Zeng, Yongyu and Buil-Gil, David (2023) Organizational and Organized Cybercrime. In: Oxford Research Encyclopedias. Oxford University Press.
Full text not available from this repository.Abstract
Cybercrime has been on the rise since the 1990s, affecting individuals, private organizations and public agencies. There is an increasing involvement of organizations, both legitimate businesses and organized crime groups, in cybercrime, either as offenders or facilitators, but also as victims of cybersecurity attacks and cyber-enabled fraud. Since the “organizational” aspect of cybercrime is growing rapidly, this chapter urges cybercrime research to shift the attention toward better understanding, theorizing, and preventing cybercrimes with a direct or indirect involvement of organizations. This chapter describes the state of the art of organizational and organized cybercrime research. That is, the chapter describes what research has found regarding the role of organizations, both legitimate businesses and organized crime groups, in cybercrime, either as offenders, facilitators, or victims. Consequently, the chapter identifies common themes emerging from criminological studies, and illustrates research findings with case studies of cybercrimes recorded in France, the United States, Costa Rica, and the United Kingdom. Studies focusing on organized cybercrime groups show that offending networks have a spectrum of organizational complexity—from one extreme of loosely connected actors driven by common interests instead of stated leaders, to the other extreme of enduring and tightly connected groups of core members who coordinate the division of labor—with both illicit online sites and pre-existing relations in offline settings playing important roles in criminal network development. Cybercriminals may be parasitical on legitimate organizational structures and procedures in creating an outlook of legitimacy for concealment. Legitimate businesses may also facilitate white-collar cybercrime by providing the organizational means and resources for employees to carry out generally low-tech data breaches during their occupations, as well as directly engaging in cybercriminal activities such as cyber-espionage and cyber-enabled tax avoidance. Regarding the role of organizations as victims of cybercrime, research shows that the risk, nature, and harm of cybersecurity incidents varies extensively depending on the sector and size of organizations, and while not all forms of technical protection equally prevent organizational cybercrime victimization, improving cybersecurity awareness of employees (e.g., through training and seminars) seems to have strong impacts in preventing future incidents. The chapter then identifyies gaps in research and points researchers toward areas in which further research is needed.