Bill Overview
Title: Better Cybercrime Metrics Act
Description: This bill establishes various requirements to improve the collection of data related to cybercrime and cyber-enabled crime (cybercrime). Among the requirements the Department of Justice (DOJ) must enter into an agreement with the National Academy of Sciences to develop a taxonomy for categorizing different types of cybercrime faced by individuals and businesses; DOJ must establish a category in the National Incident-Based Reporting System for collecting cybercrime reports from federal, state, and local officials; DOJ's Bureau of Justice Statistics and the Bureau of the Census must include questions about cybercrime in the annual National Crime Victimization Survey; and the Government Accountability Office must assess the effectiveness of reporting mechanisms for cybercrime and disparities in reporting cybercrime data and other types of crime data.
Sponsors: Sen. Schatz, Brian [D-HI]
Target Audience
Population: Individuals and businesses affected by cybercrime
Estimated Size: 150000000
- The Better Cybercrime Metrics Act is focused on improving the collection of data related to cybercrime, which is a global issue.
- Cybercrime affects individuals and businesses worldwide, across multiple sectors and demographics.
- According to FBI's Internet Crime Complaint Center, there were over 570,000 complaints, and losses exceeding $4 billion in 2020 alone, indicating that millions could be impacted globally by enhanced data collection and mitigation strategies.
- Individuals, businesses, and government entities are the main targets of cybercrime, including hacking, phishing, and ransomware attacks.
Reasoning
- The policy focuses on enhancing data collection and categorization about cybercrime, which will not directly reduce its instances but could improve responses and solutions in the longer term.
- Many individuals and businesses in the US may interact with cybercrime either as victims or to protect themselves from potential attacks, making this policy broadly relevant.
- Different demographics, occupations, and geographic areas have varying levels of risk and engagement with online activities, leading to varying impacts.
- The budget limits suggest that significant immediate change may occur primarily for targeted organizations like DOJ and NAS, with long-term secondary benefits for individuals and businesses depending on policy execution.
- Improved data on cybercrime could lead to better IT security policies, influencing well-being indirectly over time.
Simulated Interviews
Software Developer (Austin, Texas)
Age: 35 | Gender: male
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 15/20
Statement of Opinion:
- I think having better metrics will help us in cybersecurity to understand the threats more comprehensively.
- Hopefully, it can lead to more targeted defenses and lessen the workload over time.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 9 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Small Business Owner (Silicon Valley, California)
Age: 28 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 12/20
Statement of Opinion:
- It seems like a positive move, but I would like to see concrete results or actions following the data collection.
- Stronger regulations or supports would be beneficial for small businesses against cyber threats.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 7 | 6 |
| Year 20 | 7 | 6 |
Financial Analyst (New York City, New York)
Age: 50 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 10.0 years
Commonness: 8/20
Statement of Opinion:
- Improving reporting and understanding sounds good, but I’m concerned about the time it will take for meaningful action.
- Immediate protective measures for consumers would also be appreciated.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
Farmer (Rural Iowa)
Age: 42 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 2.0 years
Commonness: 18/20
Statement of Opinion:
- I’m not sure how this affects me since I don't do much online besides basic communication.
- It's good to focus on these issues, but I'll believe in change when I see it.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 7 | 7 |
| Year 10 | 7 | 7 |
| Year 20 | 7 | 7 |
Retired (Miami, Florida)
Age: 60 | Gender: female
Wellbeing Before Policy: 4
Duration of Impact: 5.0 years
Commonness: 10/20
Statement of Opinion:
- Scams and online security are a big concern, especially for seniors like me.
- It’s reassuring that there’s a focus on data collection, but I hope it leads to action that protects us.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 4 | 4 |
| Year 2 | 5 | 4 |
| Year 3 | 5 | 4 |
| Year 5 | 5 | 4 |
| Year 10 | 5 | 4 |
| Year 20 | 5 | 4 |
Police Officer (Chicago, Illinois)
Age: 45 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 14/20
Statement of Opinion:
- Enhancing data collection is crucial in our line of work.
- Accurate categorization will improve our ability to respond effectively to cyber incidents.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 6 |
| Year 20 | 8 | 6 |
Marketing Specialist (Seattle, Washington)
Age: 31 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 7.0 years
Commonness: 16/20
Statement of Opinion:
- Having a better understanding of types and frequency of cybercrime could mean better protective strategies in marketing.
- I hope this helps in creating stricter cybersecurity norms.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
Student (Los Angeles, California)
Age: 24 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 3.0 years
Commonness: 20/20
Statement of Opinion:
- It's important to have better metrics but as a student, I’m not directly affected yet beyond general awareness.
- I do worry about privacy, though.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 6 |
| Year 10 | 6 | 6 |
| Year 20 | 6 | 6 |
Entrepreneur (Houston, Texas)
Age: 55 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 11/20
Statement of Opinion:
- Better data can help in business policies for cybersecurity and prevent losses.
- We need actionable insights and support in implementing the findings.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Non-Profit Manager (Denver, Colorado)
Age: 30 | Gender: other
Wellbeing Before Policy: 5
Duration of Impact: 8.0 years
Commonness: 13/20
Statement of Opinion:
- Improved data could potentially guide our educational content more effectively.
- It's crucial to build policies that protect the most vulnerable.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
Cost Estimates
Year 1: $50000000 (Low: $40000000, High: $60000000)
Year 2: $40000000 (Low: $35000000, High: $50000000)
Year 3: $30000000 (Low: $25000000, High: $40000000)
Year 5: $25000000 (Low: $20000000, High: $30000000)
Year 10: $20000000 (Low: $15000000, High: $25000000)
Year 100: $0 (Low: $0, High: $0)
Key Considerations
- The costs and savings are estimates based on the assumption of efficient implementation and practical utility of the data collected through enhanced metrics.
- The actual impact on reducing cybercrime depends significantly on the executive and legislative follow-up on implementing proactive crime prevention measures.