We tend to measure cybercrime in financial terms. We calculate how much victims have lost through an online dating hoax, a Forex trading scam or one of the many other types of consumer fraud. For businesses, the cost is often measured by the ransom paid to hackers to unlock precious files.
But while financial loss may be what hits victims hardest at first, psychological trauma often follows and can last for months, if not years. Disturbingly, it is this side of cybercrime that has gone largely unnoticed.
I’ve interviewed many victims of cybercrimes, both individuals and owners of businesses. With frightening regularity, they describe their initial sense of helplessness when faced with a live cyberattack and then the persistent state of high alert and cycle of low confidence they find themselves in for months or years at a time.
Many business owners are not clear how to recuperate their losses or who they should even report an attack to. Very few know how they can address any vulnerabilities in their IT systems. For many I’ve spoken to, the support offered by national organisations falls short when meeting their needs. Once they’ve reported an attack, they’ve had to wait for local investigators to follow up, only to be told that since the cyberattack was launched from outside the UK, it will be almost impossible to recover their losses.
I’ve seen too many scramble to enlist the help of cyber security companies who promise to immediately prevent future hackers from infiltrating their systems. Under significant pressure and with limited knowledge as to which service is trustworthy, they find themselves at the mercy of a complex industry they don’t understand.
Victims of dating and romance scams suffer from a profound sense of shame and humiliation, their confidence and trust sometimes so severely shattered that they become withdrawn and exclude themselves from all online interactions.
It’s easy to overlook how sophisticated cybercrime has now become. Predators pick their vulnerable victims carefully and sometimes spend many months manipulating them into sending significant amounts of money via apps and social media platforms that look friendly, comforting and safe.
The psychological trauma of all of this closely mirrors the experiences of those who have been burgled or who have had an intruder in their home. Victims cannot get away from an impending sense of dread – and fear – that those same cybercriminals who once attacked will someday return.
Why then, do we not offer more help to these victims, or at the very least recognise the trauma they have experienced?
I believe that we need far more promotion of what to do, who to speak to and where to receive psychological support in the event of a cyberattack or cybercrime. Too few know that there are excellent free local police services that offer all of this to businesses and individuals via the National Cyber Security Centre, Cyber Protect Network and regional Cyber Resilience Centres.
But our culture is also at fault. For far too long we’ve placed blame on the victims of cybercrime, implying that those who fall prey to online romance scams missed the “tell-tale signs” of a fraudster.
This not only adds to the psychological trauma, it also means that too few victims report attacks, and this in turn starves law enforcement and intelligence agencies of the vital insights they need to understand the true scale, severity and social impact of these heinous crimes.
Dr Christian Kemp is a lecturer in criminology at Anglia Ruskin University and the lead investigator for a Home Office-funded project that examines how individuals and small and medium-sized businesses can be better protected from the risks of cybercrime