Methodology
Data Vulnerability Thermometer is a tool designed and developed by Surfshark to educate users on how data breaches may lead to various cybercrimes. The list of possible crimes is not exclusive. If your data has been breached, we advise you to take necessary precautions to limit risks and prevent any possible attacks by criminals.
Data Vulnerability Thermometer also contains an extensive library of internet crimes with tips on how to prevent them and official data on the severity and rates of these crimes. The tool has been developed for individual users, therefore it does not include online crimes that only affect businesses.
Data Vulnerability Thermometer also contains an extensive library of internet crimes with tips on how to prevent them and official data on the severity and rates of these crimes. The tool has been developed for individual users, therefore it does not include online crimes that only affect businesses.
This study used 2015-2024 information from the Federal Bureau of Investigation (FBI).
Sources:
- Sources and useful links related to a specific cybercrime are listed on each crime page separately.
- Federal Bureau of Investigation Internet Crime Complaint Center. (2015-2024). Internet Crime Report.
- NTIA Internet Use Survey (2023). Internet Use (Any Location).
Find full research material here
Internet crime report data was aggregated and analyzed according to overall financial losses, losses by complaint, complaint count, associated age groups, and the number of cybercrime complaints per 100,000 internet users.
For this project, excluding the cybercrime statistics page, we specifically selected internet crimes that affected individual people. Online crimes that affect only businesses, such as "Business Email Compromise/Email Account Compromise," were not included. Internet crimes such as "Data breach" were not included either, as it is often a result of criminal hacking or human error.
For this project, excluding the cybercrime statistics page, we specifically selected internet crimes that affected individual people. Online crimes that affect only businesses, such as "Business Email Compromise/Email Account Compromise," were not included. Internet crimes such as "Data breach" were not included either, as it is often a result of criminal hacking or human error.
With the help of cybersecurity experts, each crime was connected with the data point combinations (from 2 to 4 data points) that can lead to the specific crime. Assigned cyberthreat point values were calculated as follows:
If the selected data points matched 50% or more (but less than 100%) of the combination of a specific crime, one-tenth of the cyberthreat points, but not smaller than 1, it was added to the overall threat value. Crime number with a match less than 100% is limited to three crimes with the biggest threat.
If the selected data points matched 100% of the combination of a specific crime, cyberthreat points assigned to the crime according to the methodology above were added to the overall threat value.
- Cyberthreat points (ranging from 1 to 30) are the sum product of financial losses and probability points that were divided by their smallest value.
- Financial loss points were calculated by dividing the average losses of the last three years by their smallest value.
- Probability points were derived in the same way, using the victim count value instead of the average loss.
- Crimes that can result from data point combinations with different lengths were given proportional values to the number of data points.
- Crimes that do not have statistics of financial losses and victim count, such as “Spam,” were given 0 points.
If the selected data points matched 50% or more (but less than 100%) of the combination of a specific crime, one-tenth of the cyberthreat points, but not smaller than 1, it was added to the overall threat value. Crime number with a match less than 100% is limited to three crimes with the biggest threat.
If the selected data points matched 100% of the combination of a specific crime, cyberthreat points assigned to the crime according to the methodology above were added to the overall threat value.
The probability of becoming a victim of a specific cybercrime was measured by comparing the number of specific cybercrime events to the total number of cases possible. The probability was expressed in % to fit the scale where the highest probability is equal to 100%. Range 0-20% is considered as very low, 20-40% — low, 40-60% — medium, 60-80% — high, 80-100% — very high probability.
Sources:
Sources and useful links related to a specific cybercrime are listed separately for each crime.
Federal Bureau of Investigation Internet Crime Complaint Center. (2015-2024)