Government. (2011) Strategic Defence and Security Review: The First Annual Report. London: The Stationery Office.
Hyde-Bales, K., Morris, S. and Charlton, A. (2004) The Police Recording of Computer Crime. London: The Stationery Office.
i2010 High Level Group. (2006) Benchmarking Framework. Brussels, Belgium: European Commission.
Jewkes, Y. and Yar, M. (2010) Handbook of Internet Crime. Cullompton, UK: Willan.
Johnston, L. and Shearing, C. (2003) Governing Security: Explorations in Policing and Justice. London: Routledge.
Kaiser, P. (1974) An index of factorial simplicity. Psychometrika 39 (1): 31–36.
Levi, M. and Williams, M. (2012) eCrime Reduction Partnership Mapping Study. London: Nomient Trust.
Mohan, J., Twigg, L. and Taylor, J. (2011) Mind the double gap: Using multivariate multilevel modelling to investigate public perceptions of crime trends. British Journal of Criminology 51 (6): 1035–1053.
National Statistician. (2011) National Statistician's Review of Crime Statistics: England and Wales. London: Government Statistical Service.
PriceWaterhouseCoopers. (2012) Information Security Breaches Survey. London: PwC.
Sommer and Brown. (2011) Reducing Systemic Cybersecurity Risk. London: OECD.
Symantec. (2012) Internet Security Threat Report, Volume 17. Mountain View, CA: Symantec.
Tabachnick, B.G. and Fidell, L.S. (2013) Using Multivariate Statistics, 6th edn. Boston, MA: Allyn and Bacon.
U.N. Commission on Crime and Criminal Justice. (1995) United Nations Manual on the Prevention and Control of Computer-related Crime. New York: United Nations.
Walker, C. and Akdeniz, Y. (1998) The governance of the internet in Europe with special reference to illegal and harmful content. The Criminal Law Review, Special Edition on Crime, Criminal Justice and the Internet, 5–18.
Wall, D.S. (2007) Cybercrimes: The Transformation of Crime in the Information Age. Cambridge: Polity.
Wall, D.S. and Williams, M. (2007) Policing diversity in the digital age: Maintaining order in virtual communities. Criminology and Criminal Justice 7 (4): 391–415.
Williams, M. (2006) Policing & cyber-society: The maturation of regulation within an online community. Policing & Society 17 (1): 59–82.
Williams, M. (2010) Cybercrime. In: F. Brookman, M. Maguire, H. Pierpoint and T. Bennett (eds.) Handbook of Crime. Cullompton, UK: Willan.
Yar, M. (2006) Cybercrime and Society. London: Sage.
Acknowledgements
This work was supported by Nominet Trust under the grant ‘Mapping Cybercrime and its Control’.
Author information
Authors and Affiliations
Corresponding author
Additional information
Correction
This article has been corrected and republished with respect to one numerical error. No changes to methodology or results have been made.
Rights and permissions
About this article
Cite this article
Williams, M., Levi, M. Perceptions of the eCrime controllers: Modelling the influence of cooperation and data source factors. Secur J 28, 252–271 (2015). https://doi.org/10.1057/sj.2012.47
Published:
Issue Date:
DOI: https://doi.org/10.1057/sj.2012.47