1Cybercrime: Survey Research and DataTisha SprouseCJA/345June 22, 2020Philip Russo
2Cybercrime: Survey Research and DataThe National Computer Security Survey (NCSS), done in 2005 through the Bureau of Justice Statistics (BJS) and conducted by the RAND Corporation, documented the nature, prevalence, and impact of cyber intrusions against businesses in the United States (2006). This paper will review the research data tables of the NCSS, questions that were developed in my previous essay Computer Security, and the hypothesis discussed. I will also describe the NCSS survey research and data collection process, identify the types of data collection methods used, and discuss the pros and cons of each of these methods. As previously discussed in my Computer Securityessay, only 15% of businesses who detected a cybercrime incident reported it to a law enforcement agency. My research question pondered why this is: why do companies rarely report cybercrime, and is there something that can be done to encourage companies to do so? My hypothesis for these questions was that businesses do not have a reliable way of reporting a cybercrime, so they do not inform law enforcement agencies. Another hypothesis would be that companies would instead take care of the issue within their own business. According to Rantala, 87% of incidents were reported to a person within the company, another security contractor organization, or their internet provider (2008, p. 6). It was also reported that half of the responding businesses thought there was nothingto gain from opening an investigation, 22% did not know to report it, 11% did not know who to report it to, and 7% felt that it was outside of law enforcement jurisdiction (Rantala, 2008, p. 6).