Community Research and Development Information Service - CORDIS

FP7

E-CRIME Report Summary

Project ID: 607775
Funded under: FP7-SECURITY
Country: United Kingdom

Periodic Report Summary 2 - E-CRIME (Economic impacts of Cybercrime)

Project Context and Objectives:
E-CRIME (the economic impacts of cyber crime) is a three year project that started in April 2014 and will end in March 2017. The aim of the project is to reconstruct the spread and development of cyber crime in non-information and communications technology (non-ICT) sectors from the perspective of its economic impact on the key fabrics (i.e., economic and social) and different levels of European society, while also identifying and developing concrete measures to manage and deter cyber crime. E-CRIME aims at paving the way for a gradual shift towards a cyber security thinking that puts increasing resilience, multi-stakeholder co-operation and a comprehensive and integrated approach into the focus of cyber security strategies. In parallel it strives to make a contribution towards the development of comprehensive and economically viable counter-measures supporting the Digital Agenda for Europe, while boosting Europe’s economic performance and single market.
E-CRIME focuses on:
1. Mapping the observable developments and effects of cyber crime within and among non-ICT sectors, Member States and diverse stakeholder communities
2. Assessing existing counter-measures
3. Measuring the economic impact of cyber crime on non ICT-sectors and
4. Developing concrete inter-sector and intra-sector solutions to address cyber crime
E-CRIME does so by adopting an interdisciplinary and multi-level-stakeholder focused approach that fully integrates a wide range of stakeholders’ knowledge and insights into the project.
First, the project develops a detailed taxonomy and inventory of cyber crime in non-ICT sectors and analyses cyber criminal structures and economies by combining the best existing data sources with specialist new insights from key stakeholders and experts.
Second, it assesses existing counter-measures against cyber crime in non-ICT sectors in the form of current technology, best practices, policy and enforcement approaches, and awareness and trust initiatives.
Third, having mapped the ‘as-is’ of cyber crime, the project uses available information and new data to develop a multi-level model to measure the economic impact of cyber crime on non ICT-sectors.
Fourth, it integrates all its previous findings to identify and develop diverse, concrete counter-measures, combined in portfolios of inter-sector and intra-sector solutions, including enhancement for crime-proofed applications, risk management tools, policy and best practices, and trust and confidence measures.

The final results of E-CRIME are expected to have a positive and durable impact on:
1. Increasing awareness of policy makers
2. Helping business to provide crime-proofed applications
3. Increasing the trust and confidence of EU citizens in using cyber applications

E-CRIME has ten partners from eight European countries.

Website: http://ecrime-project.eu/

Project Results:
As of the end of March 2016, the E-CRIME project has advanced as planned with only minor delays. WP1, WP2 and WP3 were already finalised during the first reporting period with just some minor monitoring and maintenance activities taking place in these WPs during the second reporting period. WP4, WP5 and WP6 were successfully completed during the second reporting period. WP7 has been advancing steady, while finalisation of its results will occur in Period III. WP8 has started to plan its work and engage the team for the final year, while WP9 and WP10 run through the entire project.
The main results achieved in each WP have been used to feed other relevant WPs. Several internal and external meetings have been held, to: ensure the smooth advancement of the work; to collect information from stakeholders and end-users; and to ensure the visibility of project’s aims and achievements. The consortium has maintained and expanded the E-CRIME Stakeholder Forum (ESF). A major validation workshop for WP4, WP5 and WP6 was successfully held in The Hague, which saw the participation of 42 attendees, including external stakeholders, member of the ESF and representatives of other relevant EU projects. Several publications and participations at external events have occurred during this second period, which have generated a significant interest by key stakeholders and potential end-users.
Some minor delays occurred in WP5 (D5.1) and consequently this had a small impact on WP4 (D4.2) and WP6 (D6.1, D6.2 and D6.3). These delays were the result of difficulties in data collection efforts (i.e. survey and interviews) experienced during the summer. However, interim data collection and results were used and therefore this limited further delays for the deliverables in WP6 (D6.1, D6.2, D6.3). In spite of these delays, the data collection efforts were completed successfully within reporting period II. The consortium is confident that the project will proceed as planned for the upcoming reporting period III.
The E-CRIME project has already produced some interesting results during its two years. This includes:
First Reporting Period
• Development of the project handbook, providing a navigation guide to the consortium for the three years project cycle (WP1)
• Creation of an extensive contact list of stakeholders and an in-depth analysis of their motivations, providing an important tool for stakeholder engagement (WP1)
• Set up and launch of the E-CRIME Stakeholder Forum (ESF), comprising 27 members, which will support the working of the project across the three year plan (WP1)
• Finalisation of the methodology for the selection of the representative non-ICT sectors and Member States the project will focus on (WP1)
• Design, set up and launch of the project web site and social media presence (WP9)
• Finalisation of the E-CRIME exploitation and dissemination strategy, supporting stakeholder engagement and communication for the three years of the project (WP9)
• E-CRIME joined the joint working group 8 lead by CEN/CLC (CEN/CLC JWG8) on privacy management in product and services, which will provide a valuable venue for exploitation of the project results (WP9)
• The development of a taxonomy and inventory of cyber crime including cyber crime journeys (WP2)
• Information sharing via a workshop in Rome with the participation of circa 60 stakeholders
• A review and assessment of existing countermeasures, including technologies, best practices, and policies and regulations (WP3)
• Development of a theoretical framework and hypotheses on the impact of cyber crime (WP4)
• Development of a methodology for the data collection (i.e. survey and interviews) (WP4)

Second Reporting Period
• Expansion of the E-CRIME Stakeholder forum to 37 members by include prosecutors (Ms. Helena Kiely, the Chief Prosecution Solicitor for the Office of the Director of Public Prosecutions in Ireland –DPP- and Mr. Branko Stamenkovic, the Special Prosecutor for High-Tech Crime with the International Affairs and Legal Assistance Department of the Republic of Serbia Public Prosecutors Office) and the Law Enforcement Engagement Manager from AirBnB. (WP1)
• We have included a representative from Europol (Ms Manuela Mus) into the ECRIME Stakeholder Forum – Ms Mus is responsible for the Secure Platform for Accredited Cybercrime Experts (SPACE) project at Europol. (WP1)
• Integration of the ECRIME results into the work of ENISA in the fields of transport and health (who have assumed significant responsibility in the development of network and information (NIS) security, especially since the agreement on the EU NIS Directive.
• Completion of the expert interviews, circa 36 interviews completed (WP4)
• Analysis of the survey and interview responses (WP4)
• Collection of new data via a cross-country survey, circa 1000 for each country (WP5)
• Review and assessment of existing models and data on the impact of cybercrime (WP6)
• Development of a model for measuring the impact of cyber-crime in non-ICT sector (WP6)
• Information sharing via a second major workshop in The Hague with the participation of 42 stakeholders and in joint collaboration with EKSISTENZ (WP6).
• Initial analysis on inter-sector opportunities (WP7)
• Maintaining and enhancing the creation of a public profile for the E-CRIME project via the publication of several articles, the participation to external events, 2 press releases (1 in association with the project EKSISTENZ) and 4 newsletters (WP9)
• The establishment of a cooperation and integrated plan for common dissemination activities with the project EKSISTENZ as well as the identification of other cooperation targets that will be developed in the next upcoming period (WP9)
• Knowledge exchanges with relevant EU and national projects: EKSISTENZ, WISIND project, EVIDENCE project, Cyber ROAD project and DOGANA project (WP9)
• Intensification of external event participations including participation in the CEN/CENELEC JWG8 working meeting in Paris, UK National Crime Agency and UK Home Office Internal meeting to cite a few (WP9)
• Interim report on exploitation and dissemination activities (WP9)
• Successful management of one partner transfer (P4WWU) from Muenster University to University of Innsbruck (UIBK)
• Successful preparation and completion of the ethical auditing (WP10)
• Second intermediate management report, providing a detailed status and monitoring of the first half of reporting period II (WP10)

The major changes occurred during the second reporting period II are:
1) Transfer of partner from the P4WWU (Muenster University) to University of Innsbruck (UIBK). This has been affective from the beginning of the second reporting period.
2) Change in the makeup of the UNIL team with the departure of David Simms and the arrival of Christian Aghroum. This has been effective from the 1st of July 2015.
3) A substitution of one of the member of the Independent Ethical Board (IEB). Jean-Christophe Le Toquin has substituted Christian Aghroum. This has been effective from the 24th of July 2015.
4) Enhancement of both the E-CRIME Stakeholder Forum (ESF) and wider stakeholder group to include 15 new members (+10 ESF / +5 wider stakeholders) representing national prosecution offices, commercial companies, and researchers. Total stakeholder community for ECRIME currently sits at 88; up from 73 at the end of the first reporting period.
5) Change in the company status and name of the coordinator, from Trilateral Research & Consulting LLP to Trilateral Research Ltd.

WP1: Setting the scene (met all its deliverables and milestones during Period I, on-going management of ESF)
During the reporting period II, the E-CRIME team has maintained and expanded the E-CRIME Stakeholder Forum (ESF) following recommendations from the first reporting period. Specifically, several representatives of national prosecution offices have been contacted and two are now active members of the ESF.
WP2: Mapping cyber crime (met all its deliverables and milestones during Period I, on-going monitoring)
The team has submitted all the planned deliverables and met all the milestones during Period I. Some monitoring has occurred in Period II in relation to keep abreast of new developments.
WP3: Assessing existing policies and counter-measures (met all its deliverables and milestones during Period I, on-going monitoring)
The team has submitted all the planned deliverables and met all the milestones during Period I. Some monitoring has occurred in Period II in relation to keep abreast of new developments and updating journey mapping.
WP4: Framework for economic impact and analysis (now closed: met one deliverable in Period I, met all the other deliverables and all milestones in Period II)
During Period II, a number of in-depth interviews (36) were completed and the final analysis of the survey and interview results (D4.2) submitted with minor delays. The delay was due to problems in finalising the data collection in WP5 and last interviews caused by the summer vacation and low incidence of cyber crime among respondents. However, the team worked hard to avoid further delays and recovered some of the lost time. The results of WP4 were fed in WP6 for the development of the economic model for cyber crime.
WP5: Survey implementation (now closed: met deliverable and milestone in Period II)
The data collection for the survey was started and completed during the second reporting period. The target 1000 interviews have been achieved for all the six countries. However, some delays have occurred in the data collection in Estonia and in the collection of the boosting sample due to summer holidays and difficulties in screening across all the possible victims of cyber crime. This has caused some delay in the submission of D5.1. The team mitigated the effect of the delay on other WPs with the use of interim data and achieved the planned boosting sample without compromising on data quality. WP5 started in June 2015, once the survey questionnaire was finalised (as part of WP4). Fieldwork was completed in October 2016, while the final unweighted dataset was provided in November 2016. The weighted dataset was provided in December 2016.
WP6: Measuring the direct and indirect economic impact of cyber crime (now closes: met deliverable and milestone in Period II)
The main objectives have been to develop, calibrate and validate a multi-layer model measuring the economic impact of cyber crime on the selected non-ICT sectors. During Period II the team has finalised a review of relevant sources on the economic impact of cyber crime, focusing on cost-of-cyber crime studies, economic impact analyses in areas not related to cyber crime and theoretical work on relevant microeconomic concepts. Furthermore, the team has developed and validated with a group of stakeholders the economic model of cyber crime ( D6.1, D6.2 , D6.3 and M11 and M12). Minor delays have occurred in the submission of deliverables and meeting milestones due to delays in WP5 (D5.1).
WP7: Identifying gaps and solutions re cyber crime (on-going)
The main objectives are to use the findings and results from work packages 2, 3, 4, 5 & 6 to identify inter-sector and common solutions. These solutions will identify opportunities for deterring and managing cyber crime, ranging from; technology, regulation, co-ordination, risk management, and awareness and trust initiatives, among other means. All the bulk of the analysis has been completed during Period II. The submission of the WP7 deliverables (D7.1 and D7.2) and milestone (M13) are scheduled for Period III. We forecast some small delay in the submission of D7.1 and D7.2 due to the need of integrating the key insights from the opportunities workshop, which will be held on time at the end of May 206 in Period III.
WP8: Enhancement of sector specific risk management counter-measures (just started, on-going)
The main objective is to develop sector-specific methods, tools and measures to fight cyber crime by making use of the findings from WP7, 6, 5, 4, 3 and 2. WP8 started on time in M24 (March 2016). Some planning and preparatory activities have been carried on during Period II. We forecast no delays in the working of this work-package.
WP9: Dissemination and impact (entire project)
During this reporting period the consortium has continued delivering on the exploitation and dissemination strategy for the project (D9.1) by maintaining the project web site (http://ecrime-project.eu/), promoting the project through journal and magazine articles, as well as presenting results at conferences and in private meetings. The consortium issued two press releases, four newsletters during period two, as well as updated the detailed information pack for new stakeholders. The consortium has also carried on promoting the E-CRIME project in synergy with several EU projects. It has established mutually useful cooperation, and planned common dissemination activities, with the project EKSISTENZ as well as continuing the process of identifying other projects for cooperation and collaboration. These include: PRISMACLOUD, COURAGE, Cyber Road and EVIDENCE. Furthermore, it has joined CEN/CLC JWG8 and presented the project during a working meeting in Paris. In addition, based on E-CRIME work new publications have been produced during period II. Finally, the team consistently uses social media (Twitter and You tube) to promote the project and has expanded its presence in LinkedIn.
WP10: Project management (entire project)
The main task of the project management has been to ensure the overall coordination and management of E-CRIME project. The project coordinator’s office has during the second reporting reporting period achieved its goal to maintain an overview of the development of the work packages and the integration of the different work packages. During Period II, the team has successfully completed the ethical auditing (M9), submitted the second management report (D10.3), and co-organised and managed the attendance of ESF for the model validation workshop held in The Hague. In addition, it is providing a regular overview of the status of the project WPs, deliverables and milestones.

Potential Impact:
During Period II, the E-CRIME expected results and potential impact have begun to become more apparent. These results and impacts still fall along the following main categories: conceptual and methodological results and/or impact; empirical results and/or impact; information sharing results and/or impact, including increasing co-ordination and knowledge sharing among key cyber security stakeholders; policy outputs and/or impact including increasing the awareness of policy makers; industry oriented results and/or impact, including helping business to provide crime-proofed applications; and societal impact including increasing the trust and confidence of EU citizens in using cyber applications.
1. Conceptual and methodological results and/or impact
The E-CRIME project is built around a more comprehensive and multi-level approach to measure the impact of cyber crime on non-ICT sectors. The project has developed a model, based on a Supply-and-Demand framework, and has calibrated it during WP6. This model is the first of its kind in evaluating the economic impact of cyber crime from an economic point of view by splitting this impact into three parts: anticipation, consequence and response. Furthermore, the model relies on robust assumptions based on estimations derived from baseline data. Finally, the multi-level nature of the model not only allows to estimate the impact at the sector level but also at the societal level. Due to these features the model has been currently discussed at the Dutch Ministry of Economics as a reference to develop policies regarding cyber crime, while the UK Home Office is using the model to further validate their own investigation in this area.
2. Empirical results and/or impact
The E-CRIME project concentrated on a variety of forms of empirical stock-taking. The empirical work that was developed in the form of cyber crime journeys during Period I has been further exploited during the second phase of the project. Specifically, more regional and national enforcement agencies in the UK have taken the journeys mapping, provided further feedbacks and comments based on their real world experience in order to produce further enhanced and robust set of journey maps, which has enable them and an UK bank to include the maps as part of their training as well as exploiting further practical applications of the maps in their everyday processes.
Additional empirical results have also been developed during the second reporting period. Specifically, this entails both the initial methodological stock-taking of existing models and data on the economic impact of cyber crime as well as the collection of new data and insights on cyber crime. Based on the data collected during the E-CRIME survey and interviews, the consortium has quantitatively assessed the economic impact in some of the non-ICT sectors under study. In particular, we have been able to estimate the impact of cyber crime on adoption of online services and the losses due to identity theft both in the retail and bank sector. We also estimated key factors that drive the economic impact on the other sectors. These estimations have been greeted with great interest by our industry stakeholders (e.g. Pluscard) and some of them have started using it together with their internal cost model to assess losses due to cyber crime. In addition, we are in discussion with EKSISTENZ about the possibility to create a repository of data and empirical insights from both projects and other relevant `EU project to be hosted on a permanent basis within a web platform (i.e. this is linked to the idea of a cyber crime Observatory presented within EKSISTENZ project). In this way the central empirical result of E-CRIME and other EU projects will provide an empirical benchmarking and toolkit for end-users.
3. Information sharing results and/or impact including increasing co-ordination and knowledge sharing among key cyber security stakeholders
The E-CRIME project focuses in particular on a co-ordinated, multi-stakeholder approach to share information, strategies, actions and post-action evaluation in cyber security. The attentive management of the E-CRIME Stakeholder Forum (ESF) and its active participation into the E-CRIME activities has created an important channel for information sharing during the second reporting period. This has been done together with the consortium participation into external events. The foundations of the model were shared with a numerous group of stakeholders who attended the workshop held in The Hague, including relevant EU projects. This has allowed us to discover synergies for common actions and ways to exploit the E-CRIME models. Further knowledge was also shared with key cyber security and policy stakeholders via participation into external events, such as several regional and national UK enforcement agencies, the Dutch Ministry of Economics and the UK Home Office. All this has produced venues for the exploitation of the E-CRIME economic model. For instance, Deloitte in their report about "Cyber Value at Risk in the Netherlands" has acknowledged the difference among the different non-ICT sectors aligned with some of the E-CRIME results. In addition, the E-CRIME coordination with the EKSISTENZ project in relation to the cyber crime Observatory aims at co-ordinating empirical efforts and creating a one-stop-shop for knowledge sharing in cyber crime.
4. Policy results and impact including increasing the awareness of policy makers
The E-CRIME project focuses in particular on the link between the insights and feedbacks of end-users and cyber security research, and the policy recommendations that might lead to improved cyber security in Europe. During the second reporting period the impact of E-CRIME work on policy has become more apparent. As mentioned previously E-CRIME economic model have been discussed both at the Dutch Ministry of Economics and the UK Home Office. Both organisations are looking at ways to use the model either as a reference to develop policies regarding cyber crime (the Dutch Ministry of Economics), or as a reference to validate their own investigation in the area (the UK Home Office).
Further impact on policies will be produced during Period III. We are confident that if the project continues on its current trajectory, it will produce further results and new contributions to policy developments aimed at reducing and managing cyber risks, while increasing the understanding and situational awareness of policy-makers.
5. Industry oriented results and/or impact, including helping business to provide crime-proofed applications
Cyber security providers and industry end-users are one of the main beneficiaries of the E-CRIME project. The work done during the second reporting period has provided the industry stakeholders with valuable estimations of the economic cost of cyber crime that can be used in conjunction with their cost model to direct their investment and cyber risk strategies. After communicating the findings of the E-CRIME economic model we have seen a clear interest from some of our industry stakeholders. In practical terms, this mean that the consortium is working with one of our financial industry stakeholders (i.e., Pluscard) on enhancing the model to address a specific and practical application for the financial sector (i.e. the economic impact of payment card fraud). This will provide a thorough estimation tool for sizing the economic impact of payment card fraud on the financial sector, which will be the foundation for data-driven cyber risk management suggestions. We anticipate that these will significantly improve the cost effectiveness of the card reissuing process and/or other anti-card fraud mitigation measures.
Assuming that the E-CRIME project continues on its current trajectory, it will see more significant industry oriented results. In the final reporting period, the project will result in additional concrete developments for cyber security applications and risk management tools. This will be achieved through the identification of sector specific requirements for cyber security applications and enhanced economically-based approaches for the management of cyber security.
6. Societal impact, including increasing the trust and confidence of EU citizens in using cyber applications
The deliverables produced during the second reporting period (e.g., our analysis of the survey and interviews, and development of the economic model) and their dissemination have had an impact on increasing the awareness of citizens and society as a whole in relation to cyber crime. Specifically, the model is the first of its kind in allowing one to estimate the impact, not only at the sector level, but also at the societal level. The model has also made visible the factors that drive the economic impact on some of the non-ICT sectors and society. Finally, in particular, the model has been able to estimate the impact of cyber crime on adoption and/or avoidance of online services. The consortium will use the insights from the model to guide our work in Period III when the team will develop awareness, trust and confidence measures in the forms of recommendations and guidelines. The projects’ final contributions in understanding cyber security and insecurity in this context (i.e., issues of trust and confidence), while also suggesting practical guidelines to address the identified issues, therefore possesses the potential to increase confidence in on-line applications and reduce online avoidance. This could have a knock-on effect on citizen use of cyber applications with potentially large positive consequences.

List of Websites:
http://ecrime-project.eu/

Reported by

TRILATERAL RESEARCH LTD
United Kingdom

Subjects

Safety
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top