Attendees from the 2nd International Conference on the Human Factor in Cybercrime, Castle Oud-Poelgeest, the Netherlands

When criminologists study crime in other countries they are often conducting research from a comparative criminology perspective. For example, a corrections scholar might compare prisons in the United States to prisons in Europe to understand how cultural differences might shape programming or staff culture in prisons. And, it is not unusual to look to other countries in order to learn how we can improve our own system or innovate our own policies or practices. But when I study cybercrime, I look to the research in other countries not for comparative purposes, but to understand the phenomena better itself. Cybercrime traverses international boundaries. The person committing the cybercrime offense can be located anywhere in the world and victimize people anywhere in the world. Because of this, international collaboration between researchers, policymakers, and practitioners is essential to understand and reduce the occurrence of this type of crime.

Last fall (2018) was the first annual International Conference on the Human Factor in Cybercrime, where researchers from different countries came together in Jerusalem, Israel to share research they were conducting about one aspect of cybercrime that is often less understood – people. It is not uncommon to think about cybercrime in terms of the computer or technology itself. To illustrate this perspective, we might focus on how to develop a better password system to prevent someone from stealing our identity, or we might evaluate how to develop better IT security to protect our banks and government data systems. Recently, the U.S. Department of Justice released a report of the Attorney General’s Cyber Digital Task Force, which focused on many of the technical challenges of identifying and prosecuting cybercrimes. Many of these challenges were rooted in the international scope of these crimes, including the perpetrators in other countries and accessing information from other international jurisdictions. Though U.S. federal policy is concerned with the problem of cybercrime, agencies have not expanded beyond the “cyber” aspect to focus on the “human” factor. Yet why people commit these crimes, what are the characteristics of people who commit these crimes, and which people are victimized… these questions are not asked frequently by policymakers in the U.S and for the most part, in other countries as well. To address this gap, there has been a call for a research agenda to study the human factor in cybercrime (Rutger, 2017).

This year at the second annual conference held in the Netherlands, we continued to share our research and hold conversations about how to address this less understood aspect of cybercrime. It is important to understand the people who commit cybercrimes when we try to identify the best policies and practices to prevent them, reduce the reoccurrence of it through interventions, and reduce victimizations among people who use computers and other technology. After all, as we improve our technology to make cybercrime activity more difficult, so do people who commit these crimes evolve to find new ways to advance and adapt alongside improved crime prevention measures. Collaborating across international boundaries and understanding the people who engage in them will be the only way we can fully develop policies and practices that prevent or respond to cybercrime effectively.

Attendees from the 2nd International Conference on the Human Factor in Cybercrime, Castle Oud-Poelgeest, the Netherlands

Initially, I wondered how my research would contribute to this international perspective since I am working with a secondary dataset that includes people sentenced for cybercrime in the United States federal courts. The benefits of this dataset are that it is an official data source, includes all people sentenced in the U. S. federal system for cybercrimes during a certain timeframe, and is focused on a correctional population, which is often not explored in cybercrime research. In my research studying people sentenced for cyber-dependent crimes (i.e., those cybercrimes that require the use of a computer or technology in order to be committed), I have found some unique aspects of risk for people who commit these types of crimes. For example, much of the research in corrections and criminology more broadly finds that lack of employment or instability in employment is associated with risk to reoffend (see for example, Gendreau et al., 1996). In the analysis presented last year, my co-author Nicole Selzer and I found that 60% of the people in our study did not have any risk factors related to education and employment issues (Harbinson & Selzer, 2019). And for employment specifically, approximately a quarter were unemployed and approximately a quarter had a poor work assessment (i.e., their supervision officer rated employment as a risk factor because the person on supervision had unstable work and did not value or support the importance of work). Based on this U.S. data, we might either be surprised that people committing cyber-dependent offenses had risk factors related to employment because these offenses are usually associated with technological skills. Or, we might be surprised that 60% of people sentenced for a computer crime did not have risk factors in employment and education since this is a common concern in the criminological research. But because I have a secondary dataset, I am not able to dig deeper into the role employment has with criminal activity.  However, research from the Netherlands provides additional insight.

Weulen Kranenbarg (2018) studied people in the Netherlands who committed cyber-dependent offenses and found that employment was a different type of risk factor for people committing this offense type: employment was not associated with reduced offending and that sometimes it was associated with an increase, specifically, when people were employed in the IT field. Weulen Kranenbarg was able to explore the role of employment more fully because of the different data and methods used in her study. Taken together, our research and Weulen Kranenbarg’s research suggests that the evidence so far indicates that a lack of employment is not necessarily a risk factor to engage in cyber-dependent crimes, and in fact, in some cases might create an opportunity to engage in this crime. Due to the limited availability of data on people who commit cybercrime, both official and unofficial sources, there is great value in international collaborations to understand this topic so that research can be brought together to get a more complete picture.  

Fortunately, there are organizations and resources bringing together collaborators from around the world to understand the people, systems, policies, technology, and other factors that contribute to cybercrime. Papers from the first conference in 2018 on the human factor in cybercrime can be found online in a special issue (forthcoming, with some papers online as of December 2019) in the Journal of Crime and Justice. 

A few conferences that bring international perspectives on this topic are the International Interdisciplinary Research Consortium on Cybercrime, which brings field and technical science together to address cybercrime. They host a conference in the spring that brings together researchers and practitioners, including law enforcement. And stay tuned for next year’s Human Factor in Cybercrime Conference, which will be in Montreal sometime during fall 2020. 

In order to reduce the occurrence of cybercrimes, it is essential that scholars, practitioners, and policymakers collaborate across international boundaries on this issue. And though we often examine other countries from a comparative lens or framework, cybercrime is more likely best understood through a collaborative approach since both the people who commit these crimes and the people who are victimized by these crimes are dispersed throughout the world.  

I am grateful for the support of the International Travel Grant from the University of Minnesota’s Office of Global Programs & Strategy Alliance to participate in 2019’s International Human Factor in Cybercrime Conference held in the Netherlands.

References: 

Gendreau, P., Little, T., and C. Goggin. 1996. A meta-analysis of the predictors of adult recidivism: What works! Criminology 34 (4), 575-607.

Harbinson, E. & Selzer, N. (online, 2019). The risk and needs of cyber-dependent offenders sentenced in the United States. Journal of Crime and Justice.  doi:10.1080/0735648X.2019.1692422

Rutger, R. (Ed.). 2017. The Human Factor in Cybercrime and Cybersecurity. The Hague, Netherlands: Eleven International Publishing. Retrieved from: https://www.thehaguesecuritydelta.com/media/com_hsd/report/141/document/...

Weulen Kranenbarg, M. 2018. Cyber-offenders versus traditional offenders. An empirical comparison. Dissertation. Universiteit Amsterdam.