Cyberattacks: the consequences are not only financial, they can also be psychological

Cyberattacks: the consequences are not only financial, they can also be psychological Cybersecurity

Most analyzes of cybercrime highlight the financial costs and technical aspects of an attack. As a result, the psychological impact on a victim of hacking, ransomware, or any other cyber attack is generally overlooked.

Professor Mark Button, director of the Center for Counter Fraud Studies at the University of Portsmouth, warns of the widely held belief that cybercrimes have less impact on victims than crimes that take place “in real life”. However, his research proves the opposite: cyberattacks can score as much as certain “physical” crimes like burglaries. Sometimes the psychological consequences are even more serious.

Psychological consequences on the victim

Mark Button’s team interviewed 52 victims of computer abuse for a study commissioned by the Interior Ministry, to assess the impact of computer crimes ranging from hacking and intentional viral infections to denial of service attacks and ransom demands. Cybercrime accounts for approximately 10% of all reported crimes.

Some victims experience a violation of their privacy, just as in the context of a physical attack, describes the researcher. Many report psychological consequences such as anger, anxiety, fear, isolation or shame.

“It’s stressful and scary in many ways. It’s really depressing to understand that something that you have been able to work on for the past two years may just disappear in the blink of an eye, ”confided a victim, then employed by a small business, interviewed in the context of this investigation.

Little taken seriously

Of the 52 cases, only four resulted in a criminal conviction. The majority of cases did not receive police attention: only 13 of them received a response from the police in some form – call, visit, or any other type of communication.

Victims of the investigation suffered financial losses ranging from 2 to 10,000 pounds sterling (between 2,200 and almost 11,000 euros). In one of the cases, the consequences of the incident generated more than 80,000 pounds for an SME (approximately 88,000 euros). Another lost 40,000 pounds (about 43,900 euros) and 70% of its customers following a cyber attack.

But the consequences of these attacks were not only financial.


“In some cases, there has been no financial loss, but the consequences have been disastrous,” says Mark Button. He takes the example of the owner of a small business, whose PCs were frozen by ransomware, who decided to go back to paper, feeling very uncomfortable with the computer tool following the attack.

“It was probably the most stressful four hours of my career. I arrived in the morning expecting to get fired. Because in the end, it’s my web server, so it is my responsibility to make sure that this kind of thing does not happen, ”explains another victim of a hacking attack in a small organization.

Finally, there is also anger, as in the case of another small business, which expresses itself following the ransomware attack it suffered: “another consequence is of course a feeling of anger, I suppose , that you are subjected to such inconvenience in an attempt to extort money from you. ”

Difficult cases to deal with for law enforcement

Some victims struggled to obtain police support for their cases, even when there was clear evidence of the crime. Research shows that SMEs ransomware victims are most likely to receive a visit from the police. However, in most cases she was helpless.

Most of the time, there are not enough trained police officers to deal with cybercrime. And even when there is, it is difficult to investigate and especially to elucidate the crime since cybercriminals are generally in another country or simply out of reach.

Many victims also need technical support but do not know where to get it, adds the researcher.

Investigation findings

“The problem comes from both attitude and resources. However, this type of crime will only increase, so we really have to tackle it, ”warns Mark Button.

This survey recommends in particular that “Action Fraud” (in the United Kingdom) be renamed “National Fraud and Cyber ​​Crime Reporting Center” in order to make its role clearer. She also urged that all police officers dealing with victims be better trained in what constitutes a crime of computer abuse, adding that “Action Fraud” and the police should do more to ensure that victims receive timely information on the outcome of their case.

Finally, the team concludes that law enforcement should devote more resources to the fight against cybercrime.



Rate article