The Dynamics of Business, Cybersecurity and Cyber-Victimization: Foregrounding the Internal Guardian in Prevention

Buil‐Gil, David; Lord, Nicholas; Barrett, Emma

doi:10.1080/15564886.2020.1814468

Cited by 16 publications

(13 citation statements)

References 26 publications

(67 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It has been widely stated that attacks against organisations have risen (Europol, 2020b;Interpol, 2020), but it may be that such a general statement is overly simplistic and greater victim specificity is required when researching trends in cybercrime and fraud against organisations. In fact, academic literature has begun to examine the organisational characteristics related to cybercrime and fraud victimisation (Buil-Gil et al, 2021b) and future research could examine this within the context of COVID-19.…”

Section: Discussionmentioning

confidence: 99%

“…It has been widely stated that attacks against organizations have risen during COVID-19 (Europol, 2020a;Interpol, 2020), but it may be that such a general statement is overly simplistic and greater crime, victim, or country, specificity is required when researching trends in cybercrime and fraud against organizations. In fact, academic literature has begun to examine the organizational characteristics related to cybercrime and fraud victimization (Buil-Gil et al, 2021a;Rantala, 2008;Williams et al, 2019) and future research could examine this within the context of COVID-19. Second, it is unclear to what extent the divergences in individual and organizational victimization during the pandemic are the result of differences in reporting.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Empty Streets, Busy Internet: A Time-Series Analysis of Cybercrime and Fraud Trends During COVID-19

Kemp

Buil‐Gil

Moneva

et al. 2021

Journal of Contemporary Criminal Justice

Self Cite

View full text Add to dashboard Cite

The unprecedented changes in routine activities brought about by COVID-19 and the associated lockdown measures contributed to a reduction in opportunities for predatory crimes in outdoor physical spaces, while people spent more time connected to the internet, and opportunities for cybercrime and fraud increased. This article applies time-series analysis to historical data on cybercrime and fraud reported to Action Fraud in the United Kingdom to examine whether any potential increases are beyond normal crime variability. Furthermore, the discrepancies between fraud types and individual and organizational victims are also analyzed. The results show that while both total cybercrime and total fraud increased beyond predicted levels, the changes in victimization were not homogeneous across fraud types and victims. The implications of these findings on how changes in routine activities during COVID-19 have influenced cybercrime and fraud opportunities are discussed in relation to policy, practice, and academic debate.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Empty Streets, Busy Internet: A Time-Series Analysis of Cybercrime and Fraud Trends During COVID-19

Kemp

Buil‐Gil

Moneva

et al. 2021

Journal of Contemporary Criminal Justice

Self Cite

View full text Add to dashboard Cite

show abstract

“…Its data can be used to obtain estimates of the prevalence of insider incidents, defined as cyber security breaches or attacks in organizations involving unauthorized use of computers, networks or servers by staff. In the 2018 edition, 2.4% of organizations reported having suffered at least one insider incident in the last 12 months (Buil-Gil, Lord, and Barrett 2021). This survey also collects information on the consequences of the incidents, including their outcome, their cost, and the cyber security measures adopted by organizations to mitigate them.…”

Section: Insiders Insider Incidents and Cyber Security Measuresmentioning

confidence: 99%

“…According to two reports based on two different online surveys, in the case of Dutch small and medium-sized enterprises (SMEs), this figure was 29% in 2013 (Veenstra, Zuurveen, and Stol 2015) and 19% between 2016(Notté et al 2019. Although it seems that, in general, larger companies report more incidents (Johns 2021), they also have more resources and therefore probably better detection tools and reporting mechanisms (Buil-Gil, Lord, and Barrett 2021). One of the reasons why estimates of cyber victimization in companies may differ is that the definitions of cybercrime, cyber-attack, or cyber security incident are neither clear nor consistent across studies and may include different crime measures.…”

Section: Introductionmentioning

confidence: 99%

Insider Threats Among Dutch SMEs: Nature and Extent of Incidents, and Cyber Security Measures

Moneva¹,

Leukfeldt²

2022

Preprint

View full text Add to dashboard Cite

Insider threats represent a latent risk to all organizations, whether they are large companies or SMEs. Insiders, the individuals with privileged access to the assets of organizations, can compromise their proper functioning and cause serious consequences that can be direct—such as financial—or indirect—such as reputational. Insider incidents can have a negative impact on SMEs, as their resources are often limited, making it paramount to implement adequate cyber security measures. Despite its indisputable relevance, the empirical study of insider incidents from a criminological point of view has received little attention. This paper presents the results of an exploratory study that aims to understand the nature and extent of three type of insider incidents—malicious, negligent, and well-meaning—and how they are related to the adoption of cyber security measures. To that end, we administered a questionnaire among a panel of 496 Dutch SME entrepreneur and managers and analysed the results quantitatively and qualitatively. The results show that although the prevalence of insider incidents is relatively low among Dutch SMEs, few organizations report a disproportionate number of incidents that often entail serious consequences. A regression model shows that there are cyber security measures related to both higher and lower incident likelihood. The implications of these findings for the cyber security policies of SMEs are discussed.

show abstract

“…Its data can be used to obtain estimates of the prevalence of insider incidents, defined as cyber security breaches or attacks in 6 organizations involving unauthorized use of computers, networks or servers by staff. In the 2018 edition, 2.4% of organizations reported having suffered at least one insider incident in the last 12 months (Buil-Gil et al, 2021). This survey also collects information on the consequences of the incidents, including their outcome, their cost, and the cyber security measures adopted by organizations to mitigate them.…”

Section: Introductionmentioning

confidence: 99%

Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures

Moneva

Leukfeldt

2023

Journal of Criminology

View full text Add to dashboard Cite

Insider threats represent a latent risk to all organizations, whether they are large companies or SMEs. Insiders, the individuals with privileged access to the assets of organizations, can compromise their proper functioning and cause serious consequences that can be direct—such as financial—or indirect—such as reputational. Insider incidents can have a negative impact on SMEs, as their resources are often limited, making it paramount to implement adequate cyber security measures. Despite its indisputable relevance, the empirical study of insider incidents from a criminological point of view has received little attention. This paper presents the results of an exploratory study that aims to understand the nature and extent of three type of insider incidents—malicious, negligent, and well-meaning—and how they are related to the adoption of cyber security measures. To that end, we administered a questionnaire among a panel of 496 Dutch SME entrepreneurs and managers and analyzed the results quantitatively and qualitatively. The results show that although the prevalence of insider incidents is relatively low among Dutch SMEs, few organizations report a disproportionate number of incidents that often entail serious consequences. A regression model shows that there are cyber security measures related to both higher and lower incident likelihood. The implications of these findings for the cyber security policies of SMEs are discussed.

show abstract

The Dynamics of Business, Cybersecurity and Cyber-Victimization: Foregrounding the Internal Guardian in Prevention

Cited by 16 publications

References 26 publications

Empty Streets, Busy Internet: A Time-Series Analysis of Cybercrime and Fraud Trends During COVID-19

Empty Streets, Busy Internet: A Time-Series Analysis of Cybercrime and Fraud Trends During COVID-19

Insider Threats Among Dutch SMEs: Nature and Extent of Incidents, and Cyber Security Measures

Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures

Contact Info

Product

Resources

About