Cybercrime & Cyberattacks: Identifying reporting gaps and the story behind them

Previous research from the CYBERSPACE project on reporting on cybercrimes and cyberattacks showed poor results in terms of frequency, immediacy, and content quality. Public and private organizations remain still far from proper reporting, which in turn could support effective preventative responses and enhance cybersecurity.

But why is this happening? Follow up research by the CYBERSPACE team attempted to provide the missing answers to the crucial question. Building on the previous research methodology, relevant policymakers, Small and Medium-sized Enterprises (SMEs), research centers and other stakeholders were invited to provide quantitative and qualitative data to identify the existing gaps and the factors behind them that hinder proper and effective reporting.

The research findings revealed that most organizations give low importance and priority in cybercrime and cybersecurity incidents and many of them do not realize that they have been targeted and victimized, thus the cybercrime reporting has the lowest rate compared to other types of crime, Despite its low rate, the survey highlighted that reporting appears necessary in large-scale cyberattacks, while smaller and less-harmful attacks do not usually set the alarm on so as to resort to reporting. In this regard, the survey showed that the type of cyberattack cybercrime affects the reporting of these. The most common identified attacks were access attacks, especially on the public sector, followed by reconnaissance attacks and lastly denial of service attacks.

Using a qualitative research approach, the survey showed that among both private and public organizations there is lack of knowledge of “where to report cybercrimes”, with the reason being put down to “unclear reporting processes”; “data-sharing versus confidentiality clauses” dilemmas; and when solved “non-interoperable” platforms of data sharing and “heterogeneous reporting language, standards and concepts”. Given the policies currently in place, as well as the progress in cyber-awareness and societal digitalization transformative forces, the findings are discouraging but also paradox.

More specifically, the survey showed that although the majority of respondents a) claimed that they have an action plan for reporting in place b) they know there are reporting tools available and c) they acknowledge that there is a legal obligation to report, the reporting rate remains still low. When considering why there may be low reporting rates, participants mentioned the complexities of legal frameworks, fear of exposure and punishment, and concerns of reputation damage. Whereas, as recommendations to defeat this picture, the survey illustrates that the known mantra of “training, knowledge sharing, expertise and vigilance of cyber risks” remains modern.

From the survey, a set of recommendations were devised to build upon the identified gaps and the grounds that hinder effective reporting and knowledge sharing. According to survey respondents, such gaps can be filled and overcome by “cyber-education, training and publicly available information”; “centralized reporting channels and single point of reporting/agencies”; “establishment of clear policies and Incident Response Plans (IRPs) at organizational level”; and “common online tools, such as forms and questionnaires”, in addition to the possibility of receiving a feedback receipt once cyberattacks and cybercrimes have been reported.

The findings above complement the previous CYBERSPACE research and delve deeper into the landscape and barrier to effective reporting in European countries. Although the research sample was limited, the survey employed both quantitative and qualitative analysis of data collected by an online structured questionnaire, including recent literature review and feeds/inputs from MISP (Malware Information Sharing Platform). CYBERSPACE will continue implementing its programmed objectives and follow up on the survey towards meeting the project’s aims of understanding cybercrime in Europe and promoting a safer online Europe for all.

Author: Center for Security Studies (KEMEA) CYBERSPACE team