NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>of</strong> innovation studies have had little to contribute thus far. 6 In this report we explore<br />
whether innovation perspectives, insights and responses could increase our<br />
understanding <strong>of</strong> cybercrime and help to tackle it.<br />
1.2 Sources <strong>of</strong> knowledge <strong>of</strong> cybercrime<br />
It is <strong>of</strong>ten said that what cannot be measured cannot be managed. Despite the<br />
abundance <strong>of</strong> various types <strong>of</strong> cybercrime-related statistics, the lack <strong>of</strong><br />
consensus on reliable measures and methodologies remains a matter for public<br />
concern.<br />
Figures on the nature, magnitude and impact <strong>of</strong> credit card fraud and identity theft are<br />
far from straightforward. There have been plenty <strong>of</strong> recent estimates and forecasts.<br />
However, they employ different methods <strong>of</strong> data capture and analysis which are not<br />
always clearly explained. As a result, interpretations <strong>of</strong> statistics vary widely, as do the<br />
assessments <strong>of</strong> the effectiveness <strong>of</strong> responses and directions for future prevention. Most<br />
<strong>of</strong> our interviewees counselled that cybercrime figures need to be taken cautiously. 7<br />
Many organisations regularly estimate the extent <strong>of</strong> cybercrime, providing data on<br />
security threats, victimisation, financial losses and breaches in confidentiality. Each<br />
organisation includes and excludes different things which make comparisons difficult.<br />
The need for standardised measures has been recognised by both the private sector and<br />
Parliament. 8 However, the shortage <strong>of</strong> <strong>of</strong>ficial data and a baseline against which to<br />
6 A notable exception has been the series <strong>of</strong> reports commissioned by the Foresight programme <strong>of</strong> the Office <strong>of</strong><br />
Science and Technology in 2004 under the banner <strong>of</strong> the Cyber Trust and <strong>Crime</strong> Prevention project. See<br />
http://www.foresight.gov.uk/OurWork/CompletedProjects/CyberTrust.<br />
7 For instance Richard Clayton, <strong>University</strong> <strong>of</strong> Cambridge, stressed the importance <strong>of</strong> analysing and<br />
understanding the data in order to design effective solutions for specific cybercriminal activities (such as<br />
phishing) and avoid getting to inadequate conclusions and recommendations. Interview conducted on the 21 st<br />
November 2008. Differences in published data reflect the existing differences in the conception <strong>of</strong> cybercrime<br />
by the various interested parties or ‘stakeholders’ <strong>of</strong> criminal activities, namely academic researchers, IT<br />
experts, law enforcement agencies, the financial services industry, retailers and the general public.<br />
8 The House <strong>of</strong> the Lords Science and Technology Select Committee report on personal Internet security<br />
claimed that “While the incidence and cost <strong>of</strong> e-crime are known to be huge, no accurate data exist”, and<br />
recommended “[…] that the Government establish a cross-departmental group, bringing in experts from<br />
industry and academia, to develop a more co-ordinated approach to data collection in future. This should<br />
Page 12