 Hello, everyone, and welcome to this last session of the conference. Okay, so we have three talks for this final session and our first talk is Unveiling the Unhidden, Applying Western Style Crime Survey Approach to Eastern Europe. a dyna'n amser Dan, Llyfrin, Mila, Alex, I hope I said that right. So, I've just got some information about them to read out, and then they can start. Dan is the senior lecturer in criminology at the University of Huddersfield in economics at Dorgersfield University Latvia. His main research interests are quantitative criminology, immigration, repeats, victimisation patterns and crime seriousness judgments. Dan has been asked to present his research at a number of invited seminars and sessions at the Home Office, Neighborhood Watch and other organisations in the UK as well as at international events. In his spare time, Dan is an avid martial arts practitioner and proponents of healthy lifestyle. Llyfrin Mila is a doctor in economics, associate professor and head of department of economics at Dorgersfield University in Latvia. Her main directions of research are regional economics, smart growth, social and economic aspects of multi-helix. Since 2016, she has been an expert in Latvian council of science and economics. She has more than 40 publications, two monographs and has participated in 10 projects, including the ESF, Erasmus and Latvian national research programmes. Okay, so time to go over to Dan and Llyfrin Mila. Thank you very much. I will start sharing my screen in a second. I believe that has worked. Could anybody confirm that I've succeeded at that? Yes, that works. That's already a success. Yes, thank you very much for having myself and Llyfrin Mila here today. I've been a very big fan of this conference, as some of you will know. I've tried to present every single year for, I believe, the last eight years, with the exception of last year. So it's great to be back even though we are in an online environment, but it's better than no environment, isn't it? What we are presenting today is a paper associated with the research grant provided by Douglas Pills University and just a little bit of background. I was working on a sabbatical in Douglas Pills University just this year in the Department of Economics with Llyfrin Mila here. The article which is being published from this and, of course, this conference paper, they stem way beyond just the use of surveys. They stem way beyond what the data shows here. And I've kind of split this presentation really into two things. There's the data implications, which we will discuss, of course. And then there's the bigger theoretical implications. So at some points, if you do lose me a little bit, because I've been relatively creative with this one, don't worry about it because it will all make sense at the end, hopefully. So unveiling the unhidden, that's how we call this paper. And really the idea is that we know so much which is true. And yet sometimes we just sort of prefer not to look there or we pretend like we shouldn't. And we sort of start quite easily actually with the Tower of Babel and the biblical story about that. I won't tell you the whole story because I only have 20 minutes to do this and I have to run away right after this presentation. But the idea in the story was that humans very much were able to progress quite far while they kept the same language, while they kept speaking in the same language and understanding each other. So the presupposition here is that when we don't speak the same language and it doesn't have to be like a linguistic language as well, it can be simply a matter of categorizing things, then of course we don't understand each other and we can't benefit from each other's knowledge. And that's exactly what's happening unfortunately in much of criminology. In fact I will even discuss whether criminology is really criminology. That's how creative I've been. But let's start very easily. So I looked for basically an old Russian proverb and I found one. And it basically says, where's the duck, there's a ditch. And if you're an English speaker and I'm assuming most of you are English speakers as opposed to Russian speakers here, think just in your hearts and minds right now is there. Do you understand it? Do you understand what that proverb means? And probably most of you do. Probably most of you will say that it sounds a little bit like there's no fire without smoke or something of the sort, right? And that's the fun part about it. With the translation software available to us and Google Translate is one of the big things which another article is actually being written on right now. We should be able to convey the meaning of and across the languages in criminology and in other social sciences as well quite well while keeping the original intention. So if we can understand a Russian proverb from the 15th century while never having spoken Russian and I'm assuming that's the case for most of us, maybe that's, maybe we can move past that problem. Maybe we genuinely are speaking the same language after all. So on the language part we can discuss things like the superior worth hypothesis and the idea that obviously the strong and hard version of the hypothesis is that we fully categorize things differently based on the language we speak. And the soft version is that we simply adjust the understanding based on the language which we use, the ideas of linguistic positivity and overall our progress associated with that. We sometimes think that sort of we are on board with basic things in criminology. We sometimes like to believe that certain concepts just make sense. We all think crime is bad. We all think that offenders shouldn't be just punished for the sake of punishment. We think that all of that makes sense. Then again we also think based on majority of publications that people fear crime and I've published articles which say that people don't fear crime, they're angry about it. And we also think that crime harm is relatively understandable and simple enough because most western countries now use it. And yet I've published papers on that as well explaining how many of those judgments of harm and seriousness aren't actually measuring harm and seriousness. So the problem really is whether our progress is hindered by the language separation and social sciences which we have. And it certainly is exacerbated by the anglo-centric nature of social sciences publications and journals and research in general. Simple example will be a majority of European slash international academic journals. They all accept publications. Well, not all of them. Okay, a couple of them don't, but most of them accept publications entirely in English and in the guidelines for the authors. It says very clearly. If you can't write an English well, get help and only submit after that. So it's quite interesting to see journals which are called European journals and there's more than one language in Europe and international journals and there's more than one language internationally which accept articles entirely in English and there's no leeway about it as well. So of course articles can be denied for use of bad language, English language. Not any other language. So here's where we stem into the actual field of criminology and while working in Latvia I was looking, I was trying to actually get a job in criminology because I'm a criminologist as many of us here are. And I found myself explaining a lot to people what actually is criminology because criminology doesn't really exist in Latvia. And that was an interesting thing to encounter. How come I have a European PhD in a discipline which I got in Europe which actually requires a lot of explanation. And again in here we have that linguistic difference. So in much of Latvian and Russian literature as well we have these two concepts. We have criminology, criminology and we have criminolistica almost, criminolistica and there are two different things. One of them, the theoretical part, the criminology part is sort of a theoretical science looking at the regular things which criminology looks at. And it's usually viewed as a Western concept. In many European countries altogether there's no such course as criminology. Latvia is one of them, there's no such course. There's modules, there's lessons and kind of lectures on it but there is no course as such in criminology. There's criminolistica, which is a practical science. Basically combination of crime science slash forensic science slash phenology and I found myself explaining to people quite often what is actually criminology. And that really baffled me because if we assume, which we do that there are so many things in criminology which we all have in common and we all understand as the baseline principles for us to succeed in that fight in crime and yet even in Europe sometimes we don't even have a clue what criminology is. It's really quite baffling to be fair. So what's the necessary solution? The necessary solution is ability to facilitate information exchange. There's a lot of things which of course we do in Western countries which Eastern countries could borrow and not just Eastern countries there's plenty of countries in the West that utilize things like victimization surveys. It's sensitization to data applicability as we will show in this presentation many if not most findings which we can take from British crime survey or crime survey for England and Wales can actually be found exactly almost exactly in the same manner in Latvia which by no means is a Western country not in this perspective. The basic principles and basic policy issues they can actually be extended into other countries quite easily. It's not a matter of criminology being a Western discipline at all. In fact much and most of what was found is just about that and in many cases it's not about looking the other way intentionally and there is a need for this criminological ignorance in Eastern Europe and hopefully with a better result for the actual person who takes that role however. So victimization surveys we are here in crime surveys user conference which is exactly about that and of course we all largely agree that victimization surveys are a good thing. They are common practice in the West ICBS crime survey for England and Wales and it's plenty of equivalents which are now used all across the world including the local victimization surveys. They are emerging across the rest of the world and again it's the Western world and it's the English speaking world it's not the rest of the world as such and this function very often is fulfilled in other countries by completely different things different random websites and online tests but we all agree that they're good. So here's a little example which I found about Latvia which sort of looks like crime perception survey it's a random website it's not hosted by Latvia it has no relevance to Latvia but it's sort of fulfilling that function and we see that in its lifetime it's had 475 participants which well that's not allowed for a whole country and it has these sort of you know typical regular questions so problem is we don't have a victimization survey in much of Eastern European countries and certainly we don't in Latvia where much of this research has been carried out so the research which we're about to present very quickly comes from Latvia, from Latgala region which is roughly your eastern part of Latvia and mostly Douglas pills which is the city I was born in it's the city I really love and the survey was carried out in three years 2018 and 19 in person and 2020 online but it was the same survey carried out we had a total sample of 322 participants and pretty much all surveys were almost fully completed very very few missing values the ethnic sample was as described on the slide and just over two thirds of the people had Latvian citizenship we looked for four little simple things just to test out if we emulate CSEW in an Eastern European country without amending it much the whole point was not to amend it much the point wasn't to specify culturally a lot of things the point was to keep it largely as it is will we find the same stuff and we looked at four basic concepts which have been analyzed extensively using victimization surveys in general so the first concept, unequal distribution of crime we know using plenty of victimization surveys that crime isn't unequally distributed victimization specifically but crime as well we know that victim characteristics have remained roughly the same in the UK as well as in the western world in the last 20-30 years let's try to see what happens in Latvia so in here we have displayed in the top 30% of our population how much victimization they experience and we see that just 1% of Latvian population experiences pretty much a third of all vehicle victimization and sort of roughly 15% of the rest which already says that just 1% of people experience a huge proportion of victimization we look at top-decile of course that top-decile experience is way more than anybody else because once you move past the point of 90 everything else looks roughly roughly the same so again top-decile of population experience is a huge proportion of crime same as in the west then we look at average numbers of victimizations and these average numbers are really huge the one thing which we know about the west is even though the victimization is unequally distributed the average number is dropping well in Latvia the average numbers of victimization are roughly like that so we have numbers of 50 for vehicles in top percentile and we have numbers of roughly 78 for total victimization in top percentile those are not low numbers the west top percentile numbers were roughly 3 for vehicle and roughly 7 for total so we are speaking tenfold the victimization reported for the top percentile now sure you might say top percentile isn't very representative okay but top-decile will still be huge compared to everything else so if we average out these numbers we still see that it's nowhere near the second or the third so the problem remains but it's just actually even worse in Latvia than in the west how about victim characteristics again your typical characteristics are here on the left and significance levels associated with victimization vehicle related, property related, personal related, total related again the victim characteristics of the typical repeat victims are exactly the same in Latvia as they are in the west with a couple tiny amendments so I could speak about them but I don't have the time I'm well aware that I have less than 10 minutes left so point is the points are exactly the same in Latvia victimization is unequally distributed there's a huge proportion of victimization attributed to one percentile let alone one-decile and we know who the victims are second point crime seriousness and the victim we know that victimization by repeat victims is perceived as more serious we know that ethnic minorities perceive victimization is more serious than the natives I've published on that the references are available so what about in Latvia if we look at just the distribution of seriousness scores from one to 20 which is exactly how CSEW does it as well we see that majority of all types of crimes besides for regular property crime are largely rated as 20s in fact the crimes rated mostly as 20s are vehicle related crimes so about 62% of vehicle related victimization is rated as most serious that is not the same as it is in the west and the west vehicle victimization is rated as least serious so there is a cultural difference however if we do look at the top deciles again I'll repeat victims which form the top three most victimized deciles they experience 15.7% of seriousness each and they all have rated all of their victimizations as 20 so the point remains people who are repeat victims they rate their victimization more seriously and there's a fair bit of them that needs working with point three non-reporting to the police we know that people who cooperate with police like it and who don't don't like it you need to cooperate with police first to have a good experience and we know that ethnic minorities report victimization to police less hence have less trust in them hence cooperate with them less what about Latvia? there are two things I mean there's a lot of things on the screen and of course feel free to look at them later once I'm not limited by the very short time I could speak about this for very long I'm very passionate about this subject but two things just to look at if we split Latvian population by their ethnic identity in Latvians, Russians and people who are of other ethnicities we see that people who have cooperated with the police rate their experiences as roughly at a 10 out of 20 so we ask them if you rate your cooperation with the police after reporting your victimization to them from 1 to 20 what would you give it? and they basically give it roughly a 9, 10 slash 8 but their expected scores if they did cooperate for people who didn't are actually super low we see that for example for people identifying as Russian if they did not work with the police if they did not report the victimization to police their expected score was 1.2 so they don't go to police because they think that's the worst experience they will ever have now they don't know whether that's true or not it's their expected score and the ones who went actually enjoyed their cooperation they got a 10 out of 20 which is kind of okay but they expect it to be a 1 so that's an important point and the second important point is the difference in reasons for non-reporting if we look again at the ethnic belonging we see that Latvian people don't report because they believe police couldn't help so they're on the side of police whereas people of other ethnicities largely don't report because they think police doesn't care or they have other ways of dealing with it and I'll mention again later on I have to hurry up I know .4 emotions experience after victimization we know that usually we're told that people are afraid of crime but they're actually angry or annoyed so if we look at the distribution of emotions after victimization which we did analyze for this population as well we see that it's not associated with whether they're a single or repeat victim or how seriously they rate their victimization in most cases they're angry they're not afraid of it however if we split it by ethnic belonging there's a huge difference for Latvian ethnicity people are mostly afraid of crime as opposed to angry about it for Russian and other they're mostly angry now of course a fight response means we speak about self-policing anger is a fight response disappointment, annoyance there are fight responses they mean self-policing they mean not relying on somebody else and fear and weakness are fight responses they imply working with the police and reporting the victimization to them so again this point kind of explains the third and that's our data conclusions we know that victimization in Latvia isn't equally distributed we can identify the super victims quite easily seriousness ratings again they are much higher for repeat victims so those two points work very well together one with the other three and four do as well so ethnic and national groups they are not represented in police in Latvia you have to be a Latvian citizen to be represented in Latvian police forces and the same groups are less likely to cooperate with the police less likely to have trust in the police less likely to work with them and more likely to find their own ways to fight crime which is directly associated with the emotional response which they have on the point as well thankfully my final slide but most important slide theoretical conclusions why did I speak about the bible and everything else before that because I think and I strongly believe in this that we need to integrate the rest of the world in criminological scholarship specifically criminological scholarship and the only way we're going to do that is by stemming beyond the differences in language which we assume to be so serious which this research shows are not serious at all we still do speak the same language because victimization is just as bad for anybody for a British person, for a Latvian person I'm sure the same applies to the rest stemming from that stemming from this research I mean these are just preliminary findings sure it's not a huge research it's not a huge survey but it shows that there's plenty we can learn from existing practices in the west and I'm sure from existing practices in the east as well we don't need to reinvent the bicycle victimization surveys are as they are they work, I've given it a shot I've tried it and they worked and the point is really also to unite this divide between criminolistica and criminology because if we think in the eastern countries that criminology is this western theoretical concept which we don't need and all we need is the practical solutions it's hard to have the practical solutions and understanding the bigger picture I did make it on time so these are my references and these are our contact details thank you everybody and I hope that was ok yes our next speaker is talking about testing the association between household profile and burglar alarm effectiveness and this is Daniel Robinson so Daniel is currently a PhD candidate at Nottingham Trent University after being awarded Vice Chancellor's Scholarship and prior to this Daniel undertook her undergraduate degree and master's degree in criminology graduating with first class honours and distinction respectively and Daniel's research interest line the field of crime reduction with special interest in burglary reduction so hello everybody my name is Daniel Robinson and I'm in the second year of my PhD studies this is some research that I've been working on with my supervisor, Professor Andromachi Soloni my PhD is entitled understanding the mechanisms of situational crime prevention initiatives and measures and as part of my PhD there will be a chapter that is dedicated to the association between household profile and burglar alarm effectiveness and that is going to be the focus of my presentation today so just a quick overview then I'm going to speak briefly about previous research in this field hopefully that will just help to justify and place the research that I'm working on currently I'll speak a bit about what I've done so far the data that I've used the approach that I've taken look at some of the findings and obviously acknowledge some of the limitations in the data and then I'll speak a bit about where I plan to go with it and what I'm going to do next so I should just acknowledge here before I go on to speak about this research that there is an extensive body of literature which investigates security device effectiveness in relation to offender target selection falls in burglary rates effective security combinations the context in which they're most effective and like I say it is extensive but I'm going to just speak briefly now about some of that literature that actually utilises the crime survey data just to keep it really relevant for this conference so Solonia Tal in 2014 and 17 carried out research into which security devices are most effective in the prevention of burglary and they found that some combinations were really effective and some were much less effective but it led them to develop the mnemonic wide which is window locks internal lights on a timer double locks and dead locks on external doors and external lights on a sensor and that was found to be the most effective security device combination when taking value for money into account in-depth research into burger alarms by Tilly et al in 2015 found that the presence of a burger alarm appears to increase the likelihood of burglary victimisation so those findings were counterintuitive and he did state that the findings needed to be treated cautiously and I know that there's been research in the field that is ongoing and this obviously fits in with that as well this research that I'm going to speak about and most recently research on burger alarm impact in isolation and in combination with other security devices has been carried out by Solonia et al in 2021 and that was with the Home Office and College of Policing Safer Streets Fund toolkit some of the findings that I'm going to be speaking about today are my contribution to this research and my research and this research is both ongoing so my main research question was does the presence of a visible burger alarm increase or decrease burglary victimisation risk amongst various population groups so my real interest was is there a higher or lower risk of any type of burglary with particular groups of people in order to answer that question I merged four sweeps of the Crime Survey from London Wales from 2014 and 15 to 2017 and 18 I used a non-victim form for this first for this first set of analysis the questions and the variables that I wanted to look at were all available on victim form so I just used that to begin with which gave me a sample size across all four sweeps of 125,150 so when I was looking at choosing which questions I wanted to use and what I actually wanted to gain from this research I thought that the question which of the following are visible at the sample address was a really good question a list of 10 security devices that you can look for but I was interested specifically in whether or not there was a visible burglary alarm on the property and it's worth mentioning here that this was not a participant question this was actually on the electronic contact sheet for the interviewer and this was actually aimed at the interviewer so it asked them whether they see a burglary alarm on the approach or when they get to the property I thought that was appropriate because if the interviewer can easily see that there's a alarm that is visible then it stands to reason that a potential burglary would also see that alarm and this will help us answer how burglary alarm effectiveness might differ across population groups so I'll speak a bit about the findings now some of these findings were really interesting so before I go on to speak about the findings this is a comprehensive list of the household characteristics that I analysed you can see here that there is quite a big list of different characteristics that was looked at I chose to look at the household representative person for the individual characteristics because I thought that they are usually the head of the household they usually have the biggest income or if it matches they are the oldest so they tend to have a bigger influence on those wider characteristics of tenure and accommodation type due to you know they've usually got the highest income and that's why I thought it was appropriate to use the household representative person and I should just make a note here that the following findings I'm only sharing today the results only results show where risk is higher with the presence of a visible alarm than without across these different characteristics so how was it calculated? for this data analysis I simply did odd ratio of risk of burglary victimisation for the given population group with a visible alarm compared to without one so if we were going to use males as an example here you could get the result that males are 1.5 times more likely to experience attempted burglary with a visible alarm than males without a visible alarm so there's no comparison within those different population groups it is just within that group so males with an alarm or without an alarm so this is my first set of findings so this is odd ratio against burglary victimisation risk with a visible burglary alarm compared to without one across individual characteristics and wider household composition this the bars that are solid pink they are the ones that are statistically significant and the patterned bars they are findings that I still found interesting but they weren't statistically significant you can see here that all of these characteristics have an increased likelihood of burglary with a visible alarm than without one across these characteristics but the headlines here would be that Asians are 50% more likely to be burgled with a visible alarm than Asians without one at 1.5 times you've got both owners and private renters show a higher risk of burglary with a visible alarm they both had 1.5 times more likely than those in the corresponding categories with a visible alarm than without one and same again for categories 8, 9 and 10 of the index of multiple deprivation income deprivation they all have a significantly higher chance that which is 1.6 and 1.5 respectively and it's worth noting here that that obviously then includes the least deprived 10% of the population that have quite a significantly higher risk and it's interesting because there is there is research that backs some of this up or seems to correspond with this so you can see that two or more adults on here so research by Soloni and Thompson in 2018 found that two households with more than two adults or specifically shared households made like shared accommodation and places like that they did show an increased risk of burglary victimisation and that it was likely due to the fact that there was more devices in the house so there'd be multiple phones, multiple laptops and things like that and they also found that households with children also had heightened risk by almost 50% but after 1996 you can see here that households with children here they have a heightened risk although wasn't statistically significant in this case and lone parent households had a heightened risk of 75% in Soloni and Thompson's findings and again that was the same as this but it wasn't statistically significant but still really interesting findings so this here is exactly the same but this is with attempted burglary victimisation risk with a visible burglar alarm compared to without one across the individual characteristics and wider household compositions there were definitely less statistically significant findings with attempted burglary and there was less that sort of had any any risk either way but you can see here that the most heightened risk here is when you have lived in the address for 1-2 years and that shows a significantly heightened risk of 1.6 times more likely than those who have lived in their address for 1-2 years who do not have a visible alarm it's worth noting here as well that you can see that homeowners and private renters are both on this chart and on the previous one so although a lot of research actually shows that social renters do have the most at risk type of type of tenure that homeowners on private renters are both on this with quite a heightened risk for this research so it was just worth noting that it's definitely worth acknowledging some limitations or caveats for this research this obviously doesn't tell us if the burglar alarm was installed at the time of the first experience of burglary victimisation or if it was installed as a consequence of the victimisation I just want to point out at this point that where I said earlier that these findings were my contribution to the Soloniatel research in 2021 that the rest of the research absolutely does account for the existence of a burglary alarm of a burglar alarm and when it was installed it is just my contribution that currently doesn't account for that and the rest of the research does account for that so because it doesn't it doesn't show the true risk across the population types as burglar alarm might have been installed after the victimisation so this is recorded at the time of the interview so the interviewer goes and approaches the property sees a burglar alarm ticks that there is a burglar alarm but they have absolutely no idea when that was installed so they will then go and do the interview and if the participant says that they are a victim of burglary they will have it shows that they have an alarm and that they've been a victim of burglary but they may have had that installed after their victimisation so there's obviously a limitation there that needs addressing because it is quite important that it is quite an important piece of knowledge that we need to know so obviously this research is in its infancy this is really just a preliminary indication of burglar alarm effectiveness across population groups however I think but I think these findings are really interesting and with that in mind moving forward firstly and foremost I really think that the most pressing issue here is that we need to find out when the burglar alarm was installed and whether it was before or after the victimisation is the first problem that I attend to address and that will involve merging the non-victim form with the victim form so all of that really good information that I've already got from the non-victim form I'll keep and I'll merge it with the victim form which has all of the information about when the burglar alarm was installed I'm also going to add an extra two sweeps to take it up to 2020 so then it will be across the six sweeps and and I will analyse all the security combinations all of the possible combinations that include a burglar alarm so any combination from all of the different security devices that there could be that are available in the crime survey all of those possible combinations will need to be looked at individually so as you can see this is quite a time consuming process which will be the merging of the victim and non-victim form across those sweeps and then analysing the possible combinations is all quite time consuming and quite honestly time is the only reason that this hasn't been done up until this point just with different PhD responsibilities and things like that I also intend to add a qualitative aspect to this which will involve interviews in the newly refurbished and neighbourhood in Nottingham and it will look at the impact of the refurbishment in the area so it will be semi-structured interviews hopefully with community agents at the newly refurbished neighbourhood I'll be interviewing neighbourhood WAP representatives local victim support representatives which can obviously offer insight into the types of population groups that approach them for help PCSOs I also have access to interview the architect for Nottingham City Council who has designed the refurb and I will be interviewing various people who actually live on the estate as well and I'll be asking them about not only about how they think burger alarms are whether they think they're effective and whether they think make them feel safe but also about social cohesion and so this will feed into my wider PhD project as well and whether area type and area context also affects the impact of burger alarms so this will really combine burger alarm impact with individual feelings of safety in context with social cohesion and the impact of burger alarms in the St Ams neighbourhood and when that is all done I am hoping that we will have a much deeper understanding of which population groups have an increased or decreased risk of burglary or attempted burglary or not. Thank you for listening any questions So this is a talk about when do businesses report cyber crime findings from a UK study and our speaker is Dr Stephen Kemp who is a postdoctoral researcher in criminology at Pompa Fabra University in Barcelona in Spain and he's previously collaborated with the criminology department at the University of Manchester as well as several Spanish universities and his main lines of research focus on cyber crime, fraud, crime reporting and sentencing. Okay perfect, so thank you very much for the introduction Sarah and also thank you more generally to the organisers from the perspective of a participant all that is all done very smoothly also the idea of the conference is something that's really interesting in Spain we don't have anything similar so it's definitely something that we might be looking to copy in the future so I'm going to be presenting a paper that is out to come out soon which is titled when do businesses report cyber crime findings from a UK study this has been offered by myself together with David William from the University of Manchester and Milo Llanarys from Miguel University in Elgi, Spain and also with Nicholas Lord from the University of Manchester so just to give you a little bit of context to begin with as many of us are aware cyber crime poses a growing threat to organisations in the United Kingdom and in Spain and around the world we published a few months ago that there were quite steep rises in certain types of cyber enabled fraud against organisations at the beginning of the pandemic I came to ties into some of the one of the presentations earlier on data from the crime survey in the Wales regarding individuals also we action fraud publishes data on the losses that have been reported by organisations and we find that in the last 12 months the losses are probably 500 million pounds or a very very high amounts of losses and importantly cyber crime is not something that only affects large organisations small and medium sized organisations also have relatively high probability of suffering cyber incidents in any case it's also worth noting that even these incidents affect larger organisations that might have more resources to mitigate the impacts a lot of the times they're not going to be assuming the cost of the breach but these costs are going to be passed on to customers so it's really something that affects everybody so that's the main context of rising threat regarding cyber crime against organisations and in this context it's quite surprising that there's very little research certainly from the social sciences and criminologists and there's very little research on cyber crime against organisations and this has been put down to the fact that there's generally a lack of data which is related to low levels of reporting now this is problematic because reporting is key for the prevention and responses if we want to understand the most pertinent threats at the moment and I want to design strategies to try and mitigate those threats and evaluate those strategies then reporting is really important so on that basis what we wanted to do here in this paper is basically understand reporting a little bit better with the aim of being able to improve reporting processes and then get better data so it's quite an explorer to the study so what do we know about crime reporting by businesses more and more generally because like I said there's not really very much about cyber crime reporting there's a little bit more about crime reporting against businesses more generally the existing research has found that crime reporting by businesses can be predicted by certain factors for example it can be predicted by the type of crime and it can be predicted by the impact the greater impact is associated with higher levels of reporting the characteristics of the organisation can be relevant and particularly relevant is the perceived efficacy of reporting reporting is believed to be able to produce some kind of benefit like I said there's very little research on cyber crime reporting by businesses there are a couple of surveys and one book chapter published and what they find is that in general there's lower reporting by businesses to police rather than non-police organisations the reporting can depend on the ability of the organisation to resolve the incident internally rather than reporting it the impact is relevant with regard to cyber crime the impact can be relevant in the sense that sometimes reporting is necessary to be able to file an insurance thing and we find that the issues regarding reputation are particularly relevant with businesses and organisations that there may be a little bit of a reticence to report organisations or businesses don't want to be associated with security breaches with loss of customers data with loss of money able to protect their customers so reputation is something that is relevant to reporting as well so what we look to do in this paper what we were aiming to do was to answer three research questions firstly to whether the characteristics of businesses for example the size, sector and digital activity of businesses were associated with cyber crime reporting secondly to see whether the attitudes of businesses towards cyber security and their cyber security practices were associated with cyber crime reporting and finally we want to analyse whether the characteristics of the cyber crime event or the cyber incident were associated with that so as you can see it is quite an exploratory study thanks to the research that exists so to answer these questions we obtained data from the cyber security breaches survey we obtained the data from three waves of the survey from 2018 to 2020 which gave us a sample of approximately 4,500 businesses in the UK in this survey they used disproportionate sampling so when we merged the three waves of the survey reweighted the sample again so that it was representative of UK businesses in terms of size sector and then we filtered this sample to obtain a sub-sample of those companies that said that they had suffered at least one incident in the previous 12 months so that's approximately 12,000 UK businesses and we're looking at two types of reporting we're interested in two types of reporting on the one hand reporting to the police and other public authorities and on the other hand reporting to any external organisation because obviously businesses can report cyber security incidents to cyber security providers to the bank to internet service providers to clients to customers as well as public organisations like the police or the national cyber security so just to give you a quick descriptive overview of some of the most important elements the typical incidents that companies were suffering in first place the most common was phishing attacks there were 34.5% of the weighted samples that they suffered these types of incidents then in second place people impersonating organisations and emails online for identity in third and fourth place we have incidents related to malware, viruses or ransomware then in fifth place incidents related to hackers from external actors followed by DDoS attackers was 3.4% and finally hacking of online bank accounts which was reported by 3.3% of the weighted sample and then importantly we looked at the result of the data for the reporting rates for the most serious incidents so a number of organisations would obviously suffer multiple incidents and then in the survey they asked them about reporting the most serious incident that they suffered so we find quite a contrast here in on the one hand 39.5% of the weighted sample reported the incident the most serious incident to someone external in the organisation but only 8% reported to a public thought we'll discuss a little bit the implications of this later with regards to our variables and our methods the two dependent variables as I've mentioned before whether they reported incidents to someone outside of the organisation and whether they reported it to a UK public authority and then with the independent variables that we're looking at characteristics of the organisations of the businesses like size, sector online activities whether they hold personal data by clients whether they have an online payment system in their online bank account if their employees could work from home then cyber security variables for example whether they consider cyber security a high priority if cyber security is outsourced or whether it is managed internally whether they have some form of cyber security insurance whether it's specific policy or it's probably a wider policy also if the businesses carry out some type of risk identification and whether they have sought government advice on cyber security issues and then we looked at the crime type of incident type and whether there was a negative impact from that which could be loss of money but it could also be loss of working hours of employees to deal with the incident now in the 2018 and 2019 waves of the survey there were two questions that we thought would be interesting regarding whether the business considered that it was prepared to deal with cyber security issues and whether they carried out any type of training with their employees this wasn't included in the 2020 survey so what we've actually done is we've estimated four binary logistic regression models so what we've done is for each dependent variable we've estimated two on the one hand a model with all three waves of the survey and on the other hand a model that only has the 2018 and 2019 waves but includes these variables of preparedness and training so for each dependent variable there are two models that we've looked at with regard to the results first of all I wanted to talk about the results for reporting to somebody outside the organisation so this is reporting to anyone outside the organisation that could be police, national security centre but also financial institutions cybersecurity providers et cetera so what we find is that the crime type is relevant as we would expect fishing is reported less than other types of incidents like hacking or identity theft the negative consequences are also relevant as you would expect when there are greater negative consequences reporting is more likely we also find that when businesses consider cybersecurity a high priority there are more likely to report incidents to someone outside the organisation and when they have an external cybersecurity management system the more likely to report to somebody outside the organisation is driven by the fact that they are reporting to external cybersecurity providers in contrast those businesses that internalise their cybersecurity management reported less to somebody outside the organisation and interesting we found in one of the models evidence that businesses that hold electronic data but customers were also less likely to report cybersecurity to somebody outside the organisation now with regards to reporting to the public authorities we find some similarities and some differences that could be quite relevant so we find similarities in the sense that the crime type is relevant fishing is reported less than other types of incidents the negative consequences increase the likelihood of reporting as does considering cybersecurity a high priority but in this case we find that those businesses with internal cybersecurity management are more likely to report to public authorities which contrasts with what we found regarding reporting to anyone outside the organisation and now we also found some weak evidence that those organisations that allow their employees to use personal devices for work tasks were less likely to report cybersecurity incidents to public authorities so I wanted to just finish by talking about the implications of these findings so regarding research question 1 we find limited evidence that the characteristics of businesses that are associated with cyber crime reporting but there's some particularly associations with regard to some activities such as holding customer information electronically or mobile working and the question of mobile working is particularly interesting in terms of companies the guardians of companies insurance system when performing work related tasks on personal devices who's considered the primary capable guardian who's responsible for reporting in the year of teleworking regarding research question 2 on attitudes and practices the association between considering cybersecurity a high priority and reported could be related to the perceived benefits of reporting in terms of making society in general more cyber secure and then the questions of the differences between external and internal cybersecurity management structures I'm going to come back to them in just a moment and finally regarding research question 2 the cyber crime content is related to reporting and negative impact and crime type are significant I think it's important to mention here mandatory reporting what types of crime and impact generate mandatory reporting because one would imagine that that's very important to the reported decision future research would analyse the dynamics created by mandatory reporting and its effectiveness so just to finish up the key takeaways in the discussion I think our findings generate discussion regarding above all the role of private cybersecurity companies and the criminal justice system in the prevention of cyber crime only 8% of the most descriptive incidents suffered by businesses were reported to public authorities 39.5% were reported to someone outside the organisation this ties in with previous research it could indicate that private entities prefer a private model of cyber crime control regarding cyber crime low levels of reporting to public authorities could be the result of a lack of confidence in the capacity of authorities to provide a suitable response perceptions that are taxed to be dealt with internally concerns about potential reputational damage or not wishing to share internet or business activity in case today with public authorities so this disparity between reporting to public authorities and reporting to anyone outside the organisation may exemplify the rise of private policing that has been documented with regard to cyber crime and this links in with our results that point to businesses with outsourced cybersecurity management reporting more to organisations but not to public authorities could this be an indication that cybersecurity companies either directly or indirectly discourage reporting to public authorities due to a lack of confidence in your ability or is there potentially an economic interest in reducing involvement of public authorities cyber security industry is privatised competitive and this could discourage involving public authorities with more cyber security work with greater economic benefits and then on the other hand do in-house cyber security teams trust public authorities more are they less driven by a direct profit motive and thus more inclined to seek external public help I think these questions advocate for future research this decision making process with regard to reporting cyber crime how this relates to organisation security regimes and how this relates to crime prevention and the role of criminal justice systems in the digital many thanks for listening you have my contact details there