Zeng, Y., & Buil-Gil, D. (in press). Organizational and Organized Cybercrime. In H. Pontell (Ed.), Oxford Research Encyclopedia of Criminology and Criminal Justice. New York and Oxford: Oxford University Press.
Cybercrime has been on the rise since the internet became widespread in the 1990s, affecting individuals as well as private organizations and public agencies. There is an increasing involvement of organizations, both legitimate businesses and organized crime groups, in cybercrime, either as offenders or facilitators, but also as victims of cybersecurity attacks and cyber-enabled fraud. Given the growing ‘organizational’ aspect of cybercrime, it appears urgent for cybercrime research to shift the attention toward better understanding, theorizing and preventing cybercrimes with direct or indirect involvement of organizations. In this chapter we describe the state of the art of organizational and organized cybercrime research. That is, we describe what research has found regarding the role of organizations, both legitimate businesses and organized crime groups, in cybercrime, either as offenders, facilitators or victims. Consequently, we identify common themes emerging from research, and illustrate frequent research findings with case studies of cybercrime incidents recorded in France, USA, Costa Rica and the UK. Studies focusing on organized cybercrime groups show that offending networks have a spectrum of organizational complexity - from loosely-connected actors driven by common interests instead of stated leaders on one extreme, to enduring and tightly connected groups of core members who coordinate the division of labor on the other extreme - with both illicit online sites and pre-existing relations in offline settings playing important roles in criminal network development. Cybercriminals may be parasitical on legitimate organizational structures and procedures in creating an outlook of legitimacy for concealment. Legitimate businesses may also facilitate white-collar cybercrime by providing the organizational means and resources for employees to carry out generally low-tech data breaches during their occupations, as well as directly engaging in cybercriminal activities such as cyber-espionage and cyber-enabled tax avoidance. Regarding the role of organizations as victims of cybercrime, research shows that the risk, nature and harm of cybersecurity incidents varies extensively depending on the sector and size of organizations, and while not all forms of technical protection equally prevent organizational cybercrime victimization, improving cybersecurity awareness of employees (e.g., through training and seminars) seems to have strong impacts in preventing future incidents. We finalize the chapter by identifying important gaps in research and pointing researchers toward areas in which further research is needed.
Yongyu Zeng. Law School, Lancaster University, UK. Email: [email protected]
This work is partly funded by the Security Lancaster’s Mini Projects Fund (project title: “Scoping Data Availability to Measure the Nature and Extent of Cybercrimes against Financial Institutions”).
Cybercrime has been on the rise since the internet became widespread in the mid-1990s, and it saw massive increases during the COVID-19 pandemic across the globe (Buil-Gil, Zeng and Kemp, 2021; Lallie et al., 2021). For the purpose of this article, we take the comprehensive definition of cybercrime presented by McGuire and Dowling (2013), which is used as a primary criterion to record cybercrime data in the UK and elsewhere. Cybercrime is defined as a set of offenses that are either dependent on, or enabled by, computer systems, computer networks or other information and communication technologies (ICT). While ‘cyber-dependent crimes’ are those offenses that can only take place through digital systems, and include crimes such as malware, hacking, phishing and denial of service attacks; ‘cyber-enabled crimes’ comprise more traditional crime types which have increased in scale or reach due to the use of digital technologies, such as cyber-enabled fraud and other cyber-enabled predatory or personal offenses (McGuire and Dowling, 2013).
The ongoing increase in cybercrime is known to affect individual victims as well as businesses and public organizations, and all types of victims can suffer severe financial, reputational and emotional harms (Button et al., 2021; Henson, Reyns and Fisher, 2016; Ignatuschtschenko, 2021; Paoli, Visschers and Verstraete, 2018). While all types of victims are exposed to cybercrime, some estimates indicate that the financial losses faced by organizations may greatly exceed that suffered by individual victims. As an example, in 2017, the UK Annual Fraud Indicator estimated that frauds were responsible for £140 billion losses for the private sector, £40 billion losses for the public sector and £6.8 billion losses for individuals (Crowe, 2017). In the period November 2021-November 2022, 39,758 cybercrimes and frauds suffered by organizations were reported to the UK Action Fraud, with reported losses exceeding £2.2 billion, while incidents reported by individuals totaled 345,510 incidents and £2 billion in losses (City of London Police, n.d.). These are likely to be underestimates, with UK survey data indicating that only 8% of companies that suffer cybersecurity incidents report these to public authorities (Kemp et al., 2021). Furthermore, some have noted an increase in the frequency and harms of cases in which organizations, both legitimate businesses and organized crime groups, are directly and indirectly involved in cybercrime, either as offenders or facilitators (Broadhurst et al., 2014; Leukfeldt et al., 2020; Musotto and Wall, 2022; UNODC, 2022).
Given the growing ‘organizational’ aspect of cybercrime, it appears urgent for cybercrime research to shift the attention toward better understanding, theorizing and preventing cybercrimes with direct or indirect involvement of organizations. In this chapter we describe the state of the art of organizational and organized cybercrime research. That is, we describe what research has found regarding the role of organizations, both legitimate businesses and organized crime groups, in cybercrime, either as offenders, facilitators or victims. Consequently, we identify a set of common themes emerging from research, identify gaps in evidence, and point researchers toward areas in which further research is needed.
Before we move on to discuss the state of the art of organizational and organized cybercrime research, however, it is key to delineate our conceptualization of ‘organizational’ and ‘organized’ cybercrime’. While Huang and Wang (2009) define organizational cybercrime as “criminal attacks against organizations via the Internet”, Broadhurst et al. (2014) use this term to refer to the organizational aspects of groups of individuals involved in cybercrime, hence limiting this concept to organized crime groups that operate on the internet but also legitimate businesses involved in cybercrime. Similarly, Kao (2019) considers not only criminal groups engaged in cybercrime, but also state and business actors that commit or enable cybercriminal behavior. Research has equally considered those instances in which organizations are targeted by cybercriminals and those in which organizations themselves, referring to organized crime groups as well as businesses and state actors, are involved in cybercrime. The concept ‘organized cybercrime’ refers more specifically to “either a cyber-enabled crime or a cyber-dependent crime [that] involve[s] either an organized criminal group (defined in article 2 of the United Nations Convention against Transnational Organized Crime) or an offence established in accordance with article 5 of the Convention (i.e., conspiracy or criminal association)” (UNODC, 2022, p. 3). Hence, in this chapter we take an overarching approach to ‘organizational and organized cybercrime’, and briefly summarize the main research findings about the role of legitimate and criminal organizations as victims, offenders and enablers or facilitators of cybercrime. We do not consider in this chapter the organizational aspects of organizations responsible for regulating and enforcing cybercrime laws and investigating cybercrime offenses (Del-Real and Díaz-Fernández, 2022; Koziarski and Lee, 2020). We note, moreover, that while the comprehensive concept of ‘organizational cybercrime’ considered here may be convenient for the purpose of this introductory chapter, more refined conceptualizations are needed for the purposes of research (i.e., to address specific research questions), crime prevention and policy making. We return to this point later on in this chapter.
The remainder of the chapter is structured as follows: In the following section we briefly summarize the state of criminological scholarship on cybercrime published in English in high-impact journals, and offer exploratory results. We then present the main findings of research on the organizational aspects of cybercrime, focusing first on organizations, both organized crime groups and legitimate organizations, as offenders or facilitators of cybercrime, and then on organizations as victims of cybercrime. We present a number of case studies from France, USA, Costa Rica and the UK as examples of organizational cybercrime. Finally, we present a set of lessons learned and future directions for research.
There has been a wealth of research on cybercrime victimization and offending in the last 20 years. Researchers from a variety of disciplinary fields undertake cross-cutting studies to better understand the technical (e.g., Gupta et al., 2020; Lezzi, Lazoi and Corallo, 2018), legal (e.g., Clough, 2015), psychological (e.g., Attrill-Smith and Wesson, 2020), financial (e.g., Anderson et al., 2013) and social aspects of cybercrime (e.g., Yar, 2013). Here we synthesize the main themes of criminological research on cybercrime, to enable readers to familiarize themselves with this emerging subfield of criminological scholarship and to introduce the need to dedicate more efforts to investigating the ‘organizational’ aspects of online crime. For a more extensive overview of the state of the art of criminological research on cybercrime, please see Holt (2023).
In order to summarize the main areas of criminological research on cybercrime, we undertook a rapid evidence assessment through searching the academic citation database Scopus, which covers over 82 million documents published in over 41 thousand sources. We searched for research articles which include the term “cybercrime” in the title, abstract or key terms, and were published between January 2019 and December 2022 in social sciences journals. In order to enhance the feasibility of this rapid review, we limited the search to the top ten journals specialized in crime, criminal justice or deviance included in the resulting database (i.e., ‘International Journal of Cyber Criminology’, ‘Journal of Financial Crime’, ‘Crime and Delinquency’, ‘American Journal of Criminal Justice’, ‘Security Journal’, ‘Deviant Behavior’, ‘Journal of Contemporary Criminal Justice’, ‘Policing’, ‘Victims and Offenders’ and ‘European Journal of Criminology’)1. From the resulting 97 articles, 55.7% of them focused on individual differences in cybercrime (34.0% on victimization, 18.6% on offending, and 3.1% on both), 17.5% on law enforcement or regulation of cybercrime, 17.5% on organizational perspectives (8.3% on organizational offending, 7.2% on organizational victimization, and 2.1% on cybercrime facilitated by organizations) and 9.3% on other related topics. While there is a growing interest in the study of the organizational aspects of cybercrime, the bulk of criminological cybercrime research focuses on individual differences in victimization and offending. Fewer studies consider the role of organizations as targets, offenders or facilitators of cybercrime.
The main focus of criminological cybercrime research has historically been placed on individual cybercrime victims. This is likely due to the wealth of victimization survey data, both secondary and primary statistics, that has been recorded worldwide to measure cyber-dependent and cyber-enabled crime experiences (Buil-Gil, Trajtenberg and Aebi, 2023; Reep-van der Bergh and Junger, 2018). Some of the most repeated findings in the field of individual cybercrime victimization research are that the likelihood of personal cybercrime victimization is related to the digital “visibility” of users (i.e., the amount and variety of online routine activities), using certain operating systems and browsers appears to be linked with malware infections, and users’ awareness of online risks is related to a reduced risk of hacking and stalking victimization (Leukfeldt and Yar, 2016). Individuals’ self-control has been found to be related with their risk of personal cybercrime victimization (Reyns et al., 2019). While the predictors of individual cybercrime victimization appear to vary across crime types, improving individuals’ education about information security and promoting safe online behaviors appears key to prevent overall cybercrime victimization (Bossler and Holt, 2009; Bossler, Holt and May, 2012; Marcum and Higgins, 2019).
Researchers have also dedicated efforts to understanding the reasons why individuals become actively involved in cybercrime and online deviance. Studies have repeatedly found that individuals with peer associations with offenders are more likely to engage in online crime (Fox and Holt, 2021; Holt, Bossler and May, 2012; Rokven et al., 2018; Weulen Kranenbarg, Ruiter and Van Gelder, 2021). On the contrary, prosocial bonds with peers and parents reduce the engagement in cybercrime (Back, Soor and LaPrade, 2018; Weulen Kranenbarg et al., 2021). Self-control also appears to predict active involvement in cybercrime (Back et al., 2018; Fox and Holt, 2021; Higgins and Marcum, 2011). Moreover, emerging evidence suggests that small proportions of cyber-offenders may be responsible for very large volumes of online crimes (Buil-Gil and Saldaña-Taboada, 2022; Burruss et al., 2022) and some have found signs of victim-offender overlap in existing data (Moneva, Miró-Llinares and Hart, 2021; Weulen Kranenbarg, Holt and van Gelder, 2019). Interestingly, studies have found evidence that many offenders make use of online forums and digital markets to share resources and information, and to establish networks of co-offenders (Dupont et al., 2017; Soudijn and Zegers, 2012).
Aside from looking at individual victims and offenders, researchers have also paid increasing attention to the characteristics of cyber-places and how these can be designed to reduce opportunities for crime (Miró-Llinares and Moneva, 2020), and some argue for the need for evidence-informed policing practices for cybercrime prevention and investigation (Koziarski and Lee, 2020).
While criminological research is increasingly interested in understanding, explaining and preventing individual cybercrime victimization and offending, studies on the organizational aspects of cybercrime are sparser. Even though there is evidence that the economic harms of organizational cybercrime may exceed the financial impact of crimes targeting individuals, research has traditionally focused on the ‘individual’ aspects of online crime. This may be due to the apparent ease of accessing data recorded from individual populations instead of organizations (e.g., victimization surveys, police records, self-report delinquency studies), due to the unwillingness of organizations to share information on crime due to fear of reputational damages (Lagazio, Sherif and Cushman, 2014), or more generally due to the focus of traditional criminological research on individual predispositions toward crime instead of organizational aspects. While there is an overall lack of criminological research on organizational cybercrime, the increase in data sources about cybercrimes suffered, committed and facilitated by organizations (Buil-Gil et al., 2023; UNODC, 2022) is allowing novel research on the role of organizations on online crime. The following sections summarize the state of the art of research studying the role of organizations as offenders, facilitators and targets of cybercrime.
Understanding organizational and organized cybercrime entails the framing of organizations and their members as the perpetrators of cybercrimes. Here we distinguish between ‘illegitimate organized crime groups’ and ‘legitimate organizations’ as the offenders or facilitators of cybercrimes. The former refers to the semi-formal or informal social structures and arrangements involved in illegal activities, whereas the latter refers to formal and legitimate organizations mainly operated according to regulated standards and procedures. In understanding how illegitimate organizations perpetrate cybercrimes, we discuss the qualitative and sociological insights on the characteristics of cybercrime collaboration and structural properties of “organized” cybercrime networks identified using social network analysis (SNA). We then move on to discuss how legitimate organizations, including private businesses and state-affiliated actors and organizations, may variously facilitate and participate in cybercrime.
One main line of inquiry concerning organized cybercrime groups is about the link between “organized crime” and cybercrime. Existing research has adopted different definitions of organized crime in conceptualizing cybercrimes that are more or less “organized” and “planned” and display characteristics such as involving groups of three or more people, recurring over a period of time, crimes of serious nature, and being primarily financial-driven. On the one hand, a set of studies have repeatedly questioned the evidence-base on the presence of mafia-like structures in the online sphere (Lavorgna, 2016, 2020; Lusthaus, 2013; Wall, 2015). Central to the critique is the adherence to a highly stringent and formal definition of organized crime groups as criminal organizations that attempt to regulate and control the provision of protection in addition to that of illegal products and services in a given territory (Lavorgna, 2016, 2019). Researchers argue that the virtual and global reach nature of the internet, as well as the anonymity offered by cyberspace, makes it difficult to establish geographically-bounded effective governance and rule enforcement to maintain monopoly of illicit online spaces, which typically characterizes traditional mafia-like structures operating through threats and fear of non-compliance (Lusthaus, 2013; Yip, Webber and Shadbolt, 2013; Wall, 2015). Furthermore, a distinct feature of governance-style organized crime is the autonomous and enduring associations of members who are tightly bonded together and follow strict hierarchical structure while being independent of key leadership. Research suggests that such a feature is not always facilitated by the vastness of the internet which otherwise promotes flexibility, ephemeral and dynamic in shaping cybercrime groups (Lusthaus, 2013; Musotto and Wall, 2022; Wall, 2021). It is important to note, nonetheless, that this group of researchers does accept that organized crime has an important presence in cyberspace, but criticizes that directly equating online criminal groups with organized crime does not consider the totality of organizational and definitional characteristics of organized crime (Lavorgna, 2020).
On the other hand, studies supporting the idea that there is indeed a link between organized crime and cybercrime generally adopt looser definitions of ‘organized crime groups’, but it is important to note that their research findings regarding the organization of organized cybercrime groups are not essentially different from studies seen above. Whereas the study by Birk et al. (2007) offers interesting analysis on fishing techniques, it reduces the complex phenomenon of ‘organized crime’ to the criminal activities in which cybercrime groups are involved (i.e., crimes of a serious nature such as identity theft and money laundering), without much consideration over the ongoing debates on the organized crime concept. Elsewhere, other studies do recognize the definitional debate and argue that the existing scholarly and policy conceptualizations of ‘organized crime’ have an overly narrow scope that fail to capture the evolving organizational form of crime facilitated by the internet (Choo and Smith, 2008; Grabosky, 2015). There are also studies that more directly support the potential involvement of traditional mafia-like organized crime groups in cybercrime, although the evidence is relatively scarce and have mostly relied on anecdotal evidence (McGuire, 2012). This line of research addresses how cyberspace and ICT may be used for recruitment of specialized enablers or to facilitate gambling and the production and exchange of pornography, or for extortion purposes by organized crime groups (Choo and Smith, 2008; Lavorgna, 2015; Leukfeldt, Lavorgna et al., 2017).
Despite the definitional debates around the concept of ‘organized cybercrime’, a growing area of research focuses on cybercrime offending from a criminal network perspective. Studies investigate how known co-offenders work together (Edward and Levi, 2008) in committing cyber-enabled and cyber-dependent crime through socially-engineered deception or malware, and how illicit online forums are structured to foster criminal collaborations. Existing research identifies varying degrees of hierarchy among different cybercriminal networks. Wall (2015) argues that cybercriminal groups are best described using a disorganized and distributed model of organization driven by shared interests or common goals instead of a stated leader. Concurrently, an absence of formal hierarchical structure has been identified among some hacker groups that are often collaborative in nature, without a clear agenda in obtaining illegal profits, and often consist of relatively young and amateur offenders who see each other as peers (Lusthaus et al., 2023; Nurse and Bada, 2018). There are also other studies that have identified the presence of individual leaders - or groups of leaders - in coordinating mainly financially-driven cybercrime networks (Leukfeldt, Lavorgna et al., 2017; Leukfeldt, Kleemans and Stol, 2017; Lusthaus et al., 2023; Nguyen and Luong, 2021). Within the core groups, there sometimes exists a leader who commands others. Furthermore, Lusthaus et al. (2023) analyzed 10 financially-motivated cybercrime cases in the UK but with international links and identified the presence of leaders involved in specialized task groups that are responsible for cashing out and distributing criminal proceeds from cyber-enabled fraud. With regard to structural positioning, studies using SNA show that formal leaders may or may not rank highest in centrality measures (i.e., how well connected an actor is with other members, and the extent to which actors act as a “bridge” between other members) among criminal associates (Lu et al., 2010; Nguyen and Luong, 2021).
Moreover, while studies suggest that division of labor appears to be a common feature (Leukfeldt and Holt, 2020), cybercrime networks are found to be of varying longevity (i.e., length of existence) and cohesion (i.e., how well actors are connected to each other). Research has found that core members of cybercrime networks often carry out different tasks such as hacking, phishing, and cashing to money laundering themselves. These core members may in some cases form stable criminal collaborations over a period of time, whereas those “disorganized” networks without leaders are more likely to be ephemeral and short-lived (Broadhurst et al., 2014; Nurse and Bada, 2018). Whereas research finds that these core members could be well-connected, others find that the network cohesion is relatively low, which suggests that groups of cybercriminals are sparsely and loosely structured (Décary-Hétu and Dupont, 2012). In addition, network boundaries are not always clear cut. Cyber-offenders are often in contact with other criminals outside of the group, which makes the network resilient in the removal of central actors (Décary-Hétu and Dupont, 2012). In line with this is the ease among core members in recruiting professional and recruited enablers to access hacking tools and services and stolen data, and to recruit money mules to assist with phishing and money laundering. While turnover of money mules appears to be high due to detection risk, there tend to be preferred enablers by the core groups (Leukfeldt, 2014). An additional class of enabling roles responsible for creating and managing malware attacks was identified by Lusthaus et al. (2023) in fraud networks. In addition, research has shown these enablers could be from the legitimate economy including bank employees of short tenure and postal workers which provide victims’ information and modify accounts’ settings to facilitate phishing (Leukfeldt, 2014).
The other key question explored in the literature is the role of offline/online settings in the emergence and development of cybercriminal networks and the structure of illicit online forums. While cybercriminals often communicate using ICT, and some networks may have offenders who never meet each other in-person, studies suggest that pre-existing relations and offline social settings, such as friends and family, play important roles in the origin and growth of cybercriminal collaboration for financial-driven cybercrimes, especially among core network members or sub-network clusters (Leukfeldt, Lavorgna et al., 2017). In the meantime, cyber-offender convergence settings, mostly underground illicit internet forums, enable cybercriminals to meet and develop collaborations, transmit various criminal knowledge, recruit specialized enablers, and obtain a wide variety of illicit products and services (Hutchings, 2014; Soudijn and Zegers, 2012). These forums have relatively low entry costs, and some forums might have tighter structures than others, likely reflecting their degree of specialization (Pete et al., 2020). Research shows the presence of hierarchy with administrators at the top, and moderators, reviewers, forum and market participants down the chain (Yip et al., 2013). Nonetheless, administrators and moderators do not always show the most centralized nodes in network structures, but in some cases the central positions are taken by sellers who advertise their products or hackers or users who share highly technical knowledge (Pete et al., 2020). Buyers and neutral users are found to play important roles in structuring the networks, especially those who share frequency posts and facilitate the exchange of information regarding the reputation of participants and product quality (Holt and Smirnova, 2014). Interestingly, Nguyen and Luong (2021) suggest that the absence of a leader appears to be a feature of some hacking forums that are being developed and yet reach the mature stage.
During 2010, the FBI investigated a web forum dedicated to exchanging malware, stolen identity documents and credit card information. The investigation identified an organized group of French citizens that were using this forum for criminal purposes, and the FBI and French authorities cooperated to arrest and prosecute fifteen members of the organized cybercrime network. Defendants were mostly males (only two of them were females) and young (aged 18 to 24). Fourteen defendants were later convicted for several offenses, including complicity to commit fraud, participation in criminal organized crime group, illegal access to data systems, illegal access to computer data, and fraud. Prison sentences ranged from six months to two years. The investigation concluded that defendant “Z” was running a criminal network with a certain degree of structure and division of labor. Himself and defendants “P” (defined by investigators as the “technical advisor”) and “N” were responsible for finding and acquiring credit card data in web forums. Defendant “L” also contributed to the group by stealing credit card data from his employer. Defendants “P” and “Z” were responsible for hacking into accounts of users in commercial websites (e.g., online shopping sites) and modifying users’ account information to prevent them from receiving notifications of purchases and deliveries. Defendant “Z”, alongside another network member, “N”, were then responsible for purchasing products and goods in these commercial websites. Products were delivered to shipping points. “Z”, now with the collaboration of another member, “X”, forged identity documents used by seven other persons (defined by the investigation as “mules”) to retrieve the packages from shipping points. “Z” then received the packages and sold the products on commercial websites. The group successfully placed over 2,000 orders with estimated benefits ranging between €40,000 and €60,000. Source: SHERLOC Case Law Database, United Nations Office on Drugs and Crime, Case FRAx030.
This case illustrates the presence of a criminal network in organizing various cyber-dependent and cyber-enabled crimes. Carding forums play an important role where stolen credit card details are purchased by the network, which is in accordance with previous research that demonstrates how online stolen data markets enable small groups of offenders to have a high impact (Leukfeldt, Kleemans et al., 2017). The network shows clear division of labor among 15 members with a stated leader “Z”, who directs and coordinates others in stealing and purchasing credit card details, hacking into user accounts, purchasing goods on online shopping sites, retrieving goods using mules, and selling illegally obtained goods. This dynamic fits with the clear division between the hacking and money component (including mules directed by a single leader) identified by Lusthaus et al. (2023), and shows how an employee in a legitimate company might act as an enabler in helping cybercrime networks to access credit card details (Leukfeldt, Kleemans et al., 2017). Moreover, this case further fits the typology of a single-directed cybercrime network, where one leader controls small groups (Nguyen and Luong, 2021). This case also highlights the importance of offline settings where network members meet in passing illegally purchased goods (Leukfeldt, 2014).
In understanding how legitimate organizations might facilitate cybercrime, the limited literature generally addresses (1) how cybercriminals may use legitimate organizations as a disguise or for concealment of criminal activity, and (2) personal characteristics of the more traditional white-collar criminals involved in cybercrime. On the one hand, cybercriminals may establish legitimate businesses following established standards and procedures in order to provide a shell of superficial legitimacy to conceal cybercrimes (Friedrichs, 2009). On the other hand, some legitimate businesses may start out as law-binding entities but later on turn to willingly facilitate cybercrimes by turning a blind eye to potential cyber-offenses, according to the fraud typology by Levi (2008). For instance, research suggests that the growth of unlicensed online gambling sites has provided opportunities for concealing criminal proceeds gained from cybercrime (Grabosky, 2016). Legitimate financial institutions may also unwittingly facilitate the financial aspects of cybercrime, although the digital nature of cybercrime proceeds may mean that the less-regulated crypto exchanges may be preferred (McGuire, 2018; Lord, Campbell and Van Wingerde, 2019). Whereas there is limited empirical research in analyzing how cybercriminals may conceal proceeds in the legal economy, Kruisbergen et al. (2019) find that the legitimate banking system may facilitate cybercrime by enabling the withdrawal of cybercrime proceeds that are placed in bank accounts of money mules.
Researchers have also explored how ICT facilitates occupational offending (i.e., “white-collar cybercrime”), that is, cybercrimes that are committed as part of the offenders’ occupation (Gottschalk and Hamerton, 2021; Payne, 2018). Researchers have discussed cases in which legitimate organizations provide cybercrime opportunities to those entrusted with privilege access (Madensen, 2016). Although white-collar crime is often under-recorded, studies have attempted to analyze convicted white-collar cybercriminal characteristics using official crime data from the USA and UK. Findings similarly support that white-collar cybercriminals are mainly young males, who are more likely to work alone than co-offend, and they are mainly officers at financial institutions and police employees committing less-technical crimes such as data and system breaches, depending on organizational opportunity structures and culture (Hutchings and Collier, 2019; Payne, 2018).
Legitimate organizations may directly commit cybercrime. Industrial or corporate espionage and competitive intelligence form an active research area. Here we use the legal definition of corporate espionage as the illegal intelligence activities in gathering, analyzing and managing trade secrets or proprietary and confidential information (such as operational information and intellectual property) without permission, and with the intent to gain competitive advantage or sell to interested parties (Wagner, 2012). Studies suggest that the digitalization of sensitive corporate information and introduction of cloud-based data storage facilitates corporate cyber-theft - these reduce costs for the offending organization and reduce detection risks (Holt and Kennedy, 2020). Many organizations also increasingly deploy electronic communication channels for employees to interact with one another, creating opportunities for corporate espionage (Holt and Kennedy, 2020). A systematic literature review by Hou and Wang (2020) indicates that the ‘human factor’ is the weakest link in managing information security due to complex human nature, although it remains insufficiently studied compared to the technological approaches (e.g., the use of malware) of corporate espionage. Research suggests that information intercept heavily relies on social engineering tactics or insider collusion in facilitating the malware installation (Button, 2020). Conducive organizational factors that push individuals into committing illegal activities on behalf of the organizations could include intensive market pressures and competitiveness, weak ethical culture and insufficient reward system in combination with high job demands (Vashisth and Kumar, 2013). Finally, studies have shown that ICT usage facilitates sharing of tax avoidance strategies such as underreporting profits and underpaying taxes between legitimate enterprises, and higher degrees of internet use are related to higher degrees of organizational tax avoidance (Argilés-Bosch et al., 2020; Lin et al., 2022).
Research has also examined the role of nation states in relation to cybercrime. The organization of state involvement in cybercrime can be understood using a hybrid organizational model through state-sponsored cybercrime or state-private interaction (Karstedt, 2014). State-sponsored cyber-attacks may target national infrastructures to promote political or ideological objectives, as well as private organizations to steal proprietary information related to military product designs (Rudner, 2013). Viewing state-private interaction as a continuum, on one extreme is the state monopoly of cybercrime, and on the other extreme is the state's concerted ignorance of private cybercrime. In between, there may be the formal or loose cooperation between government agencies and non-state actors from explicit sponsorship, active encouragement, turning a “blind eye” to state incapacity in controlling cybercrimes (Broadhurst et al., 2014; Lavorgna, 2023). Follis and Fish (2022) further conceptualizes such dynamics as the blurry and contingent boundaries between states and private hackers, and how the framing of joint national security work, military and law enforcement problems could be used to justify the various forms of association with hackers that bring tactical advantages.
In 2013, seven individuals operating a digital currency exchange registered in Costa Rica were charged with money laundering, fraud, and conspiring to operate an illegal money transmitting business. Charges included prison sentences and monetary fines. The defendants ran ‘Liberty Reserve’, a digital payment service which allegedly laundered over 6 billion US Dollars. The company allowed its users to deposit fiat currency, mainly Euros or US Dollars, convert it to digital currency and transfer it to other users. A small fee was charged for each transaction. The company recorded minimal information about users and transactions, and investigators concluded that its operating mode was purposely designed to hide the identity of users and provide untraceability for cybercriminals to transfer the proceeds of illegal activities including identity theft, credit card fraud, computer hacking, child pornography, computer hacking and malware, and drug trafficking. Over one million users were operating through Liberty Reserve when the company was shut down. The investigation involved USA authorities as well as international assistance from Costa Rica, Netherlands, Spain, Sweden and Switzerland. Source: SHERLOC Case Law Database, United Nations Office on Drugs and Crime, Case USA004R.
This case shows how a legitimate digital money transmittance business legally established in Costa Rica by a group of individuals according to local laws may be used to launder criminal proceeds from a variety of financial-driven cybercrimes. Although it was unclear whether its facilitation of transnational money laundering was preconceived, the choice of Costa Rica with a relatively lax financial regulatory system to establish virtual currency indicates the potential exploitation of jurisdictional asymmetry (Van Wingerde and Lord, 2020). Further, the business had weak due diligence procedures in verifying user identities and had no upper limits in transaction sizes, which highlight how a legitimate business may willfully turn a blind eye to criminal activities through concerted ignorance in enabling cybercrime (Friedrichs, 2009). Furthermore, employees at Liberty Reserve were required to sign non-disclosure agreements, which effectively creates a “secret society” that maintains the silence among employees and prevents them from turning to authorities (Kennedy, 2020).
Legitimate organizations, including businesses, public agencies and non-governmental organizations, but also educational institutions and other types of entities, are also often targeted by cybercriminals. According to UK Cyber Security Breaches Survey estimates, in 2020, 39% of UK businesses identified a cyberattack, and similar figures were recorded in previous years (Department for Digital, Culture, Media & Sport, 2022). The majority of these cybersecurity incidents represented phishing attempts, but 21% of companies also reported more sophisticated offenses such as malware, ransomware and denial of service attacks. The increase in openly available survey data on organizational cybercrime victimization (Buil-Gil et al., 2023) has enabled researchers and government agencies to estimate the prevalence and incidence of victimization and to undertake research to identify the main predictors of cybersecurity attacks (Kemp, 2023; Rantala, 2008). For instance, the Canadian Survey of Cyber Security and Cybercrime records data from a sample of over 12 thousand businesses every two years, the National Computer Security Survey was conducted in the United States in 2001 and 2005, and in 2021 the Eurobarometer included measures of corporate cybercrime victimization in 27 countries. In the UK, this type of information is recorded in the Cyber Security Breaches Survey and the Cyber Security Longitudinal Survey each year. Police recorded crime data is also used to explore the risk of organizations to suffer cybercrimes (Correia, 2022), and increasingly, technology and cybersecurity companies are developing their own estimates of cybercrime from data which is often unavailable to public administrations (Furnell, Emm and Papadaki, 2015). The availability of newer sources of data on organizational cybercrime victimization has also stimulated a growth in studies on organizational cybersecurity culture and practices, beyond individual cybercrime victimization research (Huang and Pearlson, 2019; Poehlmann et al., 2021).
Using data recorded in the National Computer Security Survey 2005 in the United States, Rantala (2008) found that 67% of the 7,818 participant organizations had suffered at least one type of cybersecurity incident in the last year. The most common types of attacks were spyware, adware, phishing and spoofing attacks. Similarly, analyzing a sample of 4,000 businesses in Australia, Richards (2009) found that the most common types of attacks were virus and malware, and the type of impact that was more commonly identified referred to the corruption of software or hardware. Similar studies have been undertaken by HISCOX (2018), which surveyed over 4 thousand professionals responsible for the cybersecurity of small companies in the UK and found that around 30% of them had suffered an attack in the last year; and Bilodeau, Lari and Uhrbach (2019), who surveyed 10,794 Canadian companies and estimated that 21% of organizations had been impacted by cybersecurity incidents in the last year (the majority of these were scams, online frauds, phishing and computer viruses). Williams et al. (2019) found that 10% of the 751 companies surveyed in the UK had suffered at least one type of cyber-victimization from insiders. Moreover, corporate espionage and intellectual property crime are also facilitated by digital technologies (Hou and Wang, 2020; Vashisth and Kumar, 2013). All these types of cyber-enabled and cyber-dependent incidents can seek financial benefits as well as business disruption or reputational damage for ideological or political reasons (Ibrahim, 2016).
Data recorded in these surveys have enabled researchers to identify that the risk of suffering cybersecurity incidents varies extensively depending on the sector and size of each organization. Rantala (2008) found that telecommunication businesses, computer system design companies and manufacturers of durable goods suffer incidents more often than other business sectors. However, administrative support, finance and food service companies reported the largest financial losses due to cybersecurity incidents. Companies with smaller dependence on digital systems, such as forestry, hunting and agriculture companies reported the lowest rates of attacks. Bilodeau et al. (2019) found that banks, universities and transportation companies were those with the largest prevalence of incidents. Buil-Gil, Lord and Barrett (2021) also found that telecommunication and IT companies were those with the largest incidence and prevalence of attacks. Kemp (2023) reported that companies in the information, administrative and financial services had a higher risk of suffering phishing attacks, while retail, accommodation and entertainment companies suffered more identity thefts. Some argue that those business sectors that are involved in more and more varied online activities (e.g., website and social media, functionalities for online transactions, institutional email addresses, guest wireless network), and hence have a larger digital exposure to the general public, are also those that may be at a higher risk of cyberattacks (Buil-Gil, Lord et al., 2021; Williams et al., 2019). Several surveys have also found that larger businesses, and those with the largest revenues, are those that report the greatest economic losses due to cybercrime (Bilodeau et al., 2019; Rantala, 2008; Richards, 2009). Small and medium enterprises (SMEs), however, also report a high prevalence of incidents (Department for Digital, Culture, Media & Sport, 2022), with damaging impacts on organizations’ reputation and finance and employees’ psychological and relational wellbeing (Button et al., 2021).
The analysis of survey data has also enabled researchers to explore which cybersecurity measures are potentially related to fewer cybersecurity incidents in organizational settings. Repeated studies have identified that while not all forms of technical protection are related to fewer incidents suffered by organizations (Kemp, 2023; Rantala, 2008), improving the cybersecurity awareness of employees (e.g., through training and seminars) seems to have strong impacts in preventing the frequency and impact of attacks (Choi, Martins and Bernik, 2018; HISCOX, 2018; Williams et al., 2019). Backing up data securely, undertaking extraordinary cybersecurity checks and monitoring users’ activity also appears to be related to fewer incidents (Buil-Gil, Lord et al., 2021). Kemp (2023) found that while hearing about government-sponsored cybersecurity advice appears to be related to adopting more cybersecurity measures, this does not always mean suffering fewer attacks. Interestingly, Rantala (2008) and Buil-Gil, Lord et al. (2021) found that those companies with in-house cybersecurity teams appear to report suffering fewer incidents, and a smaller impact of attacks, than those with outsourced cybersecurity. In turn, Buil-Gil, Lord et al. (2021) concluded that “enhancing the in-house guardian by developing cybersecurity teams within the organization seems to generate the best results for preventing cyber-attacks and their negative impacts” (p. 312). Relatedly, Kemp et al. (2021) found that while very few companies that suffer cybersecurity attacks report these to public authorities, the proportion of businesses that do report to government agencies is larger amongst those that have in-house cybersecurity teams. Companies with outsourced cybersecurity appear to be less likely to share details about cybersecurity incidents with public authorities.
In September 2013, the accounts manager of AEV, a UK company specialized in the manufacturing and supply of varnishes, resins and insulating products for electrical and electronic companies, received an email impersonating HMRC, the UK Government agency responsible for the collection of taxes. The accounts manager opened the email, opened a “zip” file attached, and clicked on an executable file. The managing director of the company explains that the email did not include malware, and hence the company’s antivirus software did not pick it up. The executable file, however, allowed criminals to communicate with the local workstation and record all logging of keys on the accounts manager’s keyboard. The following day, the accounts manager entered all codes and challenge codes to log into their online banking system. Following that, the computer froze and was rebooted. Once the account manager accessed the bank accounts, €100,000 and $30,000 had been transferred to bank accounts in Cyprus and Ukraine, respectively. The company did not have cybersecurity insurance and could not recover the money. The managing director of the company reported this incident as “the most disruptive experience possible”. After the attack, the company increased its investment in internal cybersecurity awareness and training, and cybersecurity firewalls, to mitigate future cybersecurity risks. It is key for the staff to know, for instance, that HMRC does not communicate with companies over email. The managing director of AEV recommends companies to “become secure, become aware, train your staff”. Source: North West Regional Organised Crime Unit (2015)
This case study illustrates a common example of a medium-sized business targeted by a phishing attack over email. The email impersonated a relevant UK Government agency, discussed an important issue, and was sent to the person responsible for the management of bank accounts - it was set up considering the ‘human factor’ of cybercrime and utilizing social engineering techniques (Bowen, Devarajan and Stolfo, 2011). The executable file probably included some type of keylogger malware which was not picked up by the company’s antivirus software, which enabled offenders to record all loggings of keys in the victim’s computer. The company is a manufacturer of goods for electric and electronic products, and it is a multinational organization with offices in USA, UK, Hungary and Malaysia (Bilodeau et al., 2019; Rantala, 2008; Richards, 2009). This business has a website and social media, operates online banking systems, and provides employees with institutional email addresses - it is thus digitally exposed to the general public (Buil-Gil, Lord et al., 2021; Williams et al., 2019). The organization’s antivirus system did not detect the attack (Kemp, 2023). After the incident, the managing director of the company concluded that a series of changes were needed to prevent future attacks and mitigate their negative consequences: improving the awareness of employees through training (Choi et al., 2018; HISCOX, 2018), probably through an in-house cybersecurity team (Buil-Gil, Lord et al., 2021), improving the company’s cybersecurity firewalls, and having other measures in place such as cybersecurity insurance.
This review of the state of the art of organizational cybercrime research has enabled us to identify a set of lessons learned with important implications for theory, policy and practice, and to identify gaps in evidence and areas for future research. We note, however, that this chapter mainly considers findings of academic articles published in English, and we may have missed some important contributions published in other languages.
First, while the body of research on organizational cybercrime - also on organized cybercrime and the organization of cybercrime more generally - is growing in recent years, and both researchers and practitioners are slowly shifting their attention toward a better understanding of the ‘organizational’ aspects of online crime, the ‘conceptualization’ of organizational cybercrime largely reflects different phenomena across studies and policy documents. While some refer to attacks against organizations via the internet (Huang and Wang, 2009), others study groups of individuals involved in cybercrime with a certain level of organization (Broadhurst et al., 2014), or criminal groups and state and business actors that are either directly responsible or indirectly facilitate cybercrime (Kao, 2019). In this review we have taken an overarching approach and summarized relevant research findings on the role of legitimate and criminal organizations as offenders and enablers or facilitators, and victims, of cybercrime. The working definitions of ‘organizational cybercrime’ used in research and policy allow for elasticity and flexibility in the way such behaviors are conceptualized and operationalized. While this may enable researchers, practitioners and policymakers to consider the set of deviant and criminal activities that they deem to be more problematic, or worthy of investigation, in each case, the lack of conceptual clarity and consistency may also severely restrict comparative studies that aim to understand the nature and extent of criminal activity across studies and jurisdictions, and the development of a comprehensive evidence base for better-informed prevention. Three distinct, though tightly linked, bodies of research and evidence emerge from existing research: organized cybercrime research, corporate and state actors that facilitate or enable cybercrime, and organizational cybercrime victimization.
Second, and relatedly, the ‘operationalization’ and ‘measurement’ of organizational and organized cybercrime varies even across studies and policy documents with similar conceptualizations of the same phenomenon. There is a need for better, and more consistent, methodologies to capture, study and theorize, and in turn prevent, organizational and organized cybercrime. Below we present some considerations on how to make a better use of existing cybercrime data for research and practice. Even considering the limitations of existing studies and the lack of consistency in the definitions and measurements of organizational cybercrime used in research, this review has identified a set of common themes with important implications for theory and prevention.
Third, the criminological debate on the term “organized crime” about how elastic it should be is also featured in the cybercrime literature. The pairing of cybercrime and ‘organized crime’ was first present in policy documents, law enforcement programs and media, and later criticized by researchers who argue that the empirical evidence on the presence of traditional organized crime groups in cyberspace in still limited and inconclusive (Lavorgna, 2019, 2020). Whereas cybercrime does not lend itself to the mafia-like governance-model of organized crime (Wall, 2015), the conceptualization of cybercrime network enables us to shift the analytical focus on the actors, relations and networks underpinning cybercrimes that are more or less planned. Research shows that cybercrime networks have a spectrum of organizational complexity from the loosely-connected actors driven by common interests instead of stated leaders on one extreme, to the enduring and tightly connected group of core members in coordinating enablers through the division of labor on the other extreme, with both illicit online sites and pre-existing relations and offline settings playing important roles in network development (Leukfeldt, Lavorgna et al., 2017; Lusthaus et al., 2023; Nguyen and Luong, 2021).
Fourth, cybercriminals may be parasitical on legitimate organizational structures and procedures in creating an outlook of legitimacy for concealment. Legitimate businesses may also facilitate white-collar cybercrime by providing the organizational means and resources for employees to carry out generally low-tech data breaches during their occupations (Payne, 2018). Individuals may carry out cyber-espionage on behalf of the organizations in order to gain market edge (Holt and Kennedy, 2020). The use of ICT has further been found to increase organizational tax avoidance behavior through sharing of criminal knowledge (Hou and Wang, 2020). States may also be involved in cybercrimes through various degrees of interaction with private hackers (Broadhurst et al., 2014).
And fifth, regarding the role of organizations as victims of cybercrime, research appears to show that the risk, nature and harms of cybersecurity incidents varies extensively depending on the sector and size of organizations (Bilodeau et al., 2019; Button et al., 2021; Kemp, 2023; Rantala, 2008), more digital exposure to the general public (e.g., through website, social media, guest wireless network) may mean more risk of attacks (Buil-Gil, Lord et al., 2021), not all forms of technical protection equally prevent organizational cybercrime victimization (Kemp, 2023; Rantala, 2008), and improving cybersecurity awareness of employees (e.g., through training and seminars) seems to have strong impacts in preventing future incidents (Choi et al., 2018; HISCOX, 2018; Williams et al., 2019). It may also be key to distinguish those cybercrimes with a financial intent from those that seek business disruption or reputational damage for ideological, political or strategic reasons.
A set of potential areas for future research have been identified. While it is true that existing secondary data on organizational cybercrime is still very limited in its availability and scope, researchers are increasingly taking creative approaches to make a better use of existing datasets. For example, Enghoff and Aldridge (2019) make a call for utilizing unsolicited online data recorded from darknet markets, online forums, and similar sites, to obtain information about organized cybercrime activities; and Buil-Gil and Saldaña-Taboada (2022) used crowdsourced data and open source Blockchain records to extract information about Bitcoin accounts associated with cybercrime activity. Case studies of cases known to public authorities may also provide key information about the characteristics of actors, networks and behaviors (UNODC, 2022), which can be complemented by qualitative data obtained from interviews with key actors (Zeng, 2021). Longitudinal survey data may also be key to allow exploring causal associations between cybersecurity attitudes and practices and organizational cybercrime prevention. Finally, a gap in research has been identified regarding the victim-offender overlap for organizational cybercrime, to explore the extent to which organized groups of individuals involved in cybercrime are also exposed to cybercrime victimization.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., and Chon, S. (2014). Organizations and Cybercrime: An Analysis of the Nature of Groups Engaged in Cybercrime. International Journal of Cyber Criminology, 8(1), 1-20.
Buil-Gil, D., Lord, N., and Barrett, E. (2021). The Dynamics of Business, Cybersecurity and Cyber-Victimization: Foregrounding the Internal Guardian in Prevention. Victims & Offenders, 16(3), 286-315.
Holt, T.J. (2023). Understanding the State of Criminological Scholarship on Cybercrimes. Computers in Human Behavior, 139, 107493.
Lavorgna, A. (2019). Organized Crime and Cybercrime. In T.J. Holt and A.M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 1-18). Cham: Palgrave.
Leukfeldt, E.R., Kruisbergen, E.W., Kleemans, E.R., and Roks, R.A. (2020). Organized Financial Cybercrime: Criminal Cooperation, Logistic Bottlenecks, and Money Flows. In T. J. Holt and A. M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 961-980). Cham: Palgrave.
Leukfeldt, E.R., Lavorgna, A., and Kleemans, E.R. (2017). Organised Cybercrime or Cybercrime that is Organised? An Assessment of the Conceptualisation of Financial Cybercrime as Organised Crime. European Journal on Criminal Policy and Research, 23, 287-300.
Lusthaus, J., Kleemans, E., Leukfeldt, R., Levi, M. and Holt, T. (2023). Cybercriminal Networks in the UK and Beyond: Network Structure, Criminal Cooperation and External Interactions. Trends in Organized Crime.
Nguyen, T., and Luong, H.T. (2021). The Structure of Cybercrime Networks: Transnational Computer Fraud in Vietnam. Journal of Crime and Justice, 44(4), 419-440.
Wall, D.S. (2015). Dis-Organised Crime: Towards a Distributed Model of the Organization of Cybercrime. The European Review of Organised Crime, 2(2), 71-90.
Weulen Kranenbarg, M., Ruiter, S., and Van Gelder, J.L. (2021). Do Cyber-Birds Flock Together? Comparing Deviance Among Social Network Members of Cyber-Dependent Offenders and Traditional Offenders. European Journal of Criminology, 18(3), 386-406.
City of London Police (n.d.). NFIB Fraud and Cyber Crime Dashboard. Retrieved from: https://colp.maps.arcgis.com/apps/dashboards/0334150e430449cf8ac917e347897d46 (Last accessed 22 December 2022).
Department for Digital, Culture, Media and Sport (2022). Cyber Security Breaches Survey: Combined Dataset, 2016-2022. Retrieved from: http://doi.org/10.5255/UKDA-SN-8971-1 (Last access 31 March 2023).
Department for Digital, Culture, Media and Sport (2023). Cyber Security Longitudinal Survey: Wave 2, 2022. Retrieved from: http://doi.org/10.5255/UKDA-SN-9067-1 (Last access 31 March 2023).
European Union (2022). SMEs and Cybercrime. Retrieved from: https://europa.eu/eurobarometer/surveys/detail/2280 (Last access 1 April 2023).
Harrell, E. (2005). National Computer Security Survey (NCSS). Retrieved from: https://bjs.ojp.gov/data-collection/national-computer-security-survey-ncss (Last accessed 31 March 2023).
United Nations Office on Drugs and Crime (n.d.). SHERLOC Case Law Database. Retrieved from: https://sherloc.unodc.org/cld/v3/sherloc/cldb/index.html?lng=en (Last access 1 April 2023).
Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M.J.G., Levi, M., Moore, T., and Savage, S. (2013). Measuring the Cost of Cybercrime. In R. Böhme (Ed.), The Economics of Information Security and Privacy (pp. 265-300). Berlin: Springer.
Argilés-Bosch, J.M., Somoza, A., Ravenda, D., and García-Blandón, J. (2020). An Empirical Examination of the Influence of E-Commerce on Tax Avoidance in Europe. Journal of International Accounting, Auditing and Taxation, 41, 100339.
Attrill-Smith, A., and Wesson, C. (2020). The Psychology of Cybercrime. In T.J. Holt and A.M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 654-678). Cham: Palgrave.
Back, S., Soor, S., and LaPrade, J. (2018). Juvenile Hackers: An Empirical Test of Self-Control Theory and Social Bonding Theory. International Journal of Cybersecurity Intelligence & Cybercrime, 1(1), 40-55.
Bilodeau, H., Lari, M., and Uhrbach, M. (2019). Cyber Security and Cybercrime Challenges of Canadian Businesses, 2017. Report No. 85-002-X. The Canadian Centre for Justice Statistics, Statistics Canada.
Birk, D., Gajek, S., Grobert, F., and Sadeghi, A.R. (2007). Phishing Phishers - Observing and Tracing Organized Cybercrime. In Y. Berthier, T. Chen, M. Casassa Mont, P. Labbe, G. Parr, R. State, R. Reda and R.S.S. Sundhar (Eds.), Second International Conference on Internet Monitoring and Protection (ICIMP 2007) (pp. 3-3). IEEE.
Bossler, A.M., and Holt, T.J. (2009). On-line Activities, Guardianship, and Malware Infection: An Examination of Routine Activities Theory. International Journal of Cyber Criminology, 3(1), 400-420.
Bossler, A.M., Holt, T.J., and May, D.C. (2012). Predicting Online Harassment Victimization Among a Juvenile Population. Youth & Society, 44(4), 500-523.
Bowen, B.M., Devarajan, R., and Stolfo, S. (2011). Measuring the Human Factor of Cyber Security. In IEEE International Conference on Technologies for Homeland Security (pp. 230-235). IEEE.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., and Chon, S. (2014). Organizations and Cybercrime: An Analysis of the Nature of Groups Engaged in Cybercrime. International Journal of Cyber Criminology, 8(1), 1-20.
Buil-Gil, D., Lord, N., and Barrett, E. (2021). The Dynamics of Business, Cybersecurity and Cyber-Victimization: Foregrounding the Internal Guardian in Prevention. Victims & Offenders, 16(3), 286-315.
Buil-Gil, D., Trajtenberg, N., and Aebi, M.F. (2023). Measuring Cybercrime and Cyberdeviance in Surveys. SocArXiv. https://doi.org/10.31235/osf.io/r8ygd
Buil-Gil, D., and Saldaña-Taboada, P. (2022). Offending Concentration on the Internet: An Exploratory Analysis of Bitcoin-related Cybercrime. Deviant Behavior, 43(12), 1453-1470.
Buil-Gil, D., Zeng, Y., and Kemp, S. (2021). Offline Crime Bounces Back to Pre-COVID Levels, Cyber Stays High: Interrupted Time-Series Analysis in Northern Ireland. Crime Science, 10, 26.
Button, M. (2020). Editorial: Economic and Industrial Espionage. Security Journal, 33, 1-5.
Button, M., Blackbourn, D., Sugiura, L., Shepherd, D., Kapend, R., and Wang, V. (2021). Victims of Cybercrime: Understanding the Impact Through Accounts. In M. Weulen Kranenbarg and R. Leukfeldt (Eds.), Cybercrime in Context. Crime and Justice in Digital Society (pp. 137-156). Cham: Springer.
Burruss, G.W., Howell, C.J., Maimon, D., and Wang, F. (2022). Website Defacer Classification: A Finite Mixture Model Approach. Social Science Computer Review, 40(3), 775-787.
Choi, S.E., Martins, J.T., and Bernik, I. (2018). Information Security: Listening to the Perspective of Organisational Insiders. Journal of Information Science, 44, 752-767.
Choo, K.R., and Smith, R.G. (2008). Criminal Exploitation of Online Systems by Organised Crime Groups. Asian Journal of Criminology, 3, 37-59.
City of London Police (n.d.). NFIB Fraud and Cyber Crime Dashboard. Retrieved from: https://colp.maps.arcgis.com/apps/dashboards/0334150e430449cf8ac917e347897d46 (Last accessed 22 December 2022).
Clough, J. (2015). Principles of Cybercrime. Second Edition. Cambridge: Cambridge University Press.
Correia, S.G. (2022). Making the Most of Cybercrime and Fraud Crime Report Data: A Case Study of UK Action Fraud. International Journal of Population Data Science, 7(1), 09.
Crowe. (2017). Annual Frau Indicator 2017. Identifying the Cost of Fraud to the UK Economy. Nottingham: Crowe UK.
Décary-Hétu, D., and Dupont, B. (2012). The Social Network of Hackers. Global Crime, 13(3), 160-175.
Del-Real, C., and Díaz-Fernández, A.M. (2022). Understanding the Plural Landscape of Cybersecurity Governance in Spain: A Matter of Capital Exchange. International Cybersecurity Law Review, 3, 313-343.
Department for Digital, Culture, Media & Sport (2022). Cyber Security Breaches Survey 2022. Retrieved from: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 (Last access 31 December 2022).
Dupont, B., Côté, A.M., Boutin, J.I., and Fernandez, J. (2017). Darkode: Recruitment Patterns and Transactional Features of “the Most Dangerous Cybercrime Forum in the World”. American Behavioral Scientist, 61(11), 1219-1243.
Edwards, A., & Levi, M. (2008). Researching the Organization of Serious Crimes. Criminology & Criminal Justice, 8(4), 363–388.
Follis, L., and Fish, A. (2022). State Hacking at the Edge of Code, Capitalism and Culture. Information, Communication & Society, 25(2), 242-257.
Fox, B., and Holt, T.J. (2021). Use of a Multitheoretic Model to Understand and Classify Juvenile Computer Hacking Behavior. Criminal Justice and Behavior, 48(7), 943-963.
Friedrichs, D. (2009). Trusted Criminals: White Collar Crime in Contemporary Society. Wadsworth: Cengage Learning.
Furnell, S., Emm, D., and Papadaki, M. (2015). The Challenge of Measuring Cyber-Dependent Crimes. Computer Fraud & Security, 10, 5-12.
Gottschalk, P., and Hamerton, C. (2021). White-collar Crime Online: Deviance, Organizational Behaviour and Risk. Cham: Palgrave Macmillan.
Grabosky, P. (2015). Organized Cybercrime and National Security. In R.G. Smith, R.C. Cheung and L.Y. Lau (Eds), Cybercrime Risks and Responses: Eastern and Western Perspectives (pp. 67-80). London: Palgrave Macmillan.
Grabosky, P. (2016). The Evolution of Cybercrime, 2006–2016. In T.J. Holt (Ed.), Cybercrime Through an Interdisciplinary Lens (pp. 15-36). Abingdon: Routledge.
Gupta, B.B., Martinez Perez, G., Agrawal, D.P., and Gupta, D. (Eds.) (2020). Handbook of Computer Networks and Cyber Security: Principles and Paradigms. Cham: Springer.
Henson, B., Reyns, B.W., and Fisher, B.S. (2016). Cybercrime Victimization. In C.A. Cuevas and C.M. Rennison (Eds.), The Wiley Handbook on the Psychology of Violence (pp. 555-570). Chichester: Wiley.
Higgins, G.E., and Marcum, C.D. (2011). Digital Piracy: An Integrated Theoretical Approach. Durham: Carolina Academic Press.
HISCOX. (2018, October 18). UK Small Businesses Targeted with 65,000 Attempted Cyber Attacks per Day. Retrieved from: https://www.hiscoxgroup.com/news/press-releases/2018/18-10-18 (Last access 02 January 2023).
Holt, T.J. (2023). Understanding the State of Criminological Scholarship on Cybercrimes. Computers in Human Behavior, 139, 107493.
Holt, T.J., Bossler, A.M., and May, D.C. (2012). Low Self-Control, Deviant Peer Associations, and Juvenile Cyberdeviance. American Journal of Criminal Justice, 37(3), 378-395.
Holt, T.J., and Kennedy, J.P. (2020). Technology's Influence on White-Collar Offending, Reporting, and Investigation. In M.L. Rorie (Ed.), The Handbook of White-Collar Crime (pp. 449-468). Wiley.
Holt, T.J., and Smirnova, O. (2014). Examining the Structure, Organization, and Processes of the International Market for Stolen Data. Washington DC: National Criminal Justice Reference Service.
Hou, T., and Wang, V. (2020). Industrial Espionage - A Systematic Literature Review (SLR). Computer & Security, 98, 102019.
Huang, W., and Wang, S.K. (2009). Emerging Cybercrime Variants in the Socio-Technical Space. In B. Whitworth and A. de Moor (Eds.), Handbook of Research on Socio-Technical Design and Social Networking Systems (pp. 195-208). IGI Global.
Huang, K., and Pearlson, K. (2019). For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture. In Proceedings of the 52nd Hawaii International Conference on System Sciences (pp. 6398-6407). HICSS.
Hutchings, A. (2014). Crime from the Keyboard: Organised Cybercrime, Co-offending, Initiation and Knowledge Transmission. Crime, Law and Social Change, 62, 1-20.
Hutchings, A., and Collier B. (2019). Inside out: Characterising Cybercrimes Committed Inside and Outside the Workplace. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 481-490). IEEE.
Ibrahim, S. (2016). Social and Contextual Taxonomy of Cybercrime: Socioeconomic Theory of Nigerian Cybercriminals. International Journal of Law, Crime and Justice, 47, 44-57.
Ignatuschtschenko, E. (2021). Assessing Harm from Cybercrime. In P. Cornish (Ed.), The Oxford Handbook of Cyber Security (pp. 127-141). Oxford: Oxford University Press.
Kao, D. (2019). ATM Heist Threats: A Proposed ICT Governance Strategy. In 21st International Conference on Advanced Communication Technology (ICACT) (pp. 610-615). IEEE.
Karstedt, S. (2014). Organizing Crime: The State as Agent. In L. Paoli (Ed.), The Oxford Handbook of Organized Crime (pp. 303-320). New York: Oxford University Press.
Kemp, S. (2023). Exploring Public Cybercrime Prevention Campaigns and Victimization of Businesses: A Bayesian Model Averaging Approach. Computers & Security, 127, 103089.
Kemp, S., Buil-Gil, D., Miró-Llinares, F., and Lord, N. (2021). When Do Businesses Report Cybercrime? Findings from a UK Study. Criminology & Criminal Justice, 0(0).
Kennedy, J. (2020). Organizational and Macro‐Level Corporate Crime Theories. In M.L. Rorie (Ed.), The Handbook of White-Collar Crime (pp. 449-468). Hoboken: Wiley.
Koziarski, J., and Lee, J.R. (2020). Connecting Evidence-Based Policing and Cybercrime. Policing: An International Journal, 43(1), 198-211.
Kruisbergen, E.W., Leukfeldt, E.R., Kleemans, E.R., and Roks, R.A. (2019). Money Talks Money Laundering Choices of Organized Crime Offenders in a Digital Age. Journal of Crime and Justice, 42(5), 569-581.
Lagazio, M., Sherif, N., and Cushman, M. (2014). A Multi-Level Approach to Understanding the Impact of Cyber Crime on the Financial Sector. Computers & Security, 45, 58-74.
Lallie, H.S., Shepherd, L.A., Nurse, J.R.C., Erola, A., Epiphaniou, G., Maple, C., and Bellekens, X. (2021). Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks During the Pandemic. Computers & Security, 105, 102248.
Lavorgna, A. (2015). Organised Crime Goes Online: Realities and Challenges. Journal of Money Laundering Control, 18(2), 153-168.
Lavorgna, A. (2016). Exploring the Cyber-Organised Crime Narrative: The Hunt for a New Bogeyman? In P.C. van Duyne, M. Scheinost, G.A. Antonopoulos, J. Harvey and J. von Lampe (Eds.), Narratives on Organised Crime in Europe: Criminals, Corrupters and Policy (pp. 193-220). Oisterwijk: Wolf Legal Publishers.
Lavorgna, A. (2019). Cybercrimes: Critical Issues in a Global Context. London: Palgrave Macmillan.
Lavorgna, A. (2020). Organized Crime and Cybercrime. In T. Holt and A. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 117-134). Cham: Palgrave Macmillan.
Lavorgna, A. (2023). Unpacking the Political-Criminal Nexus in State-Cybercrimes: A Macro-Level Typology. Trends in Organized Crime.
Leukfeldt, E.R. (2014). Cybercrime and Social Ties. Trends in Organized Crime, 17, 231-249.
Leukfeldt, E.R., and Holt, T.J. (2020). Examining the Social Organization Practices of Cybercriminals in the Netherlands Online and Offline. International Journal of Offender Therapy and Comparative Criminology, 64(5), 522–538.
Leukfeldt, E.R., Kleemans, E.R., and Stol, W.P. (2017). Cybercriminal Networks, Social Ties and Online Forums: Social Ties Versus Digital Ties Within Phishing and Malware Networks. The British Journal of Criminology, 57(3), 704-722.
Leukfeldt, E.R., Kruisbergen, E.W., Kleemans, E.R., and Roks, R.A. (2020). Organized Financial Cybercrime: Criminal Cooperation, Logistic Bottlenecks, and Money Flows. In T.J. Holt and A.M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 961-980). Cham: Palgrave.
Leukfeldt, E.R., Lavorgna, A., and Kleemans, E.R. (2017). Organised Cybercrime or Cybercrime that is Organised? An Assessment of the Conceptualisation of Financial Cybercrime as Organised Crime. European Journal on Criminal Policy and Research, 23, 287-300.
Leukfeldt, E.R., and Yar, M. (2016). Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis. Deviant Behavior, 37(3), 263-280.
Levi, M. (2008). Organized Fraud and Organizing Frauds: Unpacking Research on Networks and Organization. Criminology and Criminal Justice, 8(4), 389–419.
Lezzi, M., Lazoi, M., and Corallo, A. (2018). Cybersecurity for Industry 4.0 in the Current Literature: A Reference Framework. Computers in Industry, 103, 97-110.
Lin, G., Zhao, Y., Liu, W., and Zhou, J. (2022). The Impact of Internet Use on Corporate Tax Avoidance: Evidence from Chinese Enterprises. Complexity, 2022, 5638593.
Lord, N., Campbell, L.J., and Van Wingerde, K. (2019). Other People’s Dirty Money: Professional Intermediaries, Market Dynamics and the Finances of White-collar, Corporate and Organized Crimes. The British Journal of Criminology, 59(5), 1217-1236.
Lu, Y., Luo, X., Polgar, M., and Cao, Y. (2010). Social Network Analysis of a Criminal Hacker Community. Journal of Computer Information Systems, 51(2), 31-41.
Lusthaus, J. (2013). How Organised is Organised Cybercrime? Global Crime, 14(1), 52-60.
Lusthaus, J., Kleemans, E., Leukfeldt, R., Levi, M. and Holt, T. (2023). Cybercriminal Networks in the UK and Beyond: Network Structure, Criminal Cooperation and External Interactions. Trends in Organized Crime.
Madensen, T. (2016). Opportunities for White-Collar Crime. In S.R. Van Slyke., M. L. Benson and F. T. Cullen., (Eds) The Oxford Handbook of White Collar Crime. New York: Oxford University Press, 382–408
Marcum, C.D., and Higgins, G.E. (2019). Cybercrime. In M. Krohn, N. Hendrix, G. Penly Hall and A. Lizotte (Eds.), Handbook on Crime and Deviance (pp. 459-475). Cham: Springer.
McGuire, M. (2012). Organised Crime in the Digital Age. London: John Grieve Centre for
Policing and Security.
McGuire, M. (2018). Into The Web of Profit: An In-Depth Study of Cybercrime, Criminals and Money. Bromium.
McGuire, M., and Dowling, S. (2013). Cyber Crime: A Review of the Evidence. Research Report 75, Home Office.
Miró-Llinares, F., and Moneva, A. (2020). Environmental Criminology and Cybercrime: Shifting Focus from the Wine to the Bottles. In T. Holt and A. Bossler (Eds), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 491-511). Cham: Palgrave.
Moneva, A., Miró-Llinares, F., and Hart, T.C. (2021). Hunter or Prey? Exploring the Situational Profiles that Define Repeated Online Harassment Victims and Offenders. Deviant Behavior, 42(11), 1366-1381.
Musotto, R., and Wall, D.S. (2022). More Amazon than Mafia: Analysing a DDoS Stresser Service as Organised Cybercrime. Trends in Organized Crime, 25, 173-191.
Nguyen, T., and Luong, H.T. (2021). The Structure of Cybercrime Networks: Transnational Computer Fraud in Vietnam. Journal of Crime and Justice, 44(4), 419-440.
North West Regional Organised Crime Unit (2015). Cyberattack - A Business Survival Story [Video]. Youtube. Retrieved from: https://youtu.be/1-fAFn1jpms (Last access 02 February 2023).
Nurse, J.R.C., and Bada, M. (2018). The Group Element of Cybercrime: Types, Dynamics, and Criminal Operations. In A. Attrill-Smith, C. Fullwood, M. Keep and D.J. Kuss (Eds.), The Oxford Handbook of Cyberpsychology (pp. 691-715). New York: Oxford University Press.
Paoli, L., Visschers, J., and Verstraete, C. (2018). The Impact of Cybercrime on Businesses: A Novel Conceptual Framework and Its Application to Belgium. Crime, Law and Social Change, 70, 397-420.
Payne, B.K. (2018). White-Collar Cybercrime: White-Collar Crime, Cybercrime, or Both? Criminology, Criminal Justice, Law & Society, 19(3), 16-32.
Pete, I., Hughes, J., Chua, Y.T., and Bada, M. (2020). A Social Network Analysis and Comparison of Six Dark Web Forums. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 484-493). IEEE.
Poehlmann, N., Caramancion, K.M., Tatar, I., Li, Y., Barati, M., and Merz, T. (2021). The Organizational Cybersecurity Success Factors: An Exhaustive Literature Review. In K. Daimi, H.R. Arabnia, L. Deligiannidis, M.S. Hwang and F.G. Tinetti, F.G. (Eds.), Advances in Security, Networks, and Internet of Things (pp. 377-395). Cham: Springer.
Rantala, R. (2008). Cybercrime Against Businesses, 2005. Special Report, Bureau of Justice Statistics. US: US Department of Justice.
Reep-van der Bergh, C.M.M., and Junger, M. (2018). Victims of Cybercrime in Europe: A Review of Victim Surveys. Crime Science, 7, 5.
Reyns, B.W., Fisher, B.S., Bossler, A.M., and Holt, T.J. (2019). Opportunity and Self-Control: Do They Predict Multiple Forms of Online Victimization? American Journal of Criminal Justice, 44, 63-82.
Richards, K. (2009). The Australian Business Assessment of Computer User Security (ABACUS): A National Survey. Research and Public Policy Series No. 102. Canberra: Australian Institute of Criminology.
Rokven, J.J., Weijters, G., Beerthuizen, M.G., and van der Laan, A.M. (2018). Juvenile Delinquency in the Virtual World: Similarities and Differences Between Cyber-Enabled, Cyber-Dependent and Offline Delinquents in The Netherlands. International Journal of Cyber Criminology, 12(1), 27-46.
Soudijn, M.R.J., and Zegers, B.C.H.T. (2012). Cybercrime and Virtual Offender Convergence Settings. Trends in Organized Crime, 15, 111-129.
Rudner, M. (2013). Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge, International Journal of Intelligence and CounterIntelligence, 26 (3), 453-481,
UNODC. (2022). Digest of Cyber Organized Crime. Second Edition. Vienna: United Nations.
Van Wingerde, K., and Lord, N. (2020). The Elusiveness of White‐Collar and Corporate Crime in a Globalized Economy. In M.L. Rorie (Ed.), The Handbook of White-Collar Crime (pp. 449-468). Hoboken: Wiley.
Vashisth, A., and Kumar, A. (2013). Corporate Espionage: The Insider Threat. Business Information Review, 30(2), 83-90.
Wall, D.S. (2015). Dis-Organised Crime: Towards a Distributed Model of the Organization of Cybercrime. The European Review of Organised Crime, 2(2), 71-90.
Wall, D.S. (2021). Cybercrime aS A Transnational Organized Criminal Activity. In F Allum and S. Gilmour (Eds.), Routledge Handbook of Transnational Organized Crime (pp. 318-336). London: Routledge.
Wagner, R, E. (2012). Bailouts and the Potential for Distortion of Federal Criminal Law: Industrial Espionage and Beyond. Tulane Law Review, 86(5), 1017-1055.
Weulen Kranenbarg, M., Holt, T.J., and van Gelder, J. (2019). Offending and Victimization in the Digital Age: Comparing Correlates of Cybercrime and Traditional Offending-Only, Victimization-Only and the Victimization-Offending Overlap. Deviant Behavior, 40(1), 40-55.
Weulen Kranenbarg, M., Ruiter, S., and Van Gelder, J.L. (2021). Do Cyber-Birds Flock Together? Comparing Deviance Among Social Network Members of Cyber-Dependent Offenders and Traditional Offenders. European Journal of Criminology, 18(3), 386-406.
Williams, M.L., Levi, M., Burnap, P., & Gundur, R.V. (2019). Under the Corporate Radar: Examining Insider Business Cybercrime Victimization Through an Application of Routine Activities Theory. Deviant Behavior, 40(9), 1119-1131.
Yar, M. (2013). Cybercrime and Society. Second Edition. London: SAGE.
Yip, M., Webber, C., and Shadbolt, N. (2013). Trust among Cybercriminals? Carding Forums, Uncertainty and Implications for Policing. Policing and Society, 23(4), 516-539.
Zeng, Y. (2021). Organising Insider Dealing in Financial Markets: Scripts and Networks. PhD thesis, The University of Manchester.