Digitalisation offers criminals new ways to commit crimes and commit old crimes in digital ways, also known as cybercrime. The percentage of cybercrime victims is increasing and is currently similar to the percentage of victims of traditional crimes. However, local authorities are not prioritising cybercrime in their policies, even though they have a role in tackling it. Their policies are mostly based on victimisation of traditional crimes. However, it is unclear whether the impact and needs are different for cybercrime victims compared to victims of traditional crime. Our results suggest that the impact after cybercrime victimisation does not seem to differ from the impact after traditional crime victimisation. This impact varies per crime. In addition, certain needs of cybercrime victims differ from the needs of victims of traditional crime. Therefore, local authorities could prioritise cybercrime in their policies and also base these policies on the impact and needs of cybercrime victims, as they differ from victims of traditional crime. These implications might help to improve local aftercare and prevention policies, and provide support for citizens after victimisation of both types of crimes.

In this study we have examined the intention to seek help after victimization of WhatsApp-fraud, as well as the incident and personal characteristics that potentially assert an influence on this. The intention to seek help at the police, the bank, Victim Support Netherlands and friends and family was studied through the use of a questionnaire with vignettes. The incident characteristics that were measured in the vignettes consisted of the incurred financial damage and the person whom the perpetrator pretended to be. The personal characteristics include the respondents’ age, gender, educational level, relationship status, employment status, and previous online fraud victimization. Logistic regression analyses were used to examine the associations of the different types of help-seeking intention with the incident and personal characteristics. The results show the intention to seek help from the police and the bank to be the highest amongst the respondents. The logistic regression analyses further showed that a higher amount of incurred financial damages leads to a higher intention to seek help after victimization of WhatsApp-fraud. The person whom the perpetrator pretended to be and the personal characteristics did not predict the respondents’ intention to seek help well.

A large group of Dutch people fall victim to phishing every year. However, citizens and companies take self-protective measures to a limited extent. This study maps out which factors contribute to the intention to take self-protective measures against phishing by three high-risk groups, namely young people, the elderly and SMEs (Small and Medium Enterprises). We apply the Protection Motivation Theory and justify an extension of this model with two factors: affective response and subjective norms. Data was collected through questionnaire research at a panel agency among young people (N=1179), the elderly (N=1191) and SME owners (N=1020). The strongest predictor for the intention to take self-protective measures against phishing appeared to be affective response (worrying about phishing), followed by a negative effect of self-efficacy and positive effects of perceived seriousness (young people and SMEs) and subjective norm (SMEs). Implications of the findings for policy makers and interventions are discussed.

The present study examines the impact of ransomware against Network Attached Storage (NAS) devices. NAS devices are external hard drives which are usually easily accessible through the internet. Between 2019 and 2022, 434 ransomware attacks were reported to the Dutch Police, of which 78 (18%) were against NAS devices. These attacks targeted both companies as individuals. One limitation of this sample is possible low willingness to report to the Police. The aim of the present study is to compare NAS attacks with regular attacks. Our findings show that, compared to regular ransomware attacks, NAS ransomware typically targets individual citizens instead of organizations, requests relatively low amounts of ransom, and the attack is carried out in a more automatic fashion. Furthermore, attack campaigns seem to correlate with the publication of certain vulnerabilities of NAS devices.
We present recommendations for users of NAS devices, companies who sell NAS devices and local government agencies, to minimize the risk and impact of NAS ransomware attacks among citizens. First, updating the NAS software seems the most important step a user could take to prevent NAS ransomware. NAS vendors should inform clients of the risks of falling victim of NAS malware, including ransomware. Local government agencies could take a more generalized approach where they advise citizens to think about safe data-storage. Our study is, to the best of our knowledge, the first to pay attention to NAS ransomware. Although the financial impact of an attack on an individual is relatively low compared to an attack against an organization, the loss of personal pictures and videos can be very painful for victims and therefore we think it is important to address NAS ransomware in the public debate.

Many organisations fall victim to cyberattacks, such as ransomware attacks. Nevertheless, organisations have opportunities to bolster their cyber resilience. One way to achieve this is by learning vicariously from the experience of victims. This allows organisations to learn meaningful lessons, while not being burdened by the impact of an incident. However, vicarious learning requires victims to share lessons learned resulting from the investigation into causes and consequences of a cyber incident. Fortunately, some organisations disseminate lessons learned and recommendations through the publication of a publicly available evaluation report. Despite the potential of such sources for meaningful learning, most studies on organisational learning from cyberincidents focus on how individual organisations learn from their own experiences. As a consequence, such studies fail to identify recurring patterns of lessons learned that may generalize to other organisations. This meta-analysis addresses this issue by comparing multiple evaluation reports. The research objective is twofold: 1) to identify recurring lessons learned about causes and consequences of cyberincidents, and 2) to study from which frames of reference incidents are evaluated to understand why certain lessons are learned and others are not. The research question is: which lessons are drawn in evaluation reports into the causes and consequences of cyberincidents at organisations, in order to prevent these from recurring in the future. Various recurring lessons are identified and classified using an analytical framework that incorporates different risk management phases and categories of lessons learned. It is recommended to improve sharing of lessons learned within a network of trusted partners to enable broad vicarious learning and collective cyber resilience.

This article is based on an exploratory study into endeavors at the local police level, with the aim of tackling cyber-­enabled crime. We highlight what the IJsselland police district in the Netherlands encountered in some recent developments in their approach to this new challenge. In this article we will also address the more general question of how the Dutch police at the local level can be better equipped to tackle cybercrime effectively.