This module is a resource for lecturers  


Reporting cybercrime


Before an investigation begins, a cybercrime must be observed and reported. While this seems like a straightforward first step in a cybercrime investigation, the reality is that cybercrime is largely underreported worldwide (UNODC, 2013).

Did you know?

Europol has a webpage that includes information about European countries, which have online cybercrime reporting mechanisms.

For more information, see: Europol. (n.d.). Reporting Cybercrime Online.

The underreporting of crime can be explained by economist Gary Becker's (1968) expected utility theory, which holds that people engage in actions when the expected utility (i.e., gains) from these actions are higher than the expected utility of engaging in other actions (Maras, 2016, p. 25). Applying this theory to cybercrime, victims of cybercrime will not report cybercrimes if the expected utility from this reporting is low (Maras, 2016, p. 25). However, a person or organization's willingness to report cybercrime depends on the type of cybercrime. Existing research identifies several reasons why cybercrime is underreported, including the shame and embarrassment associated with being a victim of certain cybercrimes (e.g., romance scams); reputational risks associated with publicizing cybercrime (e.g., if the victim of the cybercrime is a business, loss of consumer confidence); being unaware that victimization occurred; low confidence or expectations that law enforcement can assist them; too much time and effort to report cybercrime; and lack of awareness on where to report cybercrime (Wall, 2007, p. 194; UNODC, 2013; McGuire and Dowling, 2013; Tcherni et al., 2016; Maras, 2016).

In response to the underreporting of cybercrime, governments and non-governmental organizations have implemented initiatives designed to increase reporting by streamlining the cybercrime reporting process, which can normally involve numerous agencies depending on the type of cybercrime committed (e.g., online financial fraud can involve police, banks and other financial institutions, as well as government agencies involved in the investigation of financial cybercrimes), and drawing attention to cybercrime reporting mechanisms, such as websites or hotlines. For example, in New Zealand, NetSafe - an independent, non-profit online safety organisation - in partnership with the public authorities, provides individuals with a single and secure online location to report cybercrime. In South Africa, the South African portal for resources and information on cybercrime, enables users to report cybercrime on their portal. Furthermore, in 2018, in the United States, the Federal Bureau of Investigation (FBI) launched an awareness campaign on cybercrime, which included a female actress on an American television series called "Criminal Minds," informing the public to report cybercrime to the Internet Crime Complaint Centre (IC3) (FBI, Reporting Cyber Crime is as Easy as IC3 ).

The impact of these initiatives on cybercrime reporting need to be assessed. In Australia, the Australian Cybercrime Online Reporting Network ( ACORN ) was created to simplify cybercrime reporting. In 2016, the Australian Institute of Criminology published a report evaluating ACORN, which revealed that this initiative had little effect on cybercrime reporting and public awareness on where to report cybercrime (Morgan et al., 2016). The assessment of these initiatives is important as it enables governments to invest in projects that produce desired results and assist in the modification and supplementation of programmes and initiatives that are not producing expected outcomes (for information on evaluation mechanisms, see Cybercrime Module 8 on Cybersecurity and Cybercrime Prevention: Strategies, Policies, and Programmes).

Next:  Who conducts cybercrime investigations?
Back to top