This past week, the Federal Bureau of Investigation (FBI) released its annual Internet Crime Report. Unlike when other types of crime data are reported, the news release received little fanfare. But the findings should be alarming and serve as a call to action.
One of the most startling crime trends reported was a 69.4% increase in the number of cybercrimes reported in 2020 as compared to 2019.
This increase is due in large part to the changes we saw from the pandemic. Cybertechnology didn’t change. But our behavior did.
As we physically distanced, we moved online for most, if not all, of our work, school and social activities. It shouldn’t be surprising that the more time we spend online, the more at risk we are for cyber victimization.
It was not just spending more time online that increased victimization. Some 28,500 individuals reported specific types of COVID-19 cyber scams. Preying on our concerns about this once-in-a-century disease, fraudsters were selling counterfeit cures, miraculous medicines, placebo pills and virtual vaccines all over the internet.
We shouldn’t attribute the cybercrime increase simply to the pandemic, though. Cybercrime and amounts lost to those offenses have been increasing for years, while other types of crime either have been stable or decreasing.
Let’s compare cybercrime trends to burglary — a crime where offenders break into a victim’s home to steal property.
In 2004, the first year the FBI tracked losses to internet crimes, a little more than 207,000 people reported losing $68 million to cybercrime. Sixteen years later, victims in the U.S. lost more than $4.2 billion to the more than 790,000 cybercrimes.
In 2004, more than 2.2 million burglaries were reported in the U.S., with victims reporting losses exceeding $3.5 billion. In 2019, the year of the FBI’s most recent statistics, a million fewer burglaries were committed, and total losses came in at just under $3 billion.
This is a textbook example of an inverse relationship. As burglaries went down, cybercrimes went up.
So what we should do about these numbers?
As they say in the helping industry, the first step to recovery is to admit you have a problem. Unfortunately, many who admit that a cybercrime problem exists fail to define it in ways that promote appropriate prevention and intervention remedies. In particular, we must come to grips with the fact that cybercrime is more of a human issue than a technological problem.
This is not to suggest that technology is irrelevant. But defining cybercrime solely as a technological problem makes about as much sense as defining burglary as a home-construction problem.
Burglaries don’t occur because of the materials put into building a home, and cybercrimes don’t occur because of the technologies used to create cyberspace. These offenses occur because people commit them.
The next natural question to ask is why individuals commit those crimes. While it might be tempting to say they commit cybercrime (or any crime for that matter) because they choose to, a follow-up question would center on what factors influence these choices.
Criminologists have spent a considerable effort trying to explain the source of cyber offending. Though there is widespread debate about the reason why cybercrime occurs, most agree that many of these offenses can be prevented with safeguards put in place by computer users.
One of the simplest suggestions is to make sure that all computer users — whether in a home or a business — are aware of the risk in the first place. Just as we know that locking our doors reduces our risk of being burglarized, we also should recognize that we can take measures to protect ourselves in cyberspace.
Increased awareness can occur in many ways. Policymakers in many states should be applauded for their efforts to integrate cybersecurity into the K-12 curriculum.
Such efforts are justified because they introduce students to possible careers designed to make our cyberspace more secure. All too often, though, these educational efforts seem to define cybercrime as a technological problem rather than a human one.
Losing sight of the human factors puts us at even greater risk for cyber victimization. Focusing on technological solutions without thinking about the human dimensions would be like building a home without thinking about the safety needs of those who will be living there.
In the end, we’d end up with a home that anyone could break into.
Brian K. Payne, Ph.D., is vice provost for academic affairs and director of the Coastal Virginia Center for Cyber Innovation at Old Dominion University. Contact him at: firstname.lastname@example.org