End user cybercrime reporting: what we know and what we can do to improve it

Abstract

After a physical crime occurs an important action typically takes place: the reporting of the crime to the police. However, this action becomes more complex for a victim to properly execute when a cybercrime is experienced, which can be partly explained for instance by a lack of knowledge about cybercrimes and computer security. Cybercrime reporting is crucial because it can provide a multitude of data such as the prevalence of cybercrimes, the types and nature of the cybercrimes present, and the various resulting types of loss or harm (e.g., financial, psychological, emotional). Moreover, cybercrime reporting data is also actionable for two reasons: (1) prevention tips can be produced to educate users of how they can mitigate commonly occurring cybercrimes they may be faced with, and (2) the information provided can be useful for the appropriate law enforcement agencies to potentially reach a proper resolution for the cybercrime victim (i.e., the cybercriminal being caught, the recovery of stolen property). However, comparatively few academic works have focused on better understanding computer users' cybercrime reporting behaviors. In this paper, we first review the relevant literature, which predominantly focuses on the reasons that contribute to the underreporting of cybercrimes. Next, we highlight four particular challenges of cybercrime reporting. These challenges include the issue of computer users potentially having difficulty in properly identifying cybercrimes they may experience, fostering knowledge of how to report cybercrimes to the appropriate channels, providing incentives for cybercrime reporting, and the extent of feedback victims receive after filing a cybercrime report. Grounded in the surveyed literature and our previous work, we also provide a set of recommendations on how to approach these challenges in order to improve currently existing cybercrime reporting processes.