Under the Corporate Radar: Examining Insider Business Cybercrime Victimization through an Application of Routine Activities Theory

Matthew L Williams,Michael Levi,Pete Burnap,R.V Gundur

doi:10.1080/01639625.2018.1461786

Matthew L Williams, Michael Levi + Show 2 more

Open Access

PDF Available

https://doi.org/10.1080/01639625.2018.1461786

Copy DOI

Export

Save

Cite

Journal: Deviant Behavior	Publication Date: Apr 18, 2018
Citations: 60	License type: open-access

Affiliation: Cardiff University

Abstract
Highlights/Summary
Full-Text PDF
Similar Papers

Abstract

Listen

ABSTRACTCybercrime is recognized as one of the top threats to UK economic security. On a daily basis, the computer networks of businesses suffer security breaches. A less explored dimension of this problem is cybercrimes committed by insiders. This paper provides a criminological analysis of corporate insider victimization. It begins by presenting reviews of insider criminal threats and routine activities theory as applied to cybercrime. Analysis of the nationally representative Cardiff University UK Business Cybercrime Survey then informs statistical models that predict the likelihood of businesses suffering insider cyber victimization, using routine activities and guardianship measures as predictors.

Highlights

The imagery of cybercrime victimization is principally one of attacks by outsiders, whether “organized criminals” committing identity theft illegally transferring funds to themselves, or state-sponsored hackers committing economic and/or political espionage
Three percent of micro-size organizations reported insider cyber victimization, compared to 7 percent of small-sized, 23 percent of medium-sized, and 37 percent of large-sized organizations. This result corroborates the Information Security Breaches Survey (ISBS) 2015 finding that showed large organizations were more at risk from this kind of cybercrime, compared to small-sized organizations (75 percent compared to 31 percent)
The rates of victimization found in our survey are more reliable than those reported in the ISBS 2015, given that our sample is statically representative of organizations in the UK

Summary

Introduction

The imagery of cybercrime victimization is principally one of attacks by outsiders, whether “organized criminals” committing identity theft illegally transferring funds to themselves, or state-sponsored hackers committing economic and/or political espionage. The focus of this article, is on an understudied form of cybercrime victimization: insider business cybercrime. Though argument still exists about whether he was influenced by foreign powers, the mega-leak by Edward Snowden focused the attention of governments and corporations on insider cyber-security breaches. While such high-profile cases bring insider threats to the fore of political, law enforcement, and public attention, very little is known about the enabling and inhibiting situational factors of insider corporate cyber victimization. This paper is one of the first in criminology to apply Routine Activities Theory (RAT) to insider cybercrime within organizations via an analysis of the nationally representative Cardiff University UK Business Cybercrime Survey

Results

Discussion

Conclusion