Вы находитесь на странице: 1из 8

CYBERCRIME: the greater concern for businesses

INTRODUCTION
The ICT revolution has made it easier to communicate, do business,
socialise, the list is endless. This revolution has been facilitated by the
internet which has created a global virtual environment where different
electronic devices can easily connect and is now easily accessible to
people. While it has brought tremendous benefits; on the other hand, it
has created an environment where both traditional crime and cybercrime
can thrive. Proving the maxim that crime follows opportunity, virtually
every advance has been accompanied by a corresponding niche to be
exploited for criminal purposes; so-called 'cybercrimes' (Clough 2010, p.
3).

It's, therefore, imperative to understand a little background on the

origin of the internet and its growth. It is also good to note that it's not all
dark and gloom as the same technology is used by government and law
enforcements to fight both traditional crimes and cybercrime (Nuth 2008,
p. 437).
One challenge we encounter when evaluating cybercrime is the lack of
agreement on its definition; this paper will examine this problem as it
negatively impacts the fight against the crime.

In spite of the lack of

compromise on the definition; on the impact of cybercrime there's no


contention on the negative effect it has on the victims either individuals or
organisations.
This paper will examine these effects with regards to businesses and show
although it's hard to quantify regarding actual revenue lost the cost is
substantial, and the unquantifiable effects should be of even greater
concern as the impact is difficult to recover from.

SHORT BACKGROUND

1|

An examination of cybercrime ought to begin with the Internet, for the


simple reason that without the latter, the former could and would not exist
(Yar 2013, p.6). Whilst internet provides a lot of benefits and makes life
easier for people today, the inventors saw it for the sole purpose of
communicating and sharing information.
According to Internet Society, the first form of computer network was
created in 1965 by Merrill and Roberts when they connected two
computers one in Massachusetts and another one in California creating
the first wide-area computer network ever built. (Barry et al. 2012, p.2).
The success of this simple experiment led to more research and
development by several working groups including the ARPANET, which
initially was used by universities and government agencies in the US.
ARPANET was opened to the public in the 1990's and has since been
referred to as the internet. The growth of the internet has been
unprecedented and as Barry describes it, "the Internet is at once a worldwide broadcasting capability, a mechanism for information dissemination,
and a medium for collaboration and interaction between individuals and
their computers without regard for geographic location" (Barry et al. 2012,
p.1).
Whereas it should be seen in the context of what benefits and capabilities,
it gives us as described by Barry. On the other hand, Yar suggests that it
needs to be seen as a set of social practices. The Internet takes the form
that it does because people use it in particular ways and for particular
purposes for example, if people didn't use the Internet for shopping, then
there would be no opportunities for credit card crimes that exploit users'
financial information (Yar 2013, p.6). The same can be said about other
technologies as Nuth proposes, new technologies have now become the
subject (place), object (target), tools (instrument) and symbol of crime
(Nuth 2008, 438). Therefore, social behaviours of the people on the
internet create opportunities for cybercrime to thrive.

Cybercrime is

compounded by the fact that the number of users is growing at a

2|

tremendous rate currently there are over 3.2 billion internet users (Sanou
2015, p.1).
CYBERCRIME DEFINITION
Cybercrime has proven to be difficult to define, with multiple definitions
being used in different contexts (Ncube 2016, p.3). The English Oxford
Dictionary defines cybercrime as criminal activities carried out using
computers or the Internet. This definition is narrow as it does not take into
account the evolving nature of technology and cybercrime . On the other hand,

Clough suggests that cybercrime should not be seen as one type of crime
offending but is, in fact, a range of offences which have in common the
use of technology. He defines these crimes in three broad categories: 1.
crimes in which the computer or computer network is the primary target.
2. A computer is a tool used to commit the crime. 3. The computer is an
incident aspect of the commission of the crime (Clough 2011, p. 672).
Thomas & Loader have been widely quoted by many authors as they take
a wider and general view which is more dynamic as opposed to a static
definition. They define cybercrime as computer-mediated activities which
are either illegal or considered illicit by certain parties and which can be
conducted through global electronic networks (Thomas & Loader. (2000,
p. 3). One term to note from this is the "global electronic networks"
instead of computer networks used by others; the term is more reflective
of the current nature of the internet as more and more devices get
connected, not necessarily computers. Gordon & Ford (2006, p.13) see
this lack of definitional clarity is problematic as it impacts every facet of
prevention and remediation. To address this, they proposed a definition
which looks at cybercrime from two perspectives, technological factors
and human factors (Gordon & Ford 2006, p.19)
As demonstrated above there in no consensus on the definition and due to
the constantly evolving nature of ICT it is inadvisable to craft a technology
and technique specific definition of cybercrime as it would soon be made
obsolete by new developments (Ncube 2016, p.3)
3|

In the absence of a consistent definition, it's only appropriate to identify


these

crimes

using

the

only

current

international

agreement

on

cybercrime, namely the Budapest Convention on Cybercrime, which


entered into force in 2004 (Ncube 2016, p.4). Below are some of the major
crimes, it must be noted that this is not a comprehensive list. The
convention defines the following offences

Illegal access, interception and copying


Interference of Data and System
Computer-related forgery and fraud
Misuse of devices
Child pornography
Attempts, Aiding, abetting
Corporate liability

(Council of Europe 2001, p.4-8)

IMPACT OF CYBERCRIME
According to Bendovshi (2015, p.27) it is hard, if not impossible, to
quantify the exact costs that organisations require for recovering their
business, customers' trust and image; however, the impact of cyberattacks most often concern loss of information, business disruption,
revenue loss and equipment damage. Similarly, Borrett et al. (2013, p.
164) says that cyber-attacks affect critical business and infrastructure
operations at a significant expense to the affected enterprises, but have
damaged consumer trust and brand reputation
Even though it's difficult to quantify and estimate the loss McAfee report
gives us a conservative estimate of the losses incurred in the global
economy to be $375 billion (McAfee 2014, p.3). Although there is no data
to support the estimation the FBI Internet Crime Report of 2014 gives an
idea on the veracity of the financial losses reported due to cybercrime.
The report shows that over $800,492,073 was reported (only losses
greater than $100,000 were recorded) as lost in the US (FBI 2014, p.8).
4|

However, this is not a true reflection of the actual losses incurred as the
2014 US State of Cybercrime Survey -5 indicates that only 12% of the
crimes are reported to law enforcement (SEI 2014, p.7). If this could be
assumed to be the case in most countries, then the estimate might be
close to the reality. The lack data can also be attributed to the fact that
61% of organisations do not have cyber security incidents identified in
their risk register (CERT 2014, p.4) which again demonstrate that most of
the incidents are not reported. While its hard to prevent, these attacks
and the consequences; institutions can now protect themselves using
insurance. Some companies have launched insurance products covering
risks related to cybercrime (Bendovschi 2015, p.28).
The unquantifiable impact is, however, substantial and companies can
only try to prevent the attack as they have no control on these types of
effects. In their research Riek found that online shopping, online banking,
and online social networking was negatively affected after cybercrime
attacks in organisations resulting to unused online services, hence indirect
loss of revenue (Riek et al. 2016, p.261,271). Hille gives an example;
consumers reduce their use of Internet shopping or become reluctant to
share information online and to shop online (Hille et al. 2011, p.214).
Smith goes further and shows through case studies done on organisations
that have been victims; losses go beyond stolen assets, lost business, and
company reputation, but also include a negative impact on the company's
stock price. (Smith et al. 2011, p.78)
There seems to a consensus on the impact of cybercrime as opposed to
the definition of cybercrime, but the biggest problem is dealing with
unquantifiable effects; loss of consumer trust which results to change of
consumer behaviour, damage to brand reputation, and depreciation of
shareholder value.

CONCLUSION

5|

The current ICT advancement has positively transformed the way we


conduct business at the same time exposing organisations to huge risks
caused by cybercrime. While there is no compromise on the definition of
the term; cybercrime, the negative impact it has on businesses is
undisputed. Some of the impacts can be estimated; directly lost funds or
damage of IT infrastructure, but the biggest impact is the unquantifiable
effects like the change of consumer behaviour, brand reputation, and loss
of stock price value. These impacts are hard to recover from as the
organisations have no control as these are external effects, and
organisations have no way of protecting themselves, as opposed to the
former where they can use insurance to protect against risk. Organisations
should not only focus on technology when considering the security
measures

but

should

be

combination

of

technology,

service

management and risk management (Borrett et al. 2013, p.168)

6|

REFERENCES
Thomas, D, Loader B, 2000, Cybercrime: Security and Surveillance in the
information Age. 1st ed. Routledge, New York
Yar, M, 2013, Cybercrime and Society. 2nd ed. Sage, London
Clough, J, 2011, Cybercrime, Commonwealth Law Bulletin, Vol. 37, No. 4,
pp. 671680.
Clough, J, 2010, Principles of cybercrime. 1st ed. Cambridge University
Press, New York
Nuth, M, 2008, Taking advantage of new technologies: For and against
crime, Computer Law & Security Review, Volume 24, Issue 5, pp. 437
446.
Ncube, C, 2016, Recent Developments in African Regulation of
Cybercrime: An overview of Proposed Changes to the South African
Framework, Journal of Internet Law. Jan 2016, Vol. 19 Issue 7, pp. 3-14.
Bendovschi, A, 2015, Cyber-Attacks Trends, Patterns and Security
Countermeasures, In 7th INTERNATIONAL CONFERENCE ON FINANCIAL
CRIMINOLOGY 2015. Wadham College, Oxford, United Kingdom, 13-14
April 2015. Romania: Elsevier B.V. pp. 24 31.
Gordon , S, Ford, R, 2006, On the definition and classification of
cybercrime, Journal of computer virology and hacking techniques,
Vol.2(1), pp. 13-20 .
Council of Europe, COE, 2001, European Treaty Series - No. 185, In
CONVENTION ON CYBERCRIME. Budapest, 23.11.2001. Budapest: Council
of Europe. PP.1-25.
Smith, K, Smith, L, Smith, J, 2011, CASE STUDIES OF CYBERCRIME AND
THEIR IMPACT ON MARKETING ACTIVITY AND SHAREHOLDER
VALUE, Academy of Marketing Studies Journal, Volume 15, Number 2, 6781.
Borrett, M, Carter , R, Wespi , A 2013, How is cyber threat evolving and
what do organisations need to consider?, Journal of Business Continuity &
Emergency Planning , Volume 7 Number 1, pp. 163-171.
Riek, M, Bhme, R, Moore, T, 2016, Measuring the Influence of Perceived
Cybercrime Risk on Online Service Avoidance, IEEE TRANSACTIONS ON
DEPENDABLE AND SECURE COMPUTING, VOL. 13, NO. 2, MARCH/APRIL,
pp. 261-273
Hille, P, Walsh, G, Brach, S, 2011, CONCEPTUALIZING FEAR OF ONLINE
IDENTITY THEFT: A QUALITATIVE STUDY AND MODEL DEVELOPMENT, In
AMA Summer Educators' Conference . San Francisco, 5-7 Aug 2011.
Chicago : American Marketing Association. 214-215.
7|

Barry, M, Leiner, C, David, C, Robert K, Leonard K, Daniel L, Jon, P, Larry,


R, Stephen W, 2012. Brief History of the Internet, viewed 29 March 2016 ,
<http://www.internetsociety.org/sites/default/files/Brief_History_of_the_Inte
rnet.pdf>
Sanou B, 2015, ICT Facts Figures 2015, ITU, viewed 29 March
2016 ,<https://www.itu.int/en/ITUD/Statistics/Documents/facts/ICTFactsFigures2015.pdf>
McAfee, CSIS, 2014, Economic impact of cybercrime II, Net
Losses:Estimating the Global Cost of Cybercrime, viewed 29 March 2016,
<http://www.mcafee.com/au/resources/reports/rp-economic-impactcybercrime2.pdf>
SEI, 2014, 2014 U.S. State of Cybercrime Survey, CERT, viewed 31 March
2016, < http://resources.sei.cmu.edu/library/asset-view.cfm?
assetID=298318>
CERT Australia, 2014, CYBER CRIME & SECURITY SURVEY REPORT 2013,
viewed 30 March 2016
<https://www.cert.gov.au/system/files/614/679/2013%20CERT
%20Australia%20Cyber%20Crime%20%2526%20Security%20Survey
%20Report.pdf>
Oxford dictionary - definition of cybercrime in English from the Oxford
dictionary, 2016, cybercrime - definition of cybercrime in English from the
Oxford dictionary, viewed 30 March 2016
<http://www.oxforddictionaries.com/definition/english/cybercrime>
FBI, 2014, Internet Crime Report 2014, Internet Crime Complaint Center,
viewed 30 March 2016 <https://www.fbi.gov/news/news_blog/2014-ic3annual-report>

8|