A surprising decrease in individual cybercrime victimization amid COVID

American criminologists see a surprising decrease in cybercrime amid COVID-19

Photo of Parti
Photo of Dearden
Photo of Hawdon

Katalin Parti studies cybercrime, victimization, school violence, and sexual violence.

Thomas Dearden studies cybercrime, victimization, white collar crime.

James Hawdon studies cybercrime, online extremism, and runs the Center for Peace Studies and Violence Prevention at Virginia Tech.

The COVID-19 pandemic has radically altered life, killing hundreds of thousands across the globe and leading many countries to issue “stay-at-home” orders to contain the virus. Based on the reports and alerts of crime agencies such as the FBI and Europol, as well as journal articles warning about the rapid rise of cybercrime, we anticipated that COVID-19 would affect victimization rates as people spent more time at home and less time in public. The pandemic may also affect victimization differently depending on the type of crime. For example, street crimes appear to be decreasing while intimate partner crimes are increasing.  We considered a third type of crime: cybercrime. This research is probably the first theoretical consideration of how a pandemic can influence routine activities and the first empirical evidence concerning how cyber routines and cybervictimization have changed after the pandemic.  

Given the well-known relationship between routine activities and criminal victimization, it is likely that COVID-19 will influence victimization rates. As people spend more time at home and less time in public, the convergence of motivated offenders, suitable targets, and guardians upon which criminal victimization depends (Cohen and Felson 1979) is undoubtedly altered. Evidence suggests that street crime rates are declining, as major cities across the US report decreases ranging from 30% to 42% following the implementation of stay-at-home orders (Coyne 2020; Jacobs and Barrett 2020; Shayegh and Malpede 2020). Treating the pandemic as a natural experiment, we investigated how the changes resulting from reduced social interaction have affected the rates of cybervictimization. We compared pre-pandemic rates of victimization with post-pandemic rates using datasets designed to track cybercrime. We found that the pandemic had not radically altered cyber-routines nor changed cybervictimization rates.

Cybervictimization change as routine activities change

The pandemic has resulted in people spending more time online and this would increase the potential victim’s visibility to likely offenders. Indeed, research indicates that the proportion of users who access the internet only from home is positively related to cybertheft victimization (Song, Lynch, and Cochran, 2016). However, simply spending more time online may not necessarily result in a greatly enhanced probability of being victimized because overall time spent online is likely less important than the specific online activities in which one engages. Risky online routines would include surfing the dark web, playing online video games, online shopping, and visiting social media sites would increase the target’s visibility and the offender’s access, and we anticipated that increases in these behaviors would result in higher rates of cybervictimization, as shown in previous research (Bossler and Holt 2009; Bossler, Holt and May 2012; Costello et al. 2016; Hawdon, Oksanen, and Räsänen 2014; Leukfeldt and Yar 2016; Navarro and Jasinski 2012; Reyns, Henson, and Fisher 2011; van Wilsem 2011). Time spent performing other online routines, such as working online or reading the news, may have also increased due to the pandemic, but these activities are unlikely to affect cybervictimization since they would not bring one into “risky” virtual spaces.

We tested cybervictimization on US Census data-based panels

Samples of panels of Americans based on US Census data representing sex, age, race, and ethnicity, were collected pre (November 2019) and post (April 2020) pandemic. In total, 1,109 respondents had usable data in the pre-COVID sample, and 1,021 in the post-COVID-19 sample.

Types of victimizations tested included scams, identity theft, unknown transactions, notification from organizations about data theft, online bullying, online sexual harassment, and malware/viruses. Only one significant difference was found. The post-COVID-19 sample reported fewer notifications by companies that their data had been stolen (χ2=7.97(1), p=.005). In the pre-COVID-19 sample 21% of respondents indicated they had been notified by a company about data loss whereas in the post-COVID-19 sample only 16% indicated they had been notified by a company about data loss. We also examined differences in self-protection measures use in the pre/post-COVID-19 samples using similar chi-squared tests. Only one significant difference was found. While 70% of the post-COVID-19 sample indicated that they used virus software or firewalls, only 66% of the pre-COVID-19 reported that they did (χ2=3.97(1), p=.046). To see the differences in computer behaviors between the samples, we compared pre-COVID-19 and post-COVID-19 computer-related activities. These activities include playing online games, reading news or other articles online, browsing social media, using a computer while working, and shopping online. Only one activity, reading news or other online articles was significantly higher in the post-COVID-19 sample (t=-4.4(2093), p<.001).

In order to examine whether the chances of victimization changed due to changes in daily routines (e.g. working from home), we conducted negative binominal regression. Factors significantly related to lower risk of victimization included time working on a computer (IRR=0.95; p < .005) and all protective behaviors including covering a webcam (IRR=0.70; p < .001), having identity theft protection (IRR=0.78; p < .001), freezing credit (IRR=0.53; p<.001), and having virus protection (IRR=0.74; p<.001). It is worth noting that the COVID index variable was not significant, meaning the post-COVID sample did not affect victimization risk.  

Based on our results, the stay-at-home orders did not radically alter our (risky) cyber-routines, and cybervictimization did not increase. Instead, levels of cybervictimization were nearly identical pre and post-pandemic, and only one type of victimization (being informed that your identity or private information had been stolen) changed; but, contrary to expectations, it decreased in the post-COVID-19 sample. Among the indicators of cyber-routine activities, including playing online games, reading news or other articles online, browsing social media, using computer while working, and shopping online, only reading news or other online articles increased. One online activity, online shopping, even decreased in the post-COVID-19 sample. Among all the specific victimization variables, only one showed a significant difference: there were fewer notifications from companies concerning data theft in the post-COVID-19 sample. In terms of target-hardening behaviors, participants reported using more self-protection (i.e. virus software and firewall) in the post-COVID-19 sample.

Like us, the FBI anticipated that virtual environments will be increasingly affected adversely by cybercriminals (Cimpanu 2020; England 2020; IC3 2020). Research shows a growing level of cybercrime. Cybercrime rates demonstrate steady increase independently of the pandemic (Miró-Llinares & Moneva, 2019). According to Buil-Gil, Miró-Llinares, Moneva, Kemp & Diaz-Castaño (2020) especially online shopping and social media hacking-related victimization increased during the pandemic in the UK. Our research reflects another picture: US individuals sheltering in place in Spring 2020 did not experience more cyber victimization. In some cases, such as getting notifications from companies of identity theft, cyber victimization even decreased.

According to our data, daily routines (Cohen and Felson 1979) have to do with this surprising outcome. People applied more technical protective measures such as firewalls and virus software (capable guardians). Individuals stayed at home together with their families, and other than their daily work done online, likely through their employers’ relatively safe networks, and reading news articles, they did not increase their risky online behavior.

The data might refer to the usual discrepancies between official crime statistics relying on reporting and victimization surveys. The heightened awareness of cybersecurity incidents would then lead them to notice and report these crimes more than they did prior to the pandemic. Another possibility is that the increased rates of reporting to the FBI are more due to attacks on companies than on individual users. It is indeed suggested by official cybercrime reports that under the pandemic, cybercriminals shifted from individuals to governments and critical infrastructures. A further possible explanation is that people focus on their work and related tasks when on the computer and spend more time with their families or caregiving responsibilities. 

Reference

‪The full paper is published here: Hawdon, J., Parti, K., Dearden, T. (2020). Cybercrime in America amid COVID: Initial results of a national experiment, American Journal of Criminal Justice, 45, 546—562; and can be accessed in the PMC COVID database here: https://lnkd.in/dRTv4zc

Contacts

Katalin Parti, Assistant Professor, Virginia Tech

Email: kparti@vt.edu

Thomas Dearden, Assistant Professor, Virginia Tech

Email: tdearden@vt.edu

Twitter: https://twitter.com/deardent

James Hawdon, Professor, Virginia Tech

Email: hawdonj@vt.edu

Twitter: https://twitter.com/cpvp_org

Images courtesy of the authors