Report: US Lacks Comprehensive Cybercrime Data

July 17, 2023 by

The United States lacks comprehensive cybercrime data and monitoring — leaving the country less prepared to combat cybercrime, according to a June report by the United States Government Accountability office.

Federal agencies included in the study noted that there is no single agreed-upon definition of cybercrime or cyber-enabled crime across the government or among law enforcement agencies.

“Seven of 12 agencies (HSI, FBI, DEA, BJS, CCIPS, USPIS, and IRS) reported that the lack of a shared definition of cybercrime impedes the development of shared metrics,” reads the report. “Specifically, given the lack of a standardized definition and varying definitions used by law enforcement agencies, significant work would be required to collect consistent and comparable data on cybercrime.”

Per the report, cybercrime (including cyber-enabled crime) generally consists of criminal activities that target a computer or network for damage or infiltration or use the internet to conduct criminal activity. The GOA report notes that cybercrime in the United States is increasing, resulting in billions of dollars in losses and threatening public safety.

Agencies’ formal definitions vary. For example, one agency in the study noted that it generally uses the term “cybercrime” to refer to criminal activity committed using a computer but does not independently define cybercrime or cyber-enabled crime.

Another agency specified that it prefers to use the term “computer intrusions.” So, even to the extent they are tracking similar crime data, the report found agencies may not be identifying the same types of offenses as “cybercrime” or “cyber-enabled crime.”

In addition, the GOA found that agency systems vary in the manner and extent to which they collect data on cybercrime, which limits their ability to consistently track data. Also, data on cybercrime is not collected at a centralized location.

Provisions of the Better Cybercrime Metrics Act — enacted in 2022 — are aimed at addressing some of the existing limitations in how cybercrime data are collected and reported. The development of a cybercrime taxonomy and category in the FBI’s NIBRS system target the lack of a common definition and uniform approach to collecting data on cybercrime, for example.

That taxonomy is due to be completed one year after DOJ enters into its agreement with the National Academies of Science. The establishment of a cybercrime category is due to be completed in May 2024.

“Thus, while it is too early to tell how effective these efforts will be in addressing existing limitations, we plan to monitor these activities,” the GOA wrote.