Cybercrime & Cyberattacks: A matter of different involvement, interest and influence

Effective reporting on cybercrime and cyberattacks remains crucial in preventing and countering existing and evolving threats in the cyber domain. However, despite the acknowledged value of identifying, data gathering, analysis and learning from cybersecurity incidents, reporting on such, once occurred, records low levels from various public and private organisations. 

The CYBERSPACE Research Project, funded by the EU’s Internal Security Fund Police (ISFP) programme, within the framework of its objectives, conducted recently a survey revealing the landscape of reporting cybercrimes and cyberattacks, focusing on the European level. Despite the survey was not expansive, its outcomes proved illustrative. The report shows Law Enforcement Agencies (LEAs), Policymakers, Small and Medium-sized Enterprises (SMEs), Research Centers and other stakeholders’ attitudes, in terms of their involvement, response, counteract power (influence), impact and position towards cybersecurity incidents, as described below.

Concerning the volume of cyberattacks and cybercrimes registered (involvement), LEAs and SMEs seem to be the most targeted among the participating groups, reaching together 43% in cyberattacks and 31% in cybercrimes respectively. However, 70% replied that they have not encountered cybercrimes or that they are unable to answer, contradicting global trends mentioning that nowadays various organisations face 925 cyberattacks per week, and more than 60% of them have experienced at least one form of cyberattack. Despite, no safe conclusions can be drawn, the latter leads to an assumption that there is lack of awareness about cybersecurity issues, linked to inadequate reporting.

Following, as regards responding to cyberattacks (interest), the responses recorded mostly technological and other related measures (37%) and less, investigation on incidents and effective internal and external reporting (4% and 8% respectively). Only 12% of the participating groups replied that have activated existing preventative measures and taken additional actions towards cyber protection; while, similarly to involvement statistics, a significant number of replies noted of unawareness to answer (23%) and to what kind of actions were taken, if any (8%).

Responses to Cybercrimes and Cyberattacks

As seen in the figure above, only 8% of the participants mentioned reporting of the cyber incident.

Coming to the level of power (or influence) to counteracting, the picture that the report gave was not clear.  According to the survey, nearly 39% of the respondents stated low level of power, almost 31% high, 14% mentioned a moderate way of counteracting, while 16% did not provide an answer. In the distribution above however, the various participating groups present contradictive counteractions. Around half of the LEAs and SMEs, the groups most involved in cybercrimes and cyberattacks, counteract strongly and the other half not, providing a significant incoherence in this field. This could be explained by the different nature and volume of each cyber incident; however, as contradiction occurs also in LEAs and SMEs of the same country, this indicates an asymmetrical intensity of countermeasures per organisation.

The report also touches upon the impact and recording/keeping statistics (position) of cyber incidents. The survey findings demonstrate that the impact of the majority of the cyberattacks and cybercrimes is described relatively low, ranging from minimal impact (i.e. phasing attempts, technical problems) to financial loss and reputation damage. Following, the report gives satisfying rates in recording/keeping statistics. LEAs and SMEs both make 79% of those keeping statistics. These refer to datasets that include descriptive information, modi operandi, impact and recovery, analysis and other. Nevertheless, the survey also showed a limited number of respondents (2%) that despite being targeted multiple times (more than 20) do not keep statistics.

The findings above were produced by a quantitative and qualitative analysis concerning data from the past two years (2020-2021). The survey took place through a structured questionnaire covering the above participants from 21 countries, from which 17 member states of the EU.

Implementing the project, CYBERSPACE will utilise the survey outcomes to enhance effective reporting, while as a next phase, a gap and factor analysis will be conducted, building on the findings of a new questionnaire which will be issued soon.

Authors: Center for Security Studies (KEMEA)