Methodology
What is the data vulnerability thermometer?
The Data Vulnerability Thermometer is a tool designed and developed by Surfshark to educate users how data breaches may lead to various cyber crimes. The list of possible crimes is not exclusive. If your data has been breached, we advise you to take necessary precautions to limit risks and prevent any possible attacks by criminals.
The Data Vulnerability Thermometer also contains an extensive library of internet crimes with tips on how to prevent them and official data on severity and rates of these crimes. The tool has been developed for individual users, therefore it does not include online crimes that affect only businesses.
The Data Vulnerability Thermometer also contains an extensive library of internet crimes with tips on how to prevent them and official data on severity and rates of these crimes. The tool has been developed for individual users, therefore it does not include online crimes that affect only businesses.
What sources does data vulnerability thermometer use?
This study used 2015-2022 open-source information from the Federal Bureau of Investigation (FBI).
Sources:
- Sources and useful links related to a specific cybercrime are listed on each crime page separately.
- Federal Bureau of Investigation Internet Crime Complaint Center. (2015-2022). Internet Crime Report.
- Internet Users by Country Stats (2021). Internet Usage Statistics.
- United Nations Department of Economic and Social Affairs Population Division (2022). World population prospects.
How was the data processed?
Internet crime report data was aggregated and analyzed according to overall financial losses, losses by victim, victim count, age groups, and the number of cybercrime victims per 1,000,000 internet users. Internet crime is a global problem, but around 55% of complaints and financial losses are registered in the USA.
For this study, we specifically selected internet crimes that affected individual people. Online crimes that affect only businesses, such as "Business Email Compromise/Email Account Compromise," were not included in the statistics. Internet crimes such as “Data breach” were not included either, as it is often a result of criminal hacking or human error.
Data breach density data was taken from the Surfshark Alert (a data breach detection tool) database, which comprises all publicly available breached data sets to inform our users of potential threats. Breached account number in 2021 was analyzed according to the number of cybercrime victims per 100 internet users.
For this study, we specifically selected internet crimes that affected individual people. Online crimes that affect only businesses, such as "Business Email Compromise/Email Account Compromise," were not included in the statistics. Internet crimes such as “Data breach” were not included either, as it is often a result of criminal hacking or human error.
Data breach density data was taken from the Surfshark Alert (a data breach detection tool) database, which comprises all publicly available breached data sets to inform our users of potential threats. Breached account number in 2021 was analyzed according to the number of cybercrime victims per 100 internet users.
How was the threat score calculated?
With the help of cybersecurity experts, each crime was connected with the data point combinations (from 2 to 4 data points) that can lead to the specific crime. Assigned cyberthreat point values were calculated as follows:
If the selected data points matched 50% or more (but less than 100%) of the combination of a specific crime, one-tenth of cyberthreat points, but not smaller than 1, it was added to the overall threat value. Crime number with a match less than 100% is limited to three crimes with the biggest threat.
If the selected data points matched 100% of the combination of a specific crime, cyberthreat points, assigned to the crime according to the methodology above, were added to the overall threat value.
- Cyberthreat points (ranging from 1 to 30) are the sum product of financial losses and probability points that were divided by their smallest value.
- Financial loss points were calculated by dividing the average losses of the last three years by their smallest value.
- Probability points were derived in the same way using the victim count value instead of average loss.
- Crimes that can result from data point combinations with different lengths were given proportional values to the number of data points.
- Crimes that do not have statistics of financial losses and victim count, such as “Spam”, are given 0 points.
If the selected data points matched 50% or more (but less than 100%) of the combination of a specific crime, one-tenth of cyberthreat points, but not smaller than 1, it was added to the overall threat value. Crime number with a match less than 100% is limited to three crimes with the biggest threat.
If the selected data points matched 100% of the combination of a specific crime, cyberthreat points, assigned to the crime according to the methodology above, were added to the overall threat value.
How was the crime probability calculated?
The probability of becoming a victim of a specific cybercrime was measured by comparing the number of specific cybercrime events to the whole number of cases possible. The probability was expressed in % to fit the scale where the highest probability is equal to 100%. Range 0-20% is considered as very low, 20-40% - low, 40-60% - medium, 60-80% - high, 80-100% - very high probability.
Sources:
Sources and useful links related to a specific cybercrime are listed in each crime page separately.
Federal Bureau of Investigation Internet Crime Complaint Center. (2015-2021)