Understanding Online Victimization

Pattern number within this pattern set: 
Laura Huey
University of British Columbia

In reviewing the literature on cybercrimes, we have found that the overwhelming focus of research to date has been on offences and offenders - particularly hackers (c.f. Taylor 1999) - rather than on victims. This is viewed as problematic because, without an understanding of the dynamics of victimization, including the means by which victims assess risk, the task of online crime prevention is made significantly more difficult, if not ultimately impossible.


Why are some people more at risk for online victimization than others? Can we isolate individual and social factors to explain victimization and, ultimately, to reduce its occurrence? This pattern is concerned with identifying and developing strategies to address a significant online problem - cybervictimization.


A review of the literature on computer crimes reveals that there is very little data available on processes and patterns of victimization involving individuals as user-victims. Based on our (the authors') experiences in the I.T. field, and an analysis of selected cases, we have developed a typology of victims to be used, we believe, as a very necessary first step in setting a future research agenda. In our typology, we have defined four categories of victims according to characteristics of behaviour that place them at risk of victimization. These are: the naive user, the frugal user, the invulnerable user, and the desiring user. We have also attempted to define the relationship between user-victim type and risk of victimization for different types of online offences. For example, we suggest that the naive user is an individual who sees the Internet largely as a benevolent place, and therefore he or she is more likely to provide personal information online to strangers.

We also discuss the nature of trust and distrust online, and map out two particular types of trust that we see as playing a role in facilitating risk-taking behaviour by individuals online. These are: personal and probabilistic trust. Probabilistic trust is defined as trust that arises from a favourable risk assessment. We see this form of trust as dependant on actuarial calculations (i.e. considering all relevant factors, what is my risk of victimization if I engage in this particular activity?) Probabilistic trust is based on the individual’s perceptions of their own ability to discern risk and to take appropriate actions to avoid victimization. This form is contrasted with personal trust, which is defined as trust arising from an user’s perception of others as trustworthy. In essence, the former user relies on his or her own abilities, whereas the latter relies on the trustworthiness of others. We see both types of trust as existing on a continuum, rather than as absolute values. Thus, a user can exhibit both probabilistic and personal trust, although we do suggest that some users are more likely to act based on one form, rather than on another.

Authors: Laura Huey and Richard S. Rosenberg


What is necessary to address the pattern that we have identified here is the development and execution of a new research agenda that focuses on victims as a valuable source of information on online crime. We offer our typology as a first step, albeit one that needs to be subjected to more rigorous empirical and analytical scrutiny by both criminologists and computer scientists.

Pattern status: