State of Play
Over the last decades, cybercrime has become one of the most dynamic and fastest growing areas of crime. In this context, the EU Security Union Strategy for 2020-2025 has highlighted cybercrime as a top priority for the European Union and its Member States. Previous studies have investigated factors for reporting or non-reporting cyber offences among businesses. However, to date there is still lack of knowledge on what makes businesses more likely to inform (or not inform) LEAs of cyber threats or cyber-security attacks.
The Cybercrime Victimisation Barometer (CYBBAR) project aims at improving the understanding of contemporary cyber threats and enhancing the cooperation between LEAs and private partners with regard to investigations and reporting. The 2-year EU-funded project is implemented by three partners: Center for the Study of Democracy (coordinator), Ecorys Europe and Forentec.
The main results of CYBBAR will be:
- 3 Country Reports on business cyber victimisation
- a Business Cyber Victimisation Survey
- a conceptual tool for digital reporting of cyber incidents.
Methodology
Country reports
CYBBAR will conduct scoping interviews with experts from LEAs and Cyber Incidents Response Teams and will pilot the business cyber victimisation survey in Bulgaria, the Netherlands, and Spain.
The three Member States cover different geographical locations, vary in their cybersecurity framework, and have different business landscapes and levels of digitalisation. This will allow to transfer the insights gained from the three countries to other EU Member States.
Business cyber victimisation survey
Based on in-depth interviews with experts from LEAs and businesses, the CYBBAR project will develop a pilot of a model for an EU-level standardised business survey on cybercrime.
The aims of the business cyber victimisation survey are:
- increasing the knowledge on the cybercrime victimisation of businesses
- measuring objective and subjective indicators on the extent of their victimisation
- conducting a praxis test of the pilot on a representative sample in Bulgaria, Netherlands, and Spain
- developing a methodology toolkit for replication in other EU Member States
- establishing the basis for a EU cyber victimisation database of businesses
Digital reporting tool
A pilot of a digital reporting tool will be designed based on the assessment of reporting mechanisms in place in Bulgaria, the Netherlands, and Spain. The tool will take into account the needs of LEAs and the factors leading to underreporting of cybercrime against businesses. As a supporting or substitutive reporting tool in Member States, it will be developed with the aim to:
- enhance digital reporting of cyber incidents among businesses
- contribute to a more effective and efficient reporting process
- support public-private cooperation.