As discussed in our last publication, every form of criminal’s act has a technology aspect in it. Investigators and prosecutors struggle to find enough evidence for cybercrime prosecution. Besides multiple jurisdictional challenge in cybercrime investigations (as published on 12 November 2018), expertise, and technology, reporting of cybercrime for investigation is another challenge faced by law enforcement officers. This paper discusses some of the reasons why individuals and organizations do not report cybercrime for further investigation and prosecution. The paper also proposes strategies for enhancing reporting of cybercrime.
Reasons Why Cybercrime Is Not Reported
This section presents important discussions to solve the challenges discussed in the previous section. As discussed in the previous section, most cybercrime incidents are not reported by the victims-individuals or organizations. Due to several reasons. Several individuals and organizations do not report cybercrime to the law enforcement agencies when they occur because victims (or individuals who have cybercrime information) do not know who or where they should report cybercrime to. For example, during March 2018 edition of CyberGhana and Institute of Cybersecurity, Ghana’s Cyber awareness at Upper West and Northern Regions, students from UDS campuses said they do not know which law enforcement stations they should report cybercrime incidents to.
Businesses have also failed to report cybercrime incidents for fear of reputational damages by the media. Reputational damage can reduce customers’ interest in doing business with the affected organization.
The U.S. Department of Justice reported that cybercrime victims do not report cybercrimes because of unsatisfactory responses given by local police stations. Victims have reported several complaints to law enforcement agencies, but law enforcement never responded. The negative responses can be partly attributed to the limited number of law enforcement officers who have been trained to investigate cybercrime cases. This does little to motivate the people / victims to report such incidents. Most people or organizations do not report incidents because: time for prosecution is time consuming; and the police may need the help of novice cybercrime victim. Most novice victims do not have the confidence to meet with law enforcement agencies.
Organizations impacted by cybercrime believe their business activities may be disturbed due to involvement of employees in investigations; their company’s equipment may be used as evidence which the attacked companies would not be willing to give them out. Some companies may not report crime for the prosecution of the criminal for fear that their corporate finances, marketing strategies, trade secrets, and other corporate information may be shared during court trials and their trade secrete would be made public.
Most employee (victims) would not report crime for fear that government’s law investigators would reveal management’s malpractices. As a result, crime that results from managements’ malpractices are handled at the company’s law enforcement level. Senior management would not want employees to report cybercrime for fear that management may be liable for not implementing adequate controls. Lastly, companies that have suffered from cybercrimes fear their financial reputations may suffer, and their insurance policy rate may either be increased or ended; such companies prefer not to share crime incidents.
Enhancing Cybercrime Reporting
Private Companies Cybercrime Reporting Outreach: Crimes are not reported because people in the community do not know how and where to report cybercrime incidents. This can be corrected through public awareness and the involvement of private security and investigation companies.
The law enforcement agencies in collaboration with private security companies must develop community outreach programs about cybercrime reporting. Such programs must target both individuals, organizations, and law enforcement agencies, will be used to educate the public to speak about cybercrime incidents in their communities. Law enforcement’s cybercrime reporting outreach programs with the community enables the law enforcement agencies to note the kind of cases which are left unreported. The program helps the law police to develop additional strategies for reporting, investigating, and prosecuting future crime incidents. The program makes individuals and their companies more aware of cybercrime protective measures.
Law Enforcement and the General Public Appearance Forum: Cybercrimes are not reported because of lack of close relationship between civilians and law enforcement agencies. It is important that the police and other law enforcement agencies develop a close relationship with the public. Law enforcement agencies to reach out and speak to local business groups, schools, and associations to establish close relationship. Law enforcement agencies must also create their public appearance forum about cyber- crime prevention, locating cybercrime units and experts, and promoting the public’s awareness of the cybercriminal justice. The community outreach program enables law enforcement teams to help the public develop crime reporting confidence and skills. It is important for local police cyber units to have a documented cybercrime investigation procedure in place. The procedure must be shared with the public during outreach programs. This will help the public to be aware of cybercrime reporting protocols. The procedure must name specific law enforcement centres where cybercrime can be reported.
Author: Samuel Owusu – Cybersecurity Specialist (Advanced Evidence Discovery Ltd and Institute of Cybersecurity, Ghana). Member, Institute of ICT Professionals Ghana.