What is the data vulnerability thermometer?
The Data Vulnerability Thermometer also contains an extensive library of internet crimes with tips on how to prevent them and official data on severity and rates of these crimes. The tool has been developed for individual users, therefore it does not include online crimes that affect only businesses.
What sources does data vulnerability thermometer use?
- Sources and useful links related to a specific cybercrime are listed on each crime page separately.
- Federal Bureau of Investigation Internet Crime Complaint Center. (2015-2022). Internet Crime Report.
- Internet Users by Country Stats (2021). Internet Usage Statistics.
- United Nations Department of Economic and Social Affairs Population Division (2022). World population prospects.
How was the data processed?
For this study, we specifically selected internet crimes that affected individual people. Online crimes that affect only businesses, such as "Business Email Compromise/Email Account Compromise," were not included in the statistics. Internet crimes such as “Data breach” were not included either, as it is often a result of criminal hacking or human error.
Data breach density data was taken from the Surfshark Alert (a data breach detection tool) database, which comprises all publicly available breached data sets to inform our users of potential threats. Breached account number in 2021 was analyzed according to the number of cybercrime victims per 100 internet users.
How was the threat score calculated?
- Cyberthreat points (ranging from 1 to 30) are the sum product of financial losses and probability points that were divided by their smallest value.
- Financial loss points were calculated by dividing the average losses of the last three years by their smallest value.
- Probability points were derived in the same way using the victim count value instead of average loss.
- Crimes that can result from data point combinations with different lengths were given proportional values to the number of data points.
- Crimes that do not have statistics of financial losses and victim count, such as “Spam”, are given 0 points.
If the selected data points matched 50% or more (but less than 100%) of the combination of a specific crime, one-tenth of cyberthreat points, but not smaller than 1, it was added to the overall threat value. Crime number with a match less than 100% is limited to three crimes with the biggest threat.
If the selected data points matched 100% of the combination of a specific crime, cyberthreat points, assigned to the crime according to the methodology above, were added to the overall threat value.