Report Calls for Unified Federal Approach to Cybercrime Data Collection

A new report by the National Academies of Sciences, Engineering, and Medicine highlights the urgent need for the US to improve its coordination and governance of cybercrime data collection.

Commissioned by Congress under the 2022 Better Cybercrime Metrics Act, the report recommends creating or designating a national clearinghouse to consolidate cybercrime data from various federal agencies.

It emphasizes the importance of consistent definitions and unified reporting standards to enhance investigations and public policy.

Cybercrime, encompassing phishing, identity theft, ransomware, cyberterrorism, and other threats, presents escalating dangers to individuals, businesses, and government agencies.

Despite cybercrime’s growing impact, the US lacks a comprehensive and coordinated system for tracking and analyzing cybercrime. At least 13 federal agencies collect data, but they operate independently and without a shared taxonomy or clear boundaries for what constitutes a cybercrime incident.

Additional challenges include significant under-reporting, rapid technological changes, and the complexity of determining who qualifies as a “victim” when breaches impact vast numbers of people.

The report proposes a national taxonomy for cybercrime categories to guide consistent cybercrime data collection and recommends that the FBI incorporate it into the National Incident-Based Reporting System.

It also recommends improvements to the Bureau of Justice Statistics’ National Crime Victimization Survey, including enhancements to its cybercrime coverage and repetition of relevant survey supplements. These steps aim to improve statistical clarity without requiring systemic overhauls.

Lawyers should note that the report examines the evolving landscape of cybercrime regulation and the need for their clients, especially in data-sensitive industries, to anticipate stricter reporting expectations.

Clients should be educated by IT on risk mitigation strategies. Attorneys should provide counseling on proactive incident reporting and staying informed about regulatory developments that are likely to influence liability, compliance obligations, and public trust.