The study “When do businesses report cybercrime? Findings from a UK study” by Kemp et al. (2021) fills the gap of studying which factors influence the reporting of cybercrime victimization of businesses in the UK. The authors, through the analysis of data acquired from the UK Cyber Security Breaches Survey 2018, 2019 and 2020, find that specific cybercrime types, a higher negative impact of the cyber incident and a high priority given to cybersecurity increase the likelihood of reporting to public authorities.
The results also confirm the finding from previous studies that there is a high discrepancy between reporting to private cybersecurity companies and public authorities, particularly law enforcement agencies. The authors conclude that further research on the decision-making processes within businesses leading to reporting is needed.
Find the study here.