Other partners in the UdeM-led consortium include the Montreal-based cybersecurity firm Flare Systems, the Max Planck Institute for the Study of Crime, Security and Law (in Freiburg), the Cyberintelligence Institute (in Frankfurt), and the Freie Universität Berlin.
“Our aim is to develop a model that systematically, reproducibly and verifiably captures the material and immaterial harms caused by cybercrime in the short, medium and long term,” said Nicole Hartlapp, head of Cyberagentur’s Cybervigilant Society unit.
There are also a cascading series of other effects, mostly overlooked, and for which Germany currently lacks metrics and methodologies to comprehensively map the harms, she added.
Direct monetary losses are only part of the phenomenon. Loss of trust, psychological stress, reputational damage, business interruptions, strains on resources as IT infrastructures are restored, and long-term follow-up costs are also deeply felt.
Until now, these elements have been neglected in analyses of the problem, Hartlapp said.
“Without reliable data, there is a risk that cyber threats will be overestimated or underestimated, which can lead to misplaced priorities and inefficient use of resources,” she noted.
Under ARCH, harms will be mapped in a matrix that takes into account their severity, duration and societal impact. Using a triple scale, cyber incidents will be assigned both a monetary value and a qualitative index for intangible harms, such as stress or loss of trust.
The project will be of particular relevance to law enforcement agencies and other institutions, who not only document cybercrime but also want to strategically anticipate and effectively address it, the research team believes.
‘Not just stolen data’
The results of their project could also allow policymakers to better analyze harm distributions, identify new priorities and prioritize resources for prevention based on simulations.
And from a scientific point of view, ARCH marks a shift in perspective.
“Cybercrime is no longer just about stolen data—it’s about stolen confidence,” said Décary-Hétu.
“Each attack erodes trust in our institutions, weakens social resilience, and leaves psychological and economic scars that go far beyond the immediate loss,” he said.
“With the ARCH project, we are finally measuring what truly matters: the full spectrum of harm that cyberattacks inflict on individuals, organizations and society.”
Why Germany?
David Décary-Hétu’s focus on Germany began with a series of chance encounters: at conferences he attended as a specialist in cybercrime, the UdeM criminology professor found himself talking to representatives of the country’s Cyberagentur agency.
“One of the greatest challenges in cybercrime is the lack of reliable measurements of the harm it causes: sometimes they’re financial, other times psychological or reputational, and they can cascade, one after the other,” he remembers discussing with them.
“So cybercrime is very hard to quantify and communicate in a helpful way, and solving the problem will require real innovation. Speaking with the Germans at those conferences, it became clear they had the drive to tackle this issue, and now we’ll be able to do that.”
Décary-Hétu has long studied the impacts of technology on crime: how offenders use technology and also how law enforcement uses technology to monitor and catch them, if they can.
“Cyberagentur’s ARCH project fits perfectly with my field of research,” he said. “It’s great to have the opportunity to partner with such a respected organization, and I hope that our collaboration will yield new opportunities in the coming years.”
Click Here For The Original Source.
