Study Shows Impact of Cybercrime on Virginia Businesses and Residents
October 24, 2022
By Jonah Grinkewitz
Despite most people feeling they are prepared for cyberattacks, cyber victimization in Virginia is common.
That is one takeaway from a recent survey conducted by researchers at Old Dominion University, Virginia Commonwealth University and Virginia Tech.
The study, "Cybercrime in Virginia: Impacts on Industry and Citizens," was funded by the Coastal Virginia Center for Cyber Innovation (COVA CCI), one of four branches of the state-funded Commonwealth Cyber Initiative (CCI). ODU serves as the lead university for COVA CCI.
Randy Gainey, professor of sociology and criminal justice, and Tancy Vandecar-Burdin, director of the Social Science Research Center at ODU, were involved in the study.
More than 420 businesses and 1,200 residents participated in the survey, providing online or telephone responses.
In the business group, 85% reported being victimized by a cybercrime, and more than 70% said they were victimized in the past year.
For residents, 62% said they have been victimized by theft or fraud before and 28% said it happened in the past year.
"These high rates likely stem from the unique intersection of cyber-physical systems across the commonwealth, combined with an educated and mobile workforce making it a uniquely targeted area by cyber criminals," Gainey said.
The most common type of attack for businesses was fraudulent emails being sent to staff. More than 80% of companies reported this happened and close to 60% said it occurred in the past year.
Credit card fraud was the most common for residents, with around 33% having experienced it.
More than half of Virginia companies experienced at least two unique types of victimization in the past year and close to 10% had nine or 10 different types of attacks.
In both groups, respondents felt better about their own preparedness for a cyberattack than others.
Only about 16% of business respondents said they thought other U.S. businesses were "very prepared" to prevent an attack, as opposed to 30% who felt the same about their own companies.
Likewise, more than 70% of residents reported feeling "very or somewhat prepared" to prevent cyberattacks on their personal computer systems but only 57% said the same of businesses.
Researchers surmised that because of the "just-world" theory, "it is feasible to think that participants consider their own businesses relatively more prepared for cyberattacks than they think businesses in general are because they want to - and perhaps need to - feel safe."
For crimes not related to fraud, victimization rates were lower, but the threats were often more serious.
Nine percent of residents reported that someone in their household felt frightened by a threat through email or an online chat and 19% experienced bullying, harassment, stalking or blackmail through internet threats.
Interestingly, researchers found that residents with more internet expertise had a higher likelihood of being victimized.
Thirty-eight percent of people with higher self-rated internet skills and comfort levels experienced cyberattacks in the past and 29% in the past year.
"They also tend to have had a longer history on the internet, spend more time on the internet and use the internet for a more diverse array of activities," Gainey said. "This makes them far more exposed to motivated offenders and thus at an increased risk of victimization."
Overall, researchers said the study provides a quality baseline for understanding cybercrimes in Virginia and illustrates the need for additional education and public awareness about steps to ensure cybersecurity for businesses and residents.