Cyber crime victims in the Netherlands not reporting offences

Only one in seven victims of cyber crime in the Netherlands reports it to the police, according to research which also revealed dissatisfaction among those that do report such incidents.

The research was conducted by The Hague University of Applied Sciences, Dutch cyber security centre the NCSC and Erasmus University on behalf of the Police and Science research programme.

Cyber attacks on IT systems, such as malware, ransomware, hacking and distributed denial of service (DDoS), in particular, are rarely reported, the research showed.

“What was striking about the study is that there were quite big differences between what people said they would do if they were victims and what they actually did when this was the case,” said Rutger Leukfeldt, project leader for the study.

A so-called vignette study, in which imaginary situations were presented to respondents, examined how they would react if they became victims of online crime. “Two-thirds said they would report it, but in the end, only one in seven victims actually appear to go to the police,” said Leukfeldt.

Another striking conclusion of the study was that there appears to be relatively little difference between the willingness of citizens and entrepreneurs to report cyber crime. The most frequently cited reasons for not reporting it were that people “would solve it themselves” and the expectation that “'the police will do nothing about it”.

Victims of cyber crime who did report it were “very dissatisfied” in half of the cases because the police reacted indifferently and the problems were not solved.

Leukfeldt expressed hope that the Dutch police would look seriously at the results of the investigation, and said the question of whether the police were the right organisation to deal with cyber crime was clear to him.

“The police certainly have a role to play and must continue to do so,” he said. “At the moment, the Dutch police are busy adapting the organisation to the modern, digital age. Given the size of the police force, that is no easy task, but it is a necessary development.”

Research by Statistics Netherlands, a Dutch governmental institution that gathers statistical information about the country, shows that fewer Dutch people are becoming victims of traditional forms of crime, but the number of victims of cyber crime is increasing. Also, people’s willingness to report online crime fell from 38% in 2012 to 32% in 2019.

“Digital crime requires a different kind of knowledge and skills within police teams,” said Leukfeldt, who knows from other research that many cyber criminal organisations actually comprise only a few technical experts, supplemented by people with traditional criminal skills.

“In my view, the police should also operate in this way,” he said. “Not with specialised digital teams, but by adding technicians to basic investigative teams.”

Funds are needed to reform the Netherlands’ police force, but when the police cannot demonstrate that cyber crime is a serious problem in the country, it becomes difficult to get a budget to make the necessary changes.

“That is why it is important to increase people’s willingness to report cyber crime,” said Leukfeldt. “Our world is rapidly digitising and digital victimisation is high compared with victims of traditional crime. This will only get worse in the coming years. If the police do not start improving the experience of victims right now, in five to 10 years’ time they will be an outdated organisation that is not adapted to deal with cyber crime.”

What is more, the police are there to catch criminals, whether they are breaking into houses or computers, he said. “There are many international cyber crime gangs, and they may not be easy to catch. That may be one reason why people don’t report cyber crime. But what people don’t realise is that we also have a lot of cyber criminals here in the Netherlands.

“Take WhatsApp fraud or Marktplaats [a Dutch classified advertising site] fraud – these are conducted mostly by Dutch criminal groups. If you don’t report them, no investigation will be started and nobody will be caught.”

The impunity of many cyber criminals is another point of concern, said Leukfeldt. “For yet another study, we are conducting interviews with young hackers,” he said. “They live in a kind of subculture in which everyone hacks and finds that perfectly normal. When they can go their own way and don’t hear about people being arrested for what they are doing, it becomes their new normal. They don’t see why it’s not OK what they are doing.”

Leukfeldt said it is important not to allow a world like that to exist, so reporting online crime is critical. “The police have an expectation management task here,” he added. “When someone stands at the front desk at the police station to report it, it is important to listen to the victims and make it clear what they can expect from the police. Above all, it is very important for victims to be heard.”

The investigation into people’s willingness to report cyber crime revealed that one in three victims does report online crime to other organisations, such as banks, hotlines and helpdesks, which offers opportunities for cooperation between the police and these entities to improve the information flow to the police.

“Don’t forget that considerable steps have already been taken in adapting the police in the Netherlands to the modern, digital age,” said Leukfeldt. “In 2007, we only had the Team High Tech Crime here, but since last year, we have had a cyber team at every unit level. That is an enormous improvement.

“The next step, for example, is to add digital specialists to all the basic teams. We may not be there yet, but a lot is certainly being done in this area.”