By Kayla A. Wanamaker

Cybercrime – crimes where the Internet and information technology (IT) are used, such as hacking, virus dissemination, and organized crime – is a growing concern for governments, organizations, individuals and businesses worldwide. Research conducted in the United States, United Kingdom and Canada has concluded that cybercrime and cyber security incidents are underreported to law enforcement. The reasons why this is the case, however, are not well known, especially within a Canadian context. As such, the goal of the current study was to examine the phenomenon of underreporting of cyber security incidents to police services using data from the 2017 Canadian Survey of Cyber Security and Cybercrime that was administered to Canadian businesses. Results indicated that while just over 20% of businesses experienced cyber-related incidents, only about 10% are reporting these incidents to the police. Businesses did not report incidents because they were resolved internally or through an IT consultant, or were thought to be too minor to report to police. Risk management, formal training, and sharing best practices were found to be related to businesses’ likelihood of reporting incidents to police. Larger businesses were more likely to report cybercrime to police when they implemented less security measures, whereas scores on security measures were not related to police reporting for small businesses. Results suggest a need to increase awareness of the frequency of cybercrime, as well as the availability of formal training options on cyber-related issues. They also underscore the importance of having enhanced cyber security protocols in place.

Ottawa: Public Safety Canada, 2019. 16p.