Victims of cybercrime in Europe: a review of victim surveys

Objectives: Review the evidence provided by victim surveys in order to provide a rough estimate of the personal crime prevalence of the main types of cybercrime. Methods: We performed a search in databases, searched online, and contacted several Offices for National Statistics in Europe and selected surveys that provided information about individual victims of crime which were representative for a general population. Six types of cybercrime have been distinguished, namely online shopping fraud, online fraud banking/payment, other cyber fraud (such as advanced fee fraud), cyber threats/harassment, malware, and hacking. For every survey the questions on cybercrime are presented and the crime prevalence estimates are compared. Results: Nine surveys were included. Annual crime prevalence rates ranged from 1 to 3% for online shopping fraud, from less than 1 to 2% for online banking/payment fraud. Less than 1% of the population is a victim of other types of fraud and a maximum of 3% of the population experiences some sort of online bullying such as stalking (1%) or threatening (1%). 1-6% is a victim of hacking. The estimates for being a victim of malware range from 2 to 15%. For all offences it cannot be estimated how much of the differences are due to variation in methods and questioning between the studies or real differences between countries or change over time. Conclusions: As yet there have been very few well performed randomised sampled studies on cybercrime amongst the general population. Cybercrime prevalence (and its trend) can only be well measured if the questions are frequently updated and adequately address new aspects of cybercrime. To adequately monitor cybercrime in the future it is advisable to develop some fairly abstract main categories that are of durable validity, whilst allowing for up-to-date illustrations. Furthermore, ideally the questioning in the ongoing surveys in the different countries should be standardised and there should be a uniform categorisation of the different cyber offences. A screening question in order to permit more accurate dating is essential to reduce telescoping bias. Surveys should ask about the impact on or damage to the victims.