Victims of Computer Misuse Main Findings April 2020 Professor Mark Button, Dr Lisa Sugiura, Dean Blackbourn, Dr Richard Kapend, Dr David Shepherd and Dr Victoria Wang 1 Contents Table of Acronyms .................................................................................................................................. 5 Executive Summary ................................................................................................................................. 6 Introduction ........................................................................................................................................ 6 Methods and Profile of Victims .......................................................................................................... 6 Perception of Computer Misuse Crime .............................................................................................. 7 Impact of Computer Misuse Crime ..................................................................................................... 7 Financial .......................................................................................................................................... 8 Disruption........................................................................................................................................ 9 Psychological and emotional impacts ............................................................................................. 9 Health impacts ................................................................................................................................ 9 Damage to reputation ..................................................................................................................... 9 Violation of the digital self .............................................................................................................. 9 Loss of digital possessions............................................................................................................... 9 Falling Victim ....................................................................................................................................... 9 Security behaviours ......................................................................................................................... 9 Victims’ response to victimisation ................................................................................................ 10 Reporting Computer Misuse Crime .................................................................................................. 10 Reasons for low reporting ............................................................................................................. 10 Reporting experience .................................................................................................................... 10 Advice and support received ........................................................................................................ 11 Victims Needs ................................................................................................................................... 12 Conclusions and Recommendations ................................................................................................. 12 1. Introduction .................................................................................................................................. 16 2. What is Computer Misuse Crime? ................................................................................................ 16 Defining computer misuse crime ...................................................................................................... 16 The extent of computer misuse crime .............................................................................................. 19 3. Methods and Profile of Victims .................................................................................................... 22 Methods ............................................................................................................................................ 22 Profile of victims ............................................................................................................................... 23 Caveats .............................................................................................................................................. 24 4. Victims’ Views on the Recognition and Perceptions of Computer Misuse Crime ........................ 25 5. Impact of Computer Misuse Crime ............................................................................................... 28 Financial ............................................................................................................................................ 30 2 Disruption ......................................................................................................................................... 31 Anger ................................................................................................................................................. 32 Anxiety .............................................................................................................................................. 32 Stress ................................................................................................................................................. 33 Embarrassment and shame .............................................................................................................. 34 Isolation ............................................................................................................................................ 34 Damage to reputation ....................................................................................................................... 35 Negative changes in behaviour ......................................................................................................... 35 Violation of digital self ...................................................................................................................... 36 Loss of digital possessions ................................................................................................................ 37 Health Impacts .................................................................................................................................. 38 Suicidal thoughts/actions .................................................................................................................. 39 SME/O ............................................................................................................................................... 39 Financial ........................................................................................................................................ 39 Disruption...................................................................................................................................... 40 Reputational damage .................................................................................................................... 41 No significant impact ........................................................................................................................ 42 6. Falling Victim ................................................................................................................................. 42 The weak point.................................................................................................................................. 42 Victims with poor security habits ..................................................................................................... 43 Passwords ......................................................................................................................................... 43 Anti-virus ........................................................................................................................................... 43 Risky behaviours ............................................................................................................................... 44 Lack of engagement with security standards for SMEs .................................................................... 44 Victims with good security habits ..................................................................................................... 45 Victims’ response to victimisation .................................................................................................... 45 Change in security behaviours ...................................................................................................... 46 7. Reporting Computer Misuse Crime .............................................................................................. 56 Reasons for low reporting ................................................................................................................. 56 Status of computer misuse related crime ..................................................................................... 56 There was no financial loss ........................................................................................................... 56 Assumption non-police/Action Fraud initial reporting body would pass on ................................ 57 Reputation and experience of Action Fraud ................................................................................. 57 The police are unlikely to