Abstract:
|
Cyber threats, including cybercrimes and cyber-enabled crimes, are a complex and difficult phenomenon, making it challenging for policymakers and the public to understand the scale and scope of the problem. Understanding these threats is important not only for correctly estimating the levels of victimization but also for developing policies that can effectively counter these threats. Empirical studies are currently lacking, and data are incredibly difficult to obtain in a manner that would accurately reflect the current threat posed by these crimes. This study constructs a novel dataset specifically on ransomware attacks in the U.S., collected from government agencies and public datasets including U.S. Department of Justice press releases and the Critical Infrastructure Ransomware Attacks (CIRA) dataset. Analyses of these data were used to generate risk-adjusted measurement models of the actual levels of threats by determining the relationship between observable and latent threat data. Prevalence and severity of ransomware attacks was estimated, and descriptive analyses showed patterns for level of attack, organized groups vs. state actors, scale of attacks, and sectors affected.
|