Cybercrime Classification and Measurement

Cybercrime poses serious threats and financial costs to individuals and businesses in the United States and worldwide. Reports of data breaches and ransomware attacks on governments and businesses have become common, as have incidents against individuals (e.g., identity theft, online stalking, and harassment). Concern over cybercrime has increased as the internet has become a ubiquitous part of modern life. However, comprehensive, consistent, and reliable data and metrics on cybercrime still do not exist - a consequence of a shortage of vital information resulting from the decentralized nature of relevant data collection at the national level.

Cybercrime Classification and Measurement addresses the absence credible cybercrime data and metrics. This report provides a taxonomy for the Federal Bureau of Investigation for the purpose of measuring different types of cybercrime, including both cyber-enabled and cyber-dependent crimes faced by individuals and businesses, and considers the needs for its periodic revision. This report was mandated by the 2022 Better Cybercrime Metrics Act (BCMA).

Table of Contents

Front Matter Summary 1 Introduction: Cybercrime Measurement, The Panel, and Its Charge 2 Treatment of Cybercrime in Current Data Collections 3 Approaches to Cybercrime Classification 4 Recommendations and Implementation Challenges References Appendix A: Recent Federal Law on Cybercrime Classification Appendix B: Detailed Definitions and Inclusions, Panel's Recommended Classification of Cybercrime Appendix C: Cybercrime Offenses Defined in Current Systems and Law Appendix D: Biographical Sketches of Panel Members and Principal Staff