online safety research papers

Youth Internet Safety: Risks, Responses, and Research Recommendations

• Download the paper
• Download the paper (Portuguese)
• Download the paper (Spanish)

Subscribe to the Center for Technology Innovation Newsletter

Adina farrukh , af adina farrukh rebecca sadwick , and rs rebecca sadwick john villasenor john villasenor nonresident senior fellow - governance studies , center for technology innovation @johndvillasenor.

October 21, 2014

As Internet use by children and teenagers increases, so do concerns about their online safety. Providing a safe environment requires an in-depth understanding of the types and prevalence of online risks young Internet users face, as well as the potential solutions for mitigating risks.

Despite the significant amount of research on these risks, improving child/youth Internet safety remains a challenge. In part, this is because definitions of terms and categories relevant to online safety (such as “cyberbullying”) often vary, making the comparison of statistics and findings among sources imprecise. In addition, there are complex overlaps among different online safety subtopics.

Overall, these factors can make identifying the specific gaps in existing research and knowledge difficult. If these gaps can be better identified and filled, a data-based understanding of issues facing youth could play a key role in driving policy decisions regarding online safety.

In this paper, Adina Farrukh, Rebecca Sadwick and John Villasenor provide:

• an overview of existing online safety research across a wide range of categories
• an analysis of major findings
• an identification of knowledge gaps, and
• a set of recommendations for specific areas of research that can further the policy dialog regarding online safety

Governance Studies

Center for Technology Innovation

Nicol Turner Lee, Jennifer Huddleston , Christopher Wood

January 29, 2024

Nicol Turner Lee, Stephen Balkam, Kara Sundby

November 20, 2023

Ariel Gelrud Shiro, Richard V. Reeves

August 26, 2021

• Research article
• Open access
• Published: 05 June 2013

Internet safety education for youth: stakeholder perspectives

• Megan A Moreno 1 , 4 ,
• Katie G Egan 2 ,
• Kaitlyn Bare 1 ,
• Henry N Young 3 &
• Elizabeth D Cox 1  

BMC Public Health volume  13 , Article number:  543 ( 2013 ) Cite this article

31k Accesses

28 Citations

1 Altmetric

Metrics details

Internet use is nearly ubiquitous among US youth; risks to internet use include cyberbullying, privacy violations and unwanted solicitation. Internet safety education may prevent these negative consequences; however, it is unclear at what age this education should begin and what group is responsible for teaching this topic.

Surveys were distributed to key stakeholders in youth safety education including public school teachers, clinicians, parents and adolescents. Surveys assessed age at which internet safety education should begin, as well as experiences teaching and learning internet safety. Surveys of adults assessed willingness to teach internet safety. Finally, participants were asked to identify a group whose primary responsibility it should be to teach internet safety.

A total of 356 participants completed the survey (93.4% response rate), including 77 teachers, 111 clinicians, 72 parents and 96 adolescents. Stakeholders felt the optimal mean age to begin teaching internet safety was 7.2 years (SD = 2.5), range 2-15. Internet safety was regularly taught by some teachers (20.8%), few clinicians (2.6%) and many parents (40.3%). The majority of teachers, clinicians and parents were willing to teach internet safety, but all groups surveyed identified parents as having primary responsibility for teaching this topic.

Conclusions

Findings suggest agreement among key stakeholders for teaching internet safety at a young age, and for identifying parents as primary teachers of this topic. Clinicians have a unique opportunity to support parents by providing resources, guidance and support.

Peer Review reports

While the internet has provided adolescents with numerous benefits, including increased social support, academic enrichment and worldwide cross-cultural interactions, there are concomitant risks to internet use [ 1 – 8 ]. The American Academy of Pediatrics’ (AAP) recent report on children’s social media use describes specific risks such as privacy violations and cyberbullying [ 9 ]. A previous study found that one-third of adolescents had given their internet password to friends and one-fourth were unaware that content uploaded online cannot be permanently deleted [ 1 ]. Cyberbullying, or internet harassment, impacts up to a third of youth and has been linked to a variety of health concerns, some as serious as suicidal ideation [ 10 – 15 ]. In addition, adolescents frequently display personal and identifiable information about themselves on the internet. These details may include their home location, revealing photographs, or descriptions of sexual behavior and substance use [ 16 – 18 ].

Internet safety is highly salient for today’s youth as they spend up to 10 hours a day using various forms of media [ 8 , 19 , 20 ]. The ever-increasing popularity of social media, including websites such as Facebook and Twitter, have contributed to youth’s time investment in the internet [ 7 ]. The vast majority of adolescents have internet access and most report daily use [ 21 , 22 ]. Several organizations, including the AAP, have offered expert advice regarding internet safety, but an evidence-based approach to educate youth about the dangers of being online does not currently exist [ 23 ]. Further, data to guide decisions about the age at which such education should begin, and who would have primary responsibility for teaching this topic are incomplete.

An ideal approach for teaching internet safety would likely involve a person or group who could reach most children in order to provide widespread dissemination of this knowledge. An ideal candidate would also have experience teaching about the internet or related safety issues, and be willing to invest in teaching this topic. Given that most US youth and adolescents attend public school, a first possibility is public school teachers. However, it is unclear at what grades and in which school subjects this material could be integrated into existing curricula. A second possibility is child health providers such as pediatricians or family medicine physicians. The AAP social media report argues that “pediatricians are in a unique position” to provide internet safety education [ 9 ]. Several resources exist to guide pediatricians in these discussions, but it is unclear whether pediatricians are comfortable in these discussions. Previous work has suggested that pediatrician’s performance of adolescent health behavior screening and prevention counseling regarding health risk behaviors is quite low [ 24 , 25 ]. A third potential candidate is the parent of the adolescent. While adults’ use of online media such as social networking sites continues to rise, data regarding parents’ comfort or experience with teaching internet safety remains elusive [ 26 ]. While all three groups undoubtedly should play a role in online safety education, it remains unclear which group is seen as holding primary responsibility among these stakeholders.

The purpose of this study was to investigate views of key stakeholders on internet safety education, including school teachers, clinicians who see children and adolescents, parents of adolescents, and adolescents themselves. Our goals were to investigate at what age internet safety education should begin, and to identify a primary candidate to teach this topic.

This study was conducted between July 1, 2009 and August 15, 2011 and received IRB approval from the University of Wisconsin Human Subjects Committee.

Setting and subjects

Participants in this study included public school teachers, health care providers who see children and adolescents, parents of adolescents, and adolescents themselves. School teachers were recruited from a summer continuing education conference within a public school district. This district includes 4 elementary schools, one middle and one high school. Inclusion criteria limited participants to teachers who taught kindergarten through 12 th grade within that public school district. Clinicians were recruited at a yearly regional continuing medical education conference; inclusion criteria limited participants to physicians (MDs and DOs), nurse practitioners (NPs), physician assistants (PAs), and nurses, all of whose practice included pediatric patients. Parents of adolescents were identified within a large general pediatric practice that includes 8 pediatric providers. Inclusion criteria for parents were that they had a child between the ages of 11 and 18 years. Adolescents (ages 11-18 years) were identified and recruited within this same large general pediatric practice. Most parents and teens were recruited as dyads. We did not exclude parents or teens who elected to participate in the study separately because we did not compare data between parents and teens.

Data collection and recruitment

In each recruitment setting, potentially eligible participants were approached by a research assistant. After explaining the study and obtaining consent, participants completed a paper survey. Survey respondents were provided a $5 gift card as compensation.

Survey design

The goals of the survey were to understand at what age internet safety education should begin, explore the experiences of adult participants in teaching online safety or the adolescents learning about this topic, and to identify a group who has primary responsibility for teaching this topic. Thus, we included all potential survey participants in the survey design process. Surveys were designed after a review of the literature and conversations with a panel of physicians, parents and researchers. Questions were pilot-tested first with a panel and then among teachers and adolescents. In the final survey items some words were modified to make the survey clear to all groups of participants. For example, among health care provider groups the question: “For how many years have you been in practice?” was changed for teacher groups to read: “For how many years have you been teaching?” All four surveys are included as Additional files 1 , 2 , 3 and 4 .

Data sources and variables

Participants provided demographic data including gender and age. Teachers were asked to disclose the grade levels they taught, subjects taught and years of teaching experience. Clinicians were asked to provide their training background (i.e. MD, NP), field of practice (Pediatrics, Family Practice) and years in practice. Parents provided their age, gender and the ages of their children. Adolescents were asked for their age, gender and grade in school.

Age to begin teaching internet safety

Teachers, clinicians, parents and adolescents were asked to provide at what age internet safety education should begin. An “other” option was presented for write-in answers.

Candidates to teach internet safety

In order to identify potential candidates to teach internet safety, participants were asked about previous experiences teaching or learning about internet safety. Then participants were asked for their own willingness to teach this subject and to identify an ideal primary candidate to teach this topic.

Experiences teaching internet safety

To describe experiences in providing internet safety education, teachers were asked how frequently they had ever taught internet safety education. Clinicians were asked how frequently they had ever counseled patients on this topic. Answer options included regularly, sometimes, never and never but plan to do so soon. Parents were asked about how frequently they talked with their child about internet safety: regularly, sometimes, never and never but plan to do so soon (Table  1 ).

Adolescents’ experiences learning about internet safety

Adolescents were asked ways in which they had learned about internet safety. A list of answer options was developed through review of the literature and the web and then piloted with several adolescents to ensure completeness. Answer options included learning from friends, siblings, parents, teachers and clinicians as well as learning by self-teaching. A write-in “other” option was also provided. Adolescents were allowed to choose all applicable answers from this list.

Willingness to teach internet safety

Teachers were asked whether or not they supported teaching internet safety education in public schools. Health care providers were asked whether or not they supported teaching internet safety education in provider offices (yes or no).

All groups, including teachers, clinicians, parents and adolescents were asked to select a candidate group whom they felt had primary responsibility for teaching internet safety to children and adolescents. Based on a review of current groups engaged in teaching this subject, answer options included churches, community groups, health care providers, law enforcement, parents and teachers. An “other” option was presented for write-in answers.

All statistical data analyses were conducted using STATA version 11.0 (Statacorp, College Station, TX). Descriptive statistics were calculated for survey responses. ANOVA was used to compare mean age to begin teaching between teachers, clinicians, parents and adolescents. Logistic regression was used to assess whether experience teaching internet safety was associated with years of career experience.

Participants

A total of 356 participants completed the survey (93.4% response rate), including 77 teachers, 111 clinicians, 72 parents and 96 adolescents. Teachers had an average of 14.8 (SD = 8.4) years of teaching experience. The subjects that teachers taught included: health, social studies, language arts/English, special education, health and technology/computer skills. Clinicians included 68 (61.3%) physicians, 16 (14.4%) nurse practitioners, 15 (13.5%) physician assistants and 8 (7.2%) nurses. Their practice background was mainly pediatrics (61.3%) and family practice (27.9%). Clinicians’ years of experience averaged 14.5 (SD = 10.1). Parents were 81% female. Adolescents were 62.5% female and had an average age of 15.1 (SD = 2.3). Please see Table  2 for further descriptive information.

The overall mean age at which stakeholders indicated for starting to teach internet safety was 7.2 years (SD = 2.5), range 2-15. Teachers reported that the average age at which internet safety should be taught was 6.9 years (SD = 2.1), while clinicians felt the average age to start teaching this topic should be 7.3 years (SD = 2.4). Parents felt that internet safety education should begin at age 6.6 years (SD = 2.3). There were no statistically significant differences between these groups regarding age to begin teaching internet safety (p = .2). Adolescents reported that internet safety education should begin at age 8.7 years (SD = 2.4). Please see Figure  1 for a summary of recommended ages to begin internet safety education.

Age to begin teaching internet safety to youth.

Among teachers, 16 (20.8%) reported currently teaching internet safety, 51 (66.2%) had never taught it, and 4 (7.8%) had never taught it but planned to soon. The number of years teaching was not significantly associated with the likelihood to have taught internet safety.

Among clinicians, 3.6% regularly and 55% sometimes counseled patients on internet safety. One-third of clinicians (33.3%) had never counseled or taught patients about internet safety and a few clinicians (8.1%) had no experience with this but planned to begin soon. The number of years in practice was not associated with the likelihood to have taught internet safety (p = .6).

All parents reported discussing online safety with their children either sometimes (58.3%) or regularly (40.3%).

Experiences learning internet safety

Adolescents were asked to identify ways in which they had learned about online safety. Adolescents were permitted to select all options that applied. Adolescents selected people including teachers (87.5%), parents (75%), friends (41.7%), siblings (27.1%) and clinicians (11.5%). Some adolescents indicated that they had learned internet safety by being self-taught (27.5%).

Teachers uniformly reported supporting online safety education in public schools (100%). Clinicians almost uniformly supported providing online safety education in clinicians’ offices (99.1%).

All groups selected parents as the primary candidate to teach internet safety. Among teachers, 97% ranked parents as their first choice candidate, and 3% ranked teachers as first choice. Among clinicians 97% ranked parents as first choice candidate, and 3% ranked teachers as first choice. Among parents, 96% ranked themselves as first choice candidate, and 4% ranked teachers as first choice. Among adolescents, there was more variety in answers. Most adolescents (74.7%) ranked parents as first choice candidate, 13.8% ranked teachers as first choice, 5.7% ranked law enforcement as first choice, 1.5% ranked community as first choice, 3% ranked churches as first choice and 3% wrote in answers of making a movie related to online safety and making a powerpoint regarding online safety.

The results of this study illustrate several key points regarding promoting safe internet use among youth. Findings suggest general agreement among key stakeholders for teaching internet safety at a young age, and for identifying parents as primary teachers of this topic.

First, our findings regarding the suggested age to begin teaching online safety may seem younger than expected. The suggested age range of 6 to 8 years identified by participants suggests that internet safety education could begin in early grade school, around 1 st or 2 nd grade. However, given our current society’s focus on technology, it is likely that children are being introduced to computers at ever-younger ages. Data from 2010 suggests that almost 20% of 8 to 10 year olds spend time on social networking sites daily, in the past three years it seems likely that this percentage has grown [ 20 ]. Timing safety education with the onset of internet use may allow for the concomitant development of computer skills and safety skills. As with many health teachings such as nutrition or sexual behavior, providing education to children before dangers can arise is a key strategy to help youth integrate these lessons into their lives and prevent negative consequences.

Second, our findings include a general agreement among key stakeholders that parents should hold the primary responsibility for internet safety education. These findings are supported by a recent study in which teachers felt that parents should have the primary role in teaching this topic [ 27 ]. Interestingly, we found that while parents all reported that they regularly or sometimes teach internet safety, only 75% of adolescents reported hearing from parents on this topic. These conflicting findings may be due to social desirability on the part of parents reporting their teaching efforts, or that teens may underreport their parents counseling efforts as they may not recognize parent attempts to discuss these difficult topics. Previous work has found a similar disconnect between parent and pediatrician reporting of counseling on risk behaviors [ 28 ].

Finally, our findings suggest that parents are willing teachers in providing internet safety education, and that many report some experience in this area. However, while parents may be candidates to guide their children’s digital lives, some parents may feel underprepared for the task of instructing their children who have grown up as “digital natives.” Thus, health care providers and public health educators may have an unique opportunity to support parents by providing resources, guidance and support. Pediatricians who see adolescent patients have the opportunity to serve an important and perhaps familiar role. As with many other topics of health supervision including safety, nutrition and fitness, parents are the primary source of education for their children. However, in many of these health topics, clinicians and health educators are trusted sources for parents on how to talk with their children about these issues. Some child health providers may feel untrained or unprepared to answer questions about internet safety or cyberbullying given that these are relatively recent health concerns about which much remains unknown. Pediatricians can use American Academy of Pediatrics guidelines to recommend parental supervision of internet activities, decreasing or eliminating isolated screen time (ie, moving the computer to a public space), and having open discussions about the potential dangers of electronic media [ 23 ]. Pediatricians and educators can also partner with schools or other community groups, such as law enforcement, to provide consistent and reinforced messages about internet safety.

Limitations to this study include the regional focus of our data collection. Our study aimed to draw representation of populations of teachers, clinicians, parents and adolescents within our region, the excellent response rates and distribution of participants within each category support that our results are generalizable within our region. However, there are other groups who may engage in teaching internet safety that were not included in this study such as churches and community groups. Second, it is notable that our study did not provide data on what methods would be best to provide internet safety education, this is a logical next step for future study. Third, we did not specify in the context of this study whether online safety should include additional technologies such as cell phones or texting. Fourth, data was collected by self-report, thus recall bias or overestimation of experience or willingness could have impacted our findings. Based on the varied stakeholders included in this study, there was some variation in data collected from each group.

Technology is now an integral part of life, and thus, part of the health of our patients. Our findings illustrate consensus around several groups with experience and investment in working with children and adolescents that parents should have primary responsibility for teaching internet safety. Our study highlights an opportunity for pediatricians to play a collaborative role with parents, patients and teachers to address the critical topics towards improving internet safety. Given the importance of this topic for today’s youth, it is likely that collaborative efforts are needed to provide consistent education about safety in the digital world.

Authors’ information

MM is an adolescent medicine physician who conducts research on the intersection of technology and health. KE is a medical student interested in pediatrics. KB studied consumer science and is interested in ways to improve internet safety education for youth. HY is a pharmacist and researcher with interest in provision of education to patients and parents. EC is a pediatrician and researcher interested in improving health systems and communication.

Joiner R, et al: Gender, Internet identification, and Internet anxiety: correlates of Internet use. Cyberpsychol Behav. 2005, 8 (4): 371-378. 10.1089/cpb.2005.8.371.

Article   PubMed   Google Scholar  

Anderson KJ: Internet use among college students: an exploratory study. J Am Coll Health. 2001, 50 (1): 21-26. 10.1080/07448480109595707.

Article   CAS   PubMed   Google Scholar  

Caplan SE: Preference for online social interaction - a theory of problematic Internet use and psychosocial well-being. Commun Res. 2003, 30 (6): 625-648. 10.1177/0093650203257842.

Article   Google Scholar  

Colley A, Maltby J: Impact of the Internet on our lives: male and female personal perspectives. Comput Hum Behav. 2008, 24 (5): 2005-2013. 10.1016/j.chb.2007.09.002.

Goold PC, Ward M, Carlin EM: Can the Internet be used to improve sexual health awareness in web-wise young people?. J Fam Plann Reprod Health Care. 2003, 29 (1): 28-30. 10.1783/147118903101196864.

Hunley SA, et al: Adolescent computer use and academic achievement. Adolescence. 2005, 40 (158): 307-318.

PubMed   Google Scholar  

Lenhart A, Madden M: Social Networking Sites and Teens: An Overview. 2007, Pew Internet and American Life Project, http://www.pewinternet.org/pdfs/PIP_SNS_Data_Memo_Jan_2007.pdf ,

Google Scholar  

Lenhart A, Madden M, Hitlin P: Teens and Technology: Youth are Leading the Transition to a Fully Wired and Mobile Nation. 2005, Pew Internet and American Life Project, http://www.pewinternet.org/pdfs/PIP_Teens_Tech_July2005web.pdf ,

O’Keeffe GS, et al: The impact of social media on children, adolescents, and families. Pediatrics. 2011, 127 (4): 800-804. 10.1542/peds.2011-0054.

Patchin JW, Hinduja S: Cyberbullying and self-esteem. J Sch Health. 2010, 80 (12): 614-621. 10.1111/j.1746-1561.2010.00548.x. quiz 622-4

Lenhart A: Cyberbullying and Online Teens. 2007, Pew Internet and American Life Project, http://www.pewinternet.org/pdfs/PIP%20Cyberbullying%20Memo.pdf ,

Ybarra ML, Espelage DL, Mitchell KJ: The co-occurrence of Internet harassment and unwanted sexual solicitation victimization and perpetration: associations with psychosocial indicators. J Adolesc Health. 2007, 41 (6 Suppl 1): S31-S41.

Perren S, et al: Bullying in school and cyberspace: associations with depressive symptoms in Swiss and Australian adolescents. Child Adolesc Psychiatry Ment Health. 2010, 4: 28-10.1186/1753-2000-4-28.

Article   PubMed   PubMed Central   Google Scholar  

Agatston PW, Kowalski R, Limber S: Students’ perspectives on cyber bullying. J Adolesc Health. 2007, 41 (6 Suppl 1): S59-S60.

Hinduja S, Patchin JW: Bullying, cyberbullying, and suicide. Arch Suicide Res. 2010, 14 (3): 206-221. 10.1080/13811118.2010.494133.

Hinduja S, Patchin JW: Personal information of adolescents on the Internet: A quantitative content analysis of MySpace. J Adolesc. 2008, 31 (1): 125-146. 10.1016/j.adolescence.2007.05.004.

Moreno MA, et al: Display of health risk behaviors on MySpace by adolescents: Prevalence and Associations. Arch Pediatr Adolesc Med. 2009, 163 (1): 35-41. 10.1001/archpediatrics.2008.502.

Back MD, et al: Facebook profiles reflect actual personality, not self-idealization. Psychol Sci. 2011, 21 (3): 372-374.

Jones S, et al: US College Students’ Internet Use: Race, Gender and Digital Divides. J Comput-Mediat Commun. 2009, 14 (2): 244-264. 10.1111/j.1083-6101.2009.01439.x.

Rideout VJ, Foehr UG, Roberts D: Generation M2: Media in the lives of 8 to 18 year olds. 2010, Menlo Park: Kaiser Family Foundation

Lenhart A, Purcell K, Smith A, Zickhur K: Social media and young adults. 2010, Washington, DC: Pew Internet and American Life Project

Sun P, et al: Internet accessibility and usage among urban adolescents in Southern California: implications for web-based health research. Cyberpsychol Behav. 2005, 8 (5): 441-453. 10.1089/cpb.2005.8.441.

AAP: Media and Children. 2013, Available from: http://www.aap.org/en-us/advocacy-and-policy/aap-health-initiatives/Pages/Media-and-Children.aspx

Halpern-Felsher BL, et al: Preventive services in a health maintenance organization: how well do pediatricians screen and educate adolescent patients?. Arch Pediatr Adolesc Med. 2000, 154 (2): 173-179. 10.1001/archpedi.154.2.173.

Mangione-Smith R, et al: The quality of ambulatory care delivered to children in the United States. N Engl J Med. 2007, 357 (15): 1515-1523. 10.1056/NEJMsa064637.

Lenhart A: Adults on Social Network Sites. 2009, Pew Internet and American Life Project, http://www.pewinternet.org/Infographics/Growth-in-Adult-SNS-Use-20052009.aspx ,

Zogby: The State of K-12 Cyberethics, Cybersafety and Cybersecurity Curriculum in the United States. 2011, The National Cyber Security Alliance, http://www.staysafeonline.org/download/…/2011_national_k12_study.pdf ,

Cheng TL, et al: Determinants of counseling in primary care pediatric practice: physician attitudes about time, money, and health issues. Arch Pediatr Adolesc Med. 1999, 153 (6): 629-635.

Pre-publication history

The pre-publication history for this paper can be accessed here: http://www.biomedcentral.com/1471-2458/13/543/prepub

Download references

Acknowledgments

This project was supported by Award Number K12HD055894 from the Eunice Kennedy Shriver National Institute of Child Health and Human Development. The funding organization had no role in the design, collection of data, analysis or interpretation on the data in this manuscript. The authors would like to acknowledge the contributions of Michael Swanson and Jay Farnsworth to this project.

Author information

Authors and affiliations.

School of Medicine and Public Health, University of Wisconsin, Madison, WI, USA

Megan A Moreno, Kaitlyn Bare & Elizabeth D Cox

School of Nursing, University of Wisconsin, Madison, WI, USA

Katie G Egan

School of Pharmacy, University of Wisconsin, Madison, WI, USA

Henry N Young

Seattle Childrens Research Institute, University of Washington, M/S CW8-6, PO Box 5371, Seattle, WA, 98145-5005, USA

Megan A Moreno

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Megan A Moreno .

Additional information

Competing interest.

The authors declare that they have no competing interest.

Authors’ contributions

MM conceived of the study, participated in its design and coordination, participated in analysis and wrote the manuscript. KE and KB participated in data collection and helped to draft the manuscript. HY and EC participated in analysis and helped to draft the manuscript. All authors read and approved the final manuscript.

Electronic supplementary material

Additional file 1: survey given to teachers.(doc 28 kb), additional file 2: survey given to clinicians.(doc 29 kb), additional file 3: survey given to parents.(doc 31 kb), additional file 4: survey given to adolescents.(doc 28 kb), authors’ original submitted files for images.

Below are the links to the authors’ original submitted files for images.

Authors’ original file for figure 1

Rights and permissions.

This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License ( http://creativecommons.org/licenses/by/2.0 ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Reprints and permissions

About this article

Cite this article.

Moreno, M.A., Egan, K.G., Bare, K. et al. Internet safety education for youth: stakeholder perspectives. BMC Public Health 13 , 543 (2013). https://doi.org/10.1186/1471-2458-13-543

Download citation

Received : 16 April 2012

Accepted : 17 May 2013

Published : 05 June 2013

DOI : https://doi.org/10.1186/1471-2458-13-543

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Internet safety
• Online safety
• Parent education
• Patient education
• Survey research

BMC Public Health

ISSN: 1471-2458

• General enquiries: [email protected]

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Front Public Health

Cyberbullying Among Adolescents and Children: A Comprehensive Review of the Global Situation, Risk Factors, and Preventive Measures

Chengyan zhu.

1 School of Political Science and Public Administration, Wuhan University, Wuhan, China

Shiqing Huang

2 School of Medicine and Health Management, Tongji Medical College, Huazhong University of Science and Technology, Wuhan, China

Richard Evans

3 College of Engineering, Design and Physical Sciences, Brunel University London, Uxbridge, United Kingdom

Associated Data

The original contributions presented in the study are included in the article/ Supplementary Material , further inquiries can be directed to the corresponding author/s.

Background: Cyberbullying is well-recognized as a severe public health issue which affects both adolescents and children. Most extant studies have focused on national and regional effects of cyberbullying, with few examining the global perspective of cyberbullying. This systematic review comprehensively examines the global situation, risk factors, and preventive measures taken worldwide to fight cyberbullying among adolescents and children.

Methods: A systematic review of available literature was completed following PRISMA guidelines using the search themes “cyberbullying” and “adolescent or children”; the time frame was from January 1st, 2015 to December 31st, 2019. Eight academic databases pertaining to public health, and communication and psychology were consulted, namely: Web of Science, Science Direct, PubMed, Google Scholar, ProQuest, Communication & Mass Media Complete, CINAHL, and PsycArticles. Additional records identified through other sources included the references of reviews and two websites, Cyberbullying Research Center and United Nations Children's Fund. A total of 63 studies out of 2070 were included in our final review focusing on cyberbullying prevalence and risk factors.

Results: The prevalence rates of cyberbullying preparation ranged from 6.0 to 46.3%, while the rates of cyberbullying victimization ranged from 13.99 to 57.5%, based on 63 references. Verbal violence was the most common type of cyberbullying. Fourteen risk factors and three protective factors were revealed in this study. At the personal level, variables associated with cyberbullying including age, gender, online behavior, race, health condition, past experience of victimization, and impulsiveness were reviewed as risk factors. Likewise, at the situational level, parent-child relationship, interpersonal relationships, and geographical location were also reviewed in relation to cyberbullying. As for protective factors, empathy and emotional intelligence, parent-child relationship, and school climate were frequently mentioned.

Conclusion: The prevalence rate of cyberbullying has increased significantly in the observed 5-year period, and it is imperative that researchers from low and middle income countries focus sufficient attention on cyberbullying of children and adolescents. Despite a lack of scientific intervention research on cyberbullying, the review also identified several promising strategies for its prevention from the perspectives of youths, parents and schools. More research on cyberbullying is needed, especially on the issue of cross-national cyberbullying. International cooperation, multi-pronged and systematic approaches are highly encouraged to deal with cyberbullying.

Introduction

Childhood and adolescence are not only periods of growth, but also of emerging risk taking. Young people during these periods are particularly vulnerable and cannot fully understand the connection between behaviors and consequences ( 1 ). With peer pressures, the heat of passion, children and adolescents usually perform worse than adults when people are required to maintain self-discipline to achieve good results in unfamiliar situations. Impulsiveness, sensation seeking, thrill seeking, and other individual differences cause adolescents to risk rejecting standardized risk interventions ( 2 ).

About one-third of Internet users in the world are children and adolescents under the age of 18 ( 3 ). Digital technology provide a new form of interpersonal communication ( 4 ). However, surveys and news reports also show another picture in the Internet Age. The dark side of young people's internet usage is that they may bully or suffer from others' bullying in cyberspace. This behavior is also acknowledged as cyberbullying ( 5 ). Based on Olweus's definition, cyberbullying is usually regarded as bullying implemented through electronic media ( 6 , 7 ). Specifically, cyberbullying among children and adolescents can be summarized as the intentional and repeated harm from one or more peers that occurs in cyberspace caused by the use of computers, smartphones and other devices ( 4 , 8 – 12 ). In recent years, new forms of cyberbullying behaviors have emerged, such as cyberstalking and online dating abuse ( 13 – 15 ).

Although cyberbullying is still a relatively new field of research, cyberbullying among adolescents is considered to be a serious public health issue that is closely related to adolescents' behavior, mental health and development ( 16 , 17 ). The increasing rate of Internet adoption worldwide and the popularity of social media platforms among the young people have worsened this situation with most children and adolescents experiencing cyberbullying or online victimization during their lives. The confines of space and time are alleviated for bullies in virtual environments, creating new venues for cyberbullying with no geographical boundaries ( 6 ). Cyberbullying exerts negative effects on many aspects of young people's lives, including personal privacy invasion and psychological disorders. The influence of cyberbullying may be worse than traditional bullying as perpetrators can act anonymously and connect easily with children and adolescents at any time ( 18 ). In comparison with traditional victims, those bullied online show greater levels of depression, anxiety and loneliness ( 19 ). Self-esteem problems and school absenteeism have also proven to be related to cyberbullying ( 20 ).

Due to changes in use and behavioral patterns among the youth on social media, the manifestations and risk factors of cyberbullying have faced significant transformation. Further, as the boundaries of cyberbullying are not limited by geography, cyberbullying may not be a problem contained within a single country. In this sense, cyberbullying is a global problem and tackling it requires greater international collaboration. The adverse effects caused by cyberbullying, including reduced safety, lower educational attainment, poorer mental health and greater unhappiness, led UNICEF to state that “no child is absolutely safe in the digital world” ( 3 ).

Extant research has examined the prevalence and risk factors of cyberbullying to unravel the complexity of cyberbullying across different countries and their corresponding causes. However, due to variations in cyberbullying measurement and methodologies, no consistent conclusions have been drawn ( 21 ). Studies into inconsistencies in prevalence rates of cyberbullying, measured in the same country during the same time period, occur frequently. Selkie et al. systematically reviewed cyberbullying among American middle and high school students aged 10–19 years old in 2015, and revealed that the prevalence of cyberbullying victimization ranged from 3 to 72%, while perpetration ranged from 1 to 41% ( 22 ). Risk and protective factors have also been broadly studied, but confirmation is still needed of those factors which have more significant effects on cyberbullying among young people. Clarification of these issues would be useful to allow further research to recognize cyberbullying more accurately.

This review aims to extend prior contributions and provide a comprehensive review of cyberbullying of children and adolescents from a global perspective, with the focus being on prevalence, associated risk factors and protective factors across countries. It is necessary to provide a global panorama based on research syntheses to fill the gaps in knowledge on this topic.

Search Strategies

This study strictly employed Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines. We consulted eight academic databases pertaining to public health, and communication and psychology, namely: Web of Science, Science Direct, PubMed, Google Scholar, ProQuest, Communication & Mass Media Complete, CINAHL, and PsycArticles. Additional records identified through other sources included the references of reviews and two websites, Cyberbullying Research Center and United Nations Children's Fund. With regard to the duration of our review, since most studies on cyberbullying arose around 2015 ( 9 , 21 ), this study highlights the complementary aspects of the available information about cyberbullying during the recent 5 year period from January 1st, 2015 to December 31st, 2019.

One researcher extracted keywords and two researchers proposed modifications. We used two sets of subject terms to review articles, “cyberbullying” and “child OR adolescent.” Some keywords that refer to cyberbullying behaviors and young people are also included, such as threat, harass, intimidate, abuse, insult, humiliate, condemn, isolate, embarrass, forgery, slander, flame, stalk, manhunt, as well as teen, youth, young people and student. The search formula is (cyberbullying OR cyber-bullying OR cyber-aggression OR ((cyber OR online OR electronic OR Internet) AND (bully * OR aggres * OR violence OR perpetrat * OR victim * OR threat * OR harass * OR intimidat * OR * OR insult * OR humiliate * OR condemn * OR isolate * OR embarrass * OR forgery OR slander * OR flame OR stalk * OR manhunt))) AND (adolescen * OR child OR children OR teen? OR teenager? OR youth? OR “young people” OR “elementary school student * ” OR “middle school student * ” OR “high school student * ”). The main search approach is title search. Search strategies varied according to the database consulted, and we did not limit the type of literature for inclusion. Journals, conference papers and dissertations are all available.

Specifically, the inclusion criteria for our study were as follows: (a). reported or evaluated the prevalence and possible risk factors associated with cyberbullying, (b). respondents were students under the age of 18 or in primary, junior or senior high schools, and (c). studies were written in English. Exclusion criteria were: (a). respondents came from specific groups, such as clinical samples, children with disabilities, sexual minorities, specific ethnic groups, specific faith groups or samples with cross-national background, (b). review studies, qualitative studies, conceptual studies, book reviews, news reports or abstracts of meetings, and (c). studies focused solely on preventive measures that were usually meta-analytic and qualitative in nature. Figure 1 presents the details of the employed screening process, showing that a total of 63 studies out of 2070 were included in our final review.

PRISMA flow chart diagram showing the process of study selection for inclusion in the systematic review on children and adolescents cyberbullying.

Meta-analysis was not conducted as the limited research published within the 5 years revealed little research which reported odds ratio. On the other hand, due to the inconsistency of concepts, measuring instruments and recall periods, considerable variation could be found in research quality ( 23 ). Meta-analysis is not a preferred method.

Coding Scheme

For coding, we created a comprehensive code scheme to include the characteristics. For cyberbullying, we coded five types proposed by Willard ( 24 – 26 ), which included verbal violence, group violence, visual violence, impersonating and account forgery, and other behaviors. Among them, verbal violence is considered one of the most common types of cyberbullying and refers to the behavior of offensive responses, insults, mocking, threats, slander, and harassment. Group violence is associated with preventing others from joining certain groups or isolating others, forcing others to leave the group. Visual violence relates to the release and sharing of embarrassing photos and information without the owners' consent. Impersonating and account forgery refers to identity theft, stealing passwords, violating accounts and the creation of fake accounts to fraudulently present the behavior of others. Other behaviors include disclosure of privacy, sexual harassment, and cyberstalking. To comprehensively examine cyberbullying, we coded cyberbullying behaviors from both the perspectives of cyberbullying perpetrators and victims, if mentioned in the studies.

In relation to risk factors, we drew insights from the general aggression model, which contributes to the understanding of personal and situational factors in the cyberbullying of children and adolescents. We chose the general aggression model because (a) it contains more situational factors than other models (e.g., social ecological models) - such as school climate ( 9 ), and (b) we believe that the general aggression model is more suitable for helping researchers conduct a systematic review of cyberbullying risk and protective factors. This model provides a comprehensive framework that integrates domain specific theories of aggression, and has been widely applied in cyberbullying research ( 27 ). For instance, Kowalski and colleagues proposed a cyberbullying encounter through the general aggression model to understand the formation and development process of youth cyberbullying related to both victimization and perpetration ( 9 ). Victims and perpetrators enter the cyberbullying encounter with various individual characteristics, experiences, attitudes, desires, personalities, and motives that intersect to determine the course of the interaction. Correspondingly, the antecedents pertaining to cyberbullying are divided into two broad categories, personal factors and situational factors. Personal factors refer to individual characteristics, such as gender, age, motivation, personality, psychological states, socioeconomic status and technology use, values and perceptions, and other maladaptive behaviors. Situational factors focus on the provocation/support, parental involvement, school climate, and perceived anonymity. Consequently, our coders related to risk factors consisting of personal factors and situational factors from the perspectives of both cyberbullying perpetrators and victims.

We extracted information relating to individual papers and sample characteristics, including authors, year of publication, country, article type, sampling procedures, sample characteristics, measures of cyberbullying, and prevalence and risk factors from both cyberbullying perpetration and victimization perspectives. The key words extraction and coding work were performed twice by two trained research assistants in health informatics. The consistency test results are as follows: the Kappa value with “personal factors” was 0.932, and the Kappa value with “situational factors” was 0.807. The result shows that the coding consistency was high enough and acceptable. Disagreements were resolved through discussion with other authors.

Quality Assessment of Studies

The quality assessment of the studies is based on the recommended tool for assessing risk of bias, Cochrane Collaboration. This quality assessment tool focused on seven items: random sequence generation, allocation concealment, blinding of participants and personnel, blinding of outcome assessment, incomplete outcome data, selective reporting, and other sources of bias ( 28 ). We assessed each item as “low risk,” “high risk,” and “unclear” for included studies. A study is considered of “high quality” when it meets three or more “low risk” requirements. When one or more main flaw of a study may affect the research results, the study is considered as “low quality.” When a lack of information leads to a difficult judgement, the quality is considered to be “unclear.” Please refer to Appendix 1 for more details.

This comprehensive systematic review comprised a total of 63 studies. Appendices 2 , 3 show the descriptive information of the studies included. Among them, 58 (92%) studies measured two or more cyberbullying behavior types. The sample sizes of the youths range from several hundred to tens of thousands, with one thousand to five thousand being the most common. As for study distribution, the United States of America, Spain and China were most frequently mentioned. Table 1 presents the detail.

Descriptive information of studies included (2015–2019).

Prevalence of Global Cyberbullying

Prevalence across countries.

Among the 63 studies included, 22 studies reported on cyberbullying prevalence and 20 studies reported on prevalence from victimization and perpetration perspectives, respectively. Among the 20 studies, 11 national studies indicated that the prevalence of cyberbullying victimization and cyberbullying perpetration ranged from 14.6 to 52.2% and 6.3 to 32%, respectively. These studies were conducted in the United States of America ( N = 4) ( 29 – 32 ), South Korea ( N = 3) ( 33 – 35 ), Singapore ( N = 1) ( 36 ), Malaysia ( N = 1) ( 37 ), Israel ( N = 1) ( 38 ), and Canada ( N = 1) ( 39 ). Only one of these 11 national studies is from an upper middle income country, and the rest are from highincome countries identified by the World Bank ( 40 ). By combining regional and community-level studies, the prevalence of cyberbullying victimization and cyberbullying perpetration ranged from 13.99 to 57.5% and 6.0 to 46.3%, respectively. Spain reported the highest prevalence of cyberbullying victimization (57.5%) ( 41 ), followed by Malaysia (52.2%) ( 37 ), Israel (45%) ( 42 ), and China (44.5%) ( 43 ). The lowest reported victim rates were observed in Canada (13.99%) and South Korea (14.6%) ( 34 , 39 ). The reported prevalence of cyberbullying victimization in the United States of America ranged from 15.5 to 31.4% ( 29 , 44 ), while in Israel, rates ranged from 30 to 45% ( 26 , 42 ). In China, rates ranged from 6 to 46.3% with the country showing the highest prevalence of cyberbullying perpetration (46.30%) ( 15 , 43 , 45 , 46 ). Canadian and South Korean studies reported the lowest prevalence of cyberbullying perpetration at 7.99 and 6.3%, respectively ( 34 , 39 ).

A total of 10 studies were assessed as high quality studies. Among them, six studies came from high income countries, including Canada, Germany, Italy, Portugal, and South Korea ( 13 , 34 , 39 , 46 – 48 ). Three studies were from upper middle income countries, including Malaysia and China ( 37 , 43 ) and one from a lower middle income country, Nigeria ( 49 ). Figures 2 , ​ ,3 3 describe the prevalence of cyberbullying victimization and perpetration respectively among high quality studies.

The prevalence of cyberbullying victimization of high quality studies.

The prevalence of cyberbullying perpetration of high quality studies.

Prevalence of Various Cyberbullying Behaviors

For the prevalence of cyberbullying victimization and perpetration, the data were reported in 18 and 14 studies, respectively. Figure 4 shows the distribution characteristics of the estimated value of prevalence of different cyberbullying behaviors with box plots. The longer the box, the greater the degree of variation of the numerical data and vice versa. The rate of victimization and crime of verbal violence, as well as the rate of victimization of other behaviors, such as cyberstalking and digital dating abuse, has a large degree of variation. Among the four specified types of cyberbullying behaviors, verbal violence was regarded as the most commonly reported behaviors in both perpetration and victimization rates, with a wide range of prevalence, ranging from 5 to 18%. Fewer studies reported the prevalence data for visual violence and group violence. Studies also showed that the prevalence of impersonation and account forgery were within a comparatively small scale. Specific results were as follows.

Cyberbullying prevalence across types (2015–2019).

Verbal Violence

A total of 13 studies reported verbal violence prevalence data ( 15 , 26 , 34 , 37 – 39 , 42 , 43 , 47 , 48 , 50 , 51 ). Ten studies reported the prevalence of verbal violence victimization ranging from 2.8 to 47.5%, while seven studies claimed perpetration prevalence ranging from 1.5 to 31.8%. Malaysia reported the highest prevalence of verbal violence victimization (47.5%) ( 37 ), followed by China (32%) ( 43 ). China reported that the prevalence of verbal violence victimization ranged from 5.1 to 32% ( 15 , 43 ). Israel reported that the prevalence of verbal violence victimization ranged from 3.4 to 18% ( 26 , 38 , 42 ). For perpetration rate, Malaysia reported the highest level at 31.8% ( 37 ), while a study for Spain reported the lowest, ranging from 3.2 to 6.4% ( 51 ).

Group Violence

The prevalence of group violence victimization was explored within 4 studies and ranged from 5 to 17.8% ( 26 , 34 , 42 , 43 ), while perpetration prevalence was reported in three studies, ranging from 10.1 to 19.07% ( 34 , 43 , 47 ). An Israeli study suggested that 9.8% of respondents had been excluded from the Internet, while 8.9% had been refused entry to a group or team ( 26 ). A study in South Korea argued that the perpetration prevalence of group violence was 10.1% ( 34 ), while a study in Italy reported that the rate of online group violence against others was 19.07% ( 47 ).

Visual Violence

The prevalence of visual violence victimization was explored within three studies and ranged from 2.6 to 12.1% ( 26 , 34 , 43 ), while the perpetration prevalence reported in four studies ranged from 1.7 to 6% ( 34 , 43 , 47 , 48 ). For victimization prevalence, a South Korean study found that 12.1% of respondents reported that their personal information was leaked online ( 34 ). An Israel study reported that the prevalence of outing the picture was 2.6% ( 26 ). For perpetration prevalence, a South Korean study found that 1.7% of respondents had reported that they had disclosed someone's personal information online ( 34 ). A German study reported that 6% of respondents had written a message (e.g., an email) to somebody using a fake identity ( 48 ).

Impersonating and Account Forgery

Four studies reported on the victimization prevalence of impersonating and account forgery, ranging from 1.1 to 10% ( 15 , 42 , 43 ), while five studies reported on perpetration prevalence, with the range being from 1.3 to 9.31% ( 15 , 43 , 47 , 48 , 51 ). In a Spanish study, 10% of respondents reported that their accounts had been infringed by others or that they could not access their account due to stolen passwords. In contrast, 4.5% of respondents reported that they had infringed other people's accounts or stolen passwords, with 2.5% stating that they had forged other people's accounts ( 51 ). An Israeli study reported that the prevalence of being impersonated was 7% ( 42 ), while in China, a study reported this to be 8.6% ( 43 ). Another study from China found that 1.1% of respondents had been impersonated to send dating-for-money messages ( 15 ).

Other Behaviors

The prevalence of disclosure of privacy, sexual harassment, and cyberstalking were also explored by scholars. Six studies reported the victimization prevalence of other cyberbullying behaviors ( 13 , 15 , 34 , 37 , 42 , 43 ), and four studies reported on perpetration prevalence ( 34 , 37 , 43 , 48 ). A study in China found that 1.2% of respondents reported that their privacy had been compromised without permission due to disputes ( 15 ). A study from China reported the prevalence of cyberstalking victimization was 11.9% ( 43 ), while a Portuguese study reported that this was 62% ( 13 ). In terms of perpetration prevalence, a Malaysian study reported 2.7% for sexual harassment ( 37 ).

Risk and Protective Factors of Cyberbullying

In terms of the risk factors associated with cyberbullying among children and adolescents, this comprehensive review highlighted both personal and situational factors. Personal factors referred to age, gender, online behavior, race, health conditions, past experiences of victimization, and impulsiveness, while situational factors consisted of parent-child relationship, interpersonal relationships, and geographical location. In addition, protective factors against cyberbullying included: empathy and emotional intelligence, parent-child relationship, and school climate. Table 2 shows the risk and protective factors for child and adolescent cyberbullying.

Risk and protective factors of cyberbullying among children and adolescents.

In terms of the risk factors associated with cyberbullying victimization at the personal level, many studies evidenced that females were more likely to be cyberbullied than males ( 13 , 26 , 29 , 38 , 43 , 52 , 54 , 55 , 58 ). Meanwhile, adolescents with mental health problems ( 61 ), such as depression ( 33 , 62 ), borderline personality disorder ( 63 ), eating disorders ( 41 ), sleep deprivation ( 56 ), and suicidal thoughts and suicide plans ( 64 ), were more likely to be associated with cyberbullying victimization. As for Internet usage, researchers agreed that youth victims were probably those that spent more time online than their counterparts ( 32 , 36 , 43 , 45 , 48 , 49 , 60 ). For situational risk factors, some studies have proven the relationship between cyberbullying victims and parental abuse, parental neglect, family dysfunction, inadequate monitoring, and parents' inconsistency in mediation, as well as communication issues ( 33 , 64 , 68 , 73 ). In terms of geographical location, some studies have reported that youths residing in city locations are more likely to be victims of cyberbullying than their peers from suburban areas ( 61 ).

Regarding the risk factors of cyberbullying perpetration at the personal level, it is generally believed that older teenagers, especially those aged over 15 years, are at greater risk of becoming cyberbullying perpetrators ( 55 , 67 ). When considering prior cyberbullying experiences, evidence showed that individuals who had experienced cyberbullying or face-to-face bullying tended to be aggressors in cyberbullying ( 35 , 42 , 49 , 51 , 55 ); in addition, the relationship between impulsiveness and cyberbullying perpetration was also explored by several pioneering scholars ( 55 , 72 , 80 ). The situational factors highlight the role of parents and teachers in cyberbullying experiences. For example, over-control and authoritarian parenting styles, as well as inharmonious teacher-student relationships ( 61 ) are perceived to lead to cyberbullying behaviors ( 74 , 75 ). In terms of differences in geographical locations, students residing in cities have a higher rate of online harassment than students living in more rural locations ( 49 ).

In terms of the protective factors in child and adolescent cyberbullying, scholars have focused on youths who have limited experiences of cyberbullying. At the personal level, high emotional intelligence, an ability for emotional self-control and empathy, such as cognitive empathy ability ( 44 , 55 ), were associated with lower rates of cyberbullying ( 57 ). At the situational level, a parent's role is seen as critical. For example, intimate parent-child relationships ( 46 ) and open active communication ( 19 ) were demonstrated to be related to lower experiences of cyberbullying and perpetration. Some scholars argued that parental supervision and monitoring of children's online activities can reduce their tendency to participate in some negative activities associated with cyberbullying ( 31 , 46 , 73 ). They further claimed that an authoritative parental style protects youths against cyberbullying ( 43 ). Conversely, another string of studies evidenced that parents' supervision of Internet usage was meaningless ( 45 ). In addition to conflicting roles of parental supervision, researchers have also looked into the role of schools, and posited that positive school climates contribute to less cyberbullying experiences ( 61 , 79 ).

Some risk factors may be protective factors under another condition. Some studies suggest that parental aggressive communication is related to severe cyberbullying victims, while open communication is a potential protective factor ( 19 ). Parental neglect, parental abuse, parental inconsistency in supervision of adolescents' online behavior, and family dysfunction are related to the direct or indirect harm of cyberbullying ( 33 , 68 ). Parental participation, a good parental-children relationship, communication and dialogue can enhance children's school adaptability and prevent cyberbullying behaviors ( 31 , 74 ). When parental monitoring reaches a balance between control and openness, it could become a protective factor against cyberbullying, and it could be a risk factor, if parental monitoring is too low or over-controlled ( 47 ).

Despite frequent discussion about the risk factors associated with cyberbullying among children and adolescents, some are still deemed controversial factors, such as age, race, gender, and the frequency of suffering on the internet. For cyberbullying victims, some studies claim that older teenagers are more vulnerable to cyberbullying ( 15 , 38 , 52 , 53 ), while other studies found conflicting results ( 26 , 33 ). As for student race, Alhajji et al. argued that non-white students were less likely to report cyberbullying ( 29 ), while Morin et al. observed no significant correlation between race and cyberbullying ( 52 ). For cyberbullying perpetration, Alvarez-Garcia found that gender differences may have indirect effects on cyberbullying perpetration ( 55 ), while others disagreed ( 42 , 61 , 68 – 70 ). Specifically, some studies revealed that males were more likely to become cyberbullying perpetrators ( 34 , 39 , 56 ), while Khurana et al. presented an opposite point of view, proposing that females were more likely to attack others ( 71 ). In terms of time spent on the Internet, some claimed that students who frequently surf the Internet had a higher chance of becoming perpetrators ( 49 ), while others stated that there was no clear and direct association between Internet usage and cyberbullying perpetration ( 55 ).

In addition to personal and situational factors, scholars have also explored other specific factors pertaining to cyberbullying risk and protection. For instance, mindfulness and depression were found to be significantly related to cyber perpetration ( 76 ), while eating disorder psychopathology in adolescents was associated with cyber victimization ( 41 ). For males who were familiar with their victims, such as family members, friends and acquaintances, they were more likely to be cyberstalking perpetrators than females or strangers, while pursuing desired closer relationships ( 13 ). In the school context, a lower social likability in class was identified as an indirect factor for cyberbullying ( 48 ).

This comprehensive review has established that the prevalence of global childhood and adolescent victimization from cyberbullying ranges from 13.99 to 57.5%, and that the perpetration prevalence ranges from 6.0 to 46.3%. Across the studies included in our research, verbal violence is observed as one of the most common acts of cyberbullying, including verbal offensive responses, insults, mocking, threats, slander, and harassment. The victimization prevalence of verbal violence is reported to be between 5 and 47.5%, and the perpetration prevalence is between 3.2 and 26.1%. Personal factors, such as gender, frequent use of social media platforms, depression, borderline personality disorder, eating disorders, sleep deprivation, and suicidal tendencies, were generally considered to be related to becoming a cyberbullying victim. Personal factors, such as high school students, past experiences, impulse, improperly controlled family education, poor teacher-student relationships, and the urban environment, were considered risk factors for cyberbullying perpetration. Situational factors, including parental abuse and neglect, improper monitoring, communication barriers between parents and children, as well as the urban environment, were also seen to potentially contribute to higher risks of both cyberbullying victimization and perpetration.

Increasing Prevalence of Global Cyberbullying With Changing Social Media Landscape and Measurement Alterations

This comprehensive review suggests that global cyberbullying rates, in terms of victimization and perpetration, were on the rise during the 5 year period, from 2015 to 2019. For example, in an earlier study conducted by Modecki et al. the average cyberbullying involvement rate was 15% ( 81 ). Similar observations were made by Hamm et al. who found that the median rates of youth having experienced bullying or who had bullied others online, was 23 and 15.2%, respectively ( 82 ). However, our systematic review summarized global children and adolescents cyberbullying in the last 5 years and revealed an average cyberbullying perpetration rate of 25.03%, ranging from 6.0 to 46.3%, while the average victimization was 33.08%, ranging from 13.99 to 57.5%. The underlying reason for increases may be attributed to the rapid changing landscape of social media and, in recent years, the drastic increase in Internet penetration rates. With the rise in Internet access, youths have greater opportunities to participate in online activities, provided by emerging social media platforms.

Although our review aims to provide a broader picture of cyberbullying, it is well-noted in extant research that difficulties exist in accurately estimating variations in prevalence in different countries ( 23 , 83 ). Many reasons exist to explain this. The first largely relates poor or unclear definition of the term cyberbullying; this hinders the determination of cyberbullying victimization and perpetration ( 84 ). Although traditional bullying behavior is well-defined, the definition cannot directly be applied to the virtual environment due to the complexity in changing online interactions. Without consensus on definitions, measurement and cyberbullying types may vary noticeably ( 83 , 85 ). Secondly, the estimation of prevalence of cyberbullying is heavily affected by research methods, such as recall period (lifetime, last year, last 6 months, last month, or last week etc.), demographic characteristics of the survey sample (age, gender, race, etc.), perspectives of cyberbullying experiences (victims, perpetrators, or both victim and perpetrator), and instruments (scales, study-specific questions) ( 23 , 84 , 86 ). The variety in research tools and instruments used to assess the prevalence of cyberbullying can cause confusion on this issue ( 84 ). Thirdly, variations in economic development, cultural backgrounds, human values, internet penetration rates, and frequency of using social media may lead to different conclusions across countries ( 87 ).

Acknowledging the Conflicting Role of the Identified Risk Factors With More Research Needed to Establish the Causality

Although this review has identified many personal and situational factors associated with cyberbullying, the majority of studies adopted a cross-sectional design and failed to reveal the causality ( 21 ). Nevertheless, knowledge on these correlational relationships provide valuable insights for understanding and preventing cyberbullying incidents. In terms of gender differences, females are believed to be at a higher risk of cyberbullying victimization compared to males. Two reasons may help to explain this. First, the preferred violence behaviors between two genders. females prefer indirect harassment, such as the spreading of rumors, while males tend toward direct bullying (e.g., assault) ( 29 ) and second, the cultural factors. From the traditional gender perspective, females tended to perceive a greater risk of communicating with others on the Internet, while males were more reluctant to express fear, vulnerability and insecurity when asked about their cyberbullying experiences ( 46 ). Females were more intolerant when experiencing cyberstalking and were more likely to report victimization experiences than males ( 13 ). Meanwhile, many researchers suggested that females are frequent users of emerging digital communication platforms, which increases their risk of unpleasant interpersonal contact and violence. From the perspective of cultural norms and masculinity, the reporting of cyberbullying is also widely acknowledged ( 37 ). For example, in addition, engaging in online activities is also regarded as a critical predictor for cyberbullying victimization. Enabled by the Internet, youths can easily find potential victims and start harassment at any time ( 49 ). Participating in online activities directly increases the chance of experiencing cyberbullying victimization and the possibility of becoming a victim ( 36 , 45 ). As for age, earlier involvement on social media and instant messaging tools may increase the chances of experiencing cyberbullying. For example, in Spain, these tools cannot be used without parental permission before the age of 14 ( 55 ). Besides, senior students were more likely to be more impulsive and less sympathetic. They may portray more aggressive and anti-social behaviors ( 55 , 72 ); hence senior students and students with higher impulsivity were usually more likely to become cyberbullying perpetrators.

Past experiences of victimization and family-related factors are another risk for cyberbullying crime. As for past experiences, one possible explanation is that young people who had experienced online or traditional school bullying may commit cyberbullying using e-mails, instant messages, and text messages for revenge, self-protection, or improving their social status ( 35 , 42 , 49 , 55 ). In becoming a cyberbullying perpetrator, the student may feel more powerful and superior, externalizing angry feelings and relieving the feelings of helplessness and sadness produced by past victimization experiences ( 51 ). As for family related factors, parenting styles are proven to be highly correlated to cyberbullying. In authoritative families, parents focus on rational behavioral control with clear rules and a high component of supervision and parental warmth, which have beneficial effects on children's lifestyles ( 43 ). Conversely, in indulgent families, children's behaviors are not heavily restricted and parents guide and encourage their children to adapt to society. The characteristics of this indulgent style, including parental support, positive communication, low imposition, and emotional expressiveness, possibly contribute to more parent-child trust and less misunderstanding ( 75 ). The protective role of warmth/affection and appropriate supervision, which are common features of authoritative or indulgent parenting styles, mitigate youth engagement in cyberbullying. On the contrary, authoritarian and neglectful styles, whether with excessive or insufficient control, are both proven to be risk factors for being a target of cyberbullying ( 33 , 76 ). In terms of geographical location, although several studies found that children residing in urban areas were more likely to be cyberbullying victims than those living in rural or suburban areas, we cannot draw a quick conclusion here, since whether this difference attributes to macro-level differences, such as community safety or socioeconomic status, or micro-level differences, such as teacher intervention in the classroom, courses provided, teacher-student ratio, is unclear across studies ( 61 ). An alternative explanation for this is the higher internet usage rate in urban areas ( 49 ).

Regarding health conditions, especially mental health, some scholars believe that young people with health problems are more likely to be identified as victims than people without health problems. They perceive health condition as a risk factor for cyberbullying ( 61 , 63 ). On the other hand, another group of scholars believe that cyberbullying has an important impact on the mental health of adolescents which can cause psychological distress consequences, such as post-traumatic stress mental disorder, depression, suicidal ideation, and drug abuse ( 70 , 87 ). It is highly possible that mental health could be risk factors, consequences of cyberbullying or both. Mental health cannot be used as standards, requirements, or decisive responses in cyberbullying research ( 13 ).

The Joint Effort Between Youth, Parents, Schools, and Communities to Form a Cyberbullying-Free Environment

This comprehensive review suggests that protecting children and adolescents from cyberbullying requires joint efforts between individuals, parents, schools, and communities, to form a cyberbullying-free environment. For individuals, young people are expected to improve their digital technology capabilities, especially in the use of social media platforms and instant messaging tools ( 55 ). To reduce the number of cyberbullying perpetrators, it is necessary to cultivate emotional self-regulation ability through appropriate emotional management training. Moreover, teachers, counselors, and parents are required to be armed with sufficient knowledge of emotional management and to develop emotional management capabilities and skills. In this way, they can be alert to the aggressive or angry emotions expressed by young people, and help them mediate any negative emotions ( 45 ), and avoid further anti-social behaviors ( 57 ).

For parents, styles of parenting involving a high level of parental involvement, care and support, are desirable in reducing the possibility of children's engagement in cyberbullying ( 74 , 75 ). If difficulties are encountered, open communication can contribute to enhancing the sense of security ( 73 ). In this vein, parents should be aware of the importance of caring, communicating and supervising their children, and participate actively in their children's lives ( 71 ). In order to keep a balance between control and openness ( 47 ), parents can engage in unbiased open communication with their children, and reach an agreement on the usage of computers and smart phones ( 34 , 35 , 55 ). Similarly, it is of vital importance to establish a positive communication channel with children ( 19 ).

For schools, a higher priority is needed to create a safe and positive campus environment, providing students with learning opportunities and ensuring that every student is treated equally. With a youth-friendly environment, students are able to focus more on their academic performance and develop a strong sense of belonging to the school ( 79 ). For countries recognizing collectivist cultural values, such as China and India, emphasizing peer attachment and a sense of collectivism can reduce the risk of cyberbullying perpetration and victimization ( 78 ). Besides, schools can cooperate with mental health agencies and neighboring communities to develop preventive programs, such as extracurricular activities and training ( 44 , 53 , 62 ). Specifically, school-based preventive measures against cyberbullying are expected to be sensitive to the characteristics of young people at different ages, and the intersection of race and school diversity ( 29 , 76 ). It is recommended that school policies that aim to embrace diversity and embody mutual respect among students are created ( 26 ). Considering the high prevalence of cyberbullying and a series of serious consequences, it is suggested that intervention against cyberbullying starts from an early stage, at about 10 years old ( 54 ). Schools can organize seminars to strengthen communication between teachers and students so that they can better understand the needs of students ( 61 ). In addition, schools should encourage cyberbullying victims to seek help and provide students with opportunities to report cyberbullying behaviors, such as creating online anonymous calls.

Conclusions and Limitations

The comprehensive study has reviewed related research on children and adolescents cyberbullying across different countries and regions, providing a positive understanding of the current situation of cyberbullying. The number of studies on cyberbullying has surged in the last 5 years, especially those related to risk factors and protective factors of cyberbullying. However, research on effective prevention is insufficient and evaluation of policy tools for cyberbullying intervention is a nascent research field. Our comprehensive review concludes with possible strategies for cyberbullying prevention, including personal emotion management, digital ability training, policy applicability, and interpersonal skills. We highlight the important role of parental control in cyberbullying prevention. As for the role of parental control, it depends on whether children believe their parents are capable of adequately supporting them, rather than simply interfering in their lives, restricting their online behavior, and controlling or removing their devices ( 50 ). In general, cyberbullying is on the rise, with the effectiveness of interventions to meet this problem still requiring further development and exploration ( 83 ).

Considering the overlaps between cyberbullying and traditional offline bullying, future research can explore the unique risk and protective factors that are distinguishable from traditional bullying ( 86 ). To further reveal the variations, researchers can compare the outcomes of interventions conducted in cyberbullying and traditional bullying preventions simultaneously, and the same interventions only targeting cyberbullying ( 88 ). In addition, cyberbullying also reflects a series of other social issues, such as personal privacy and security, public opinion monitoring, multinational perpetration and group crimes. To address this problem, efforts from multiple disciplines and novel analytical methods in the digital era are required. As the Internet provides enormous opportunities to connect young people from all over the world, cyberbullying perpetrators may come from transnational networks. Hence, cyberbullying of children and adolescents, involving multiple countries, is worth further attention.

Our study has several limitations. First, national representative studies are scarce, while few studies from middle and low income countries were included in our research due to language restrictions. Many of the studies included were conducted in schools, communities, provinces, and cities in high income countries. Meanwhile, our review only focused on victimization and perpetration. Future studies should consider more perspectives, such as bystanders and those with the dual identity of victim/perpetrator, to comprehensively analyze the risk and protective factors of cyberbullying.

Data Availability Statement

Author contributions.

SH, CZ, RE, and WZ conceived the study and developed the design. WZ analyzed the result and supervised the study. CZ and SH wrote the first draft. All authors contributed to the article and approved the submitted version.

Conflict of Interest

The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Supplementary Material

The Supplementary Material for this article can be found online at: https://www.frontiersin.org/articles/10.3389/fpubh.2021.634909/full#supplementary-material

Cyber risk and cybersecurity: a systematic review of data availability

• Open access
• Published: 17 February 2022
• Volume 47 , pages 698–736, ( 2022 )

Cite this article

You have full access to this open access article

• Frank Cremer 1 ,
• Barry Sheehan   ORCID: orcid.org/0000-0003-4592-7558 1 ,
• Michael Fortmann 2 ,
• Arash N. Kia 1 ,
• Martin Mullins 1 ,
• Finbarr Murphy 1 &
• Stefan Materne 2  

68k Accesses

67 Citations

42 Altmetric

Explore all metrics

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

Similar content being viewed by others

Systematic Review: Cybersecurity Risk Taxonomy

A Survey of Cybersecurity Risk Management Frameworks

Cybersecurity Risk Management Frameworks in the Oil and Gas Sector: A Systematic Literature Review

Avoid common mistakes on your manuscript.

Introduction

Globalisation, digitalisation and smart technologies have escalated the propensity and severity of cybercrime. Whilst it is an emerging field of research and industry, the importance of robust cybersecurity defence systems has been highlighted at the corporate, national and supranational levels. The impacts of inadequate cybersecurity are estimated to have cost the global economy USD 945 billion in 2020 (Maleks Smith et al. 2020 ). Cyber vulnerabilities pose significant corporate risks, including business interruption, breach of privacy and financial losses (Sheehan et al. 2019 ). Despite the increasing relevance for the international economy, the availability of data on cyber risks remains limited. The reasons for this are many. Firstly, it is an emerging and evolving risk; therefore, historical data sources are limited (Biener et al. 2015 ). It could also be due to the fact that, in general, institutions that have been hacked do not publish the incidents (Eling and Schnell 2016 ). The lack of data poses challenges for many areas, such as research, risk management and cybersecurity (Falco et al. 2019 ). The importance of this topic is demonstrated by the announcement of the European Council in April 2021 that a centre of excellence for cybersecurity will be established to pool investments in research, technology and industrial development. The goal of this centre is to increase the security of the internet and other critical network and information systems (European Council 2021 ).

This research takes a risk management perspective, focusing on cyber risk and considering the role of cybersecurity and cyber insurance in risk mitigation and risk transfer. The study reviews the existing literature and open data sources related to cybersecurity and cyber risk. This is the first systematic review of data availability in the general context of cyber risk and cybersecurity. By identifying and critically analysing the available datasets, this paper supports the research community by aggregating, summarising and categorising all available open datasets. In addition, further information on datasets is attached to provide deeper insights and support stakeholders engaged in cyber risk control and cybersecurity. Finally, this research paper highlights the need for open access to cyber-specific data, without price or permission barriers.

The identified open data can support cyber insurers in their efforts on sustainable product development. To date, traditional risk assessment methods have been untenable for insurance companies due to the absence of historical claims data (Sheehan et al. 2021 ). These high levels of uncertainty mean that cyber insurers are more inclined to overprice cyber risk cover (Kshetri 2018 ). Combining external data with insurance portfolio data therefore seems to be essential to improve the evaluation of the risk and thus lead to risk-adjusted pricing (Bessy-Roland et al. 2021 ). This argument is also supported by the fact that some re/insurers reported that they are working to improve their cyber pricing models (e.g. by creating or purchasing databases from external providers) (EIOPA 2018 ). Figure  1 provides an overview of pricing tools and factors considered in the estimation of cyber insurance based on the findings of EIOPA ( 2018 ) and the research of Romanosky et al. ( 2019 ). The term cyber risk refers to all cyber risks and their potential impact.

An overview of the current cyber insurance informational and methodological landscape, adapted from EIOPA ( 2018 ) and Romanosky et al. ( 2019 )

Besides the advantage of risk-adjusted pricing, the availability of open datasets helps companies benchmark their internal cyber posture and cybersecurity measures. The research can also help to improve risk awareness and corporate behaviour. Many companies still underestimate their cyber risk (Leong and Chen 2020 ). For policymakers, this research offers starting points for a comprehensive recording of cyber risks. Although in many countries, companies are obliged to report data breaches to the respective supervisory authority, this information is usually not accessible to the research community. Furthermore, the economic impact of these breaches is usually unclear.

As well as the cyber risk management community, this research also supports cybersecurity stakeholders. Researchers are provided with an up-to-date, peer-reviewed literature of available datasets showing where these datasets have been used. For example, this includes datasets that have been used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems. This reduces a time-consuming search for suitable datasets and ensures a comprehensive review of those available. Through the dataset descriptions, researchers and industry stakeholders can compare and select the most suitable datasets for their purposes. In addition, it is possible to combine the datasets from one source in the context of cybersecurity or cyber risk. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks.

Cyber risks are defined as “operational risks to information and technology assets that have consequences affecting the confidentiality, availability, and/or integrity of information or information systems” (Cebula et al. 2014 ). Prominent cyber risk events include data breaches and cyberattacks (Agrafiotis et al. 2018 ). The increasing exposure and potential impact of cyber risk have been highlighted in recent industry reports (e.g. Allianz 2021 ; World Economic Forum 2020 ). Cyberattacks on critical infrastructures are ranked 5th in the World Economic Forum's Global Risk Report. Ransomware, malware and distributed denial-of-service (DDoS) are examples of the evolving modes of a cyberattack. One example is the ransomware attack on the Colonial Pipeline, which shut down the 5500 mile pipeline system that delivers 2.5 million barrels of fuel per day and critical liquid fuel infrastructure from oil refineries to states along the U.S. East Coast (Brower and McCormick 2021 ). These and other cyber incidents have led the U.S. to strengthen its cybersecurity and introduce, among other things, a public body to analyse major cyber incidents and make recommendations to prevent a recurrence (Murphey 2021a ). Another example of the scope of cyberattacks is the ransomware NotPetya in 2017. The damage amounted to USD 10 billion, as the ransomware exploited a vulnerability in the windows system, allowing it to spread independently worldwide in the network (GAO 2021 ). In the same year, the ransomware WannaCry was launched by cybercriminals. The cyberattack on Windows software took user data hostage in exchange for Bitcoin cryptocurrency (Smart 2018 ). The victims included the National Health Service in Great Britain. As a result, ambulances were redirected to other hospitals because of information technology (IT) systems failing, leaving people in need of urgent assistance waiting. It has been estimated that 19,000 cancelled treatment appointments resulted from losses of GBP 92 million (Field 2018 ). Throughout the COVID-19 pandemic, ransomware attacks increased significantly, as working from home arrangements increased vulnerability (Murphey 2021b ).

Besides cyberattacks, data breaches can also cause high costs. Under the General Data Protection Regulation (GDPR), companies are obliged to protect personal data and safeguard the data protection rights of all individuals in the EU area. The GDPR allows data protection authorities in each country to impose sanctions and fines on organisations they find in breach. “For data breaches, the maximum fine can be €20 million or 4% of global turnover, whichever is higher” (GDPR.EU 2021 ). Data breaches often involve a large amount of sensitive data that has been accessed, unauthorised, by external parties, and are therefore considered important for information security due to their far-reaching impact (Goode et al. 2017 ). A data breach is defined as a “security incident in which sensitive, protected, or confidential data are copied, transmitted, viewed, stolen, or used by an unauthorized individual” (Freeha et al. 2021 ). Depending on the amount of data, the extent of the damage caused by a data breach can be significant, with the average cost being USD 392 million Footnote 1 (IBM Security 2020 ).

This research paper reviews the existing literature and open data sources related to cybersecurity and cyber risk, focusing on the datasets used to improve academic understanding and advance the current state-of-the-art in cybersecurity. Furthermore, important information about the available datasets is presented (e.g. use cases), and a plea is made for open data and the standardisation of cyber risk data for academic comparability and replication. The remainder of the paper is structured as follows. The next section describes the related work regarding cybersecurity and cyber risks. The third section outlines the review method used in this work and the process. The fourth section details the results of the identified literature. Further discussion is presented in the penultimate section and the final section concludes.

Related work

Due to the significance of cyber risks, several literature reviews have been conducted in this field. Eling ( 2020 ) reviewed the existing academic literature on the topic of cyber risk and cyber insurance from an economic perspective. A total of 217 papers with the term ‘cyber risk’ were identified and classified in different categories. As a result, open research questions are identified, showing that research on cyber risks is still in its infancy because of their dynamic and emerging nature. Furthermore, the author highlights that particular focus should be placed on the exchange of information between public and private actors. An improved information flow could help to measure the risk more accurately and thus make cyber risks more insurable and help risk managers to determine the right level of cyber risk for their company. In the context of cyber insurance data, Romanosky et al. ( 2019 ) analysed the underwriting process for cyber insurance and revealed how cyber insurers understand and assess cyber risks. For this research, they examined 235 American cyber insurance policies that were publicly available and looked at three components (coverage, application questionnaires and pricing). The authors state in their findings that many of the insurers used very simple, flat-rate pricing (based on a single calculation of expected loss), while others used more parameters such as the asset value of the company (or company revenue) or standard insurance metrics (e.g. deductible, limits), and the industry in the calculation. This is in keeping with Eling ( 2020 ), who states that an increased amount of data could help to make cyber risk more accurately measured and thus more insurable. Similar research on cyber insurance and data was conducted by Nurse et al. ( 2020 ). The authors examined cyber insurance practitioners' perceptions and the challenges they face in collecting and using data. In addition, gaps were identified during the research where further data is needed. The authors concluded that cyber insurance is still in its infancy, and there are still several unanswered questions (for example, cyber valuation, risk calculation and recovery). They also pointed out that a better understanding of data collection and use in cyber insurance would be invaluable for future research and practice. Bessy-Roland et al. ( 2021 ) come to a similar conclusion. They proposed a multivariate Hawkes framework to model and predict the frequency of cyberattacks. They used a public dataset with characteristics of data breaches affecting the U.S. industry. In the conclusion, the authors make the argument that an insurer has a better knowledge of cyber losses, but that it is based on a small dataset and therefore combination with external data sources seems essential to improve the assessment of cyber risks.

Several systematic reviews have been published in the area of cybersecurity (Kruse et al. 2017 ; Lee et al. 2020 ; Loukas et al. 2013 ; Ulven and Wangen 2021 ). In these papers, the authors concentrated on a specific area or sector in the context of cybersecurity. This paper adds to this extant literature by focusing on data availability and its importance to risk management and insurance stakeholders. With a priority on healthcare and cybersecurity, Kruse et al. ( 2017 ) conducted a systematic literature review. The authors identified 472 articles with the keywords ‘cybersecurity and healthcare’ or ‘ransomware’ in the databases Cumulative Index of Nursing and Allied Health Literature, PubMed and Proquest. Articles were eligible for this review if they satisfied three criteria: (1) they were published between 2006 and 2016, (2) the full-text version of the article was available, and (3) the publication is a peer-reviewed or scholarly journal. The authors found that technological development and federal policies (in the U.S.) are the main factors exposing the health sector to cyber risks. Loukas et al. ( 2013 ) conducted a review with a focus on cyber risks and cybersecurity in emergency management. The authors provided an overview of cyber risks in communication, sensor, information management and vehicle technologies used in emergency management and showed areas for which there is still no solution in the literature. Similarly, Ulven and Wangen ( 2021 ) reviewed the literature on cybersecurity risks in higher education institutions. For the literature review, the authors used the keywords ‘cyber’, ‘information threats’ or ‘vulnerability’ in connection with the terms ‘higher education, ‘university’ or ‘academia’. A similar literature review with a focus on Internet of Things (IoT) cybersecurity was conducted by Lee et al. ( 2020 ). The review revealed that qualitative approaches focus on high-level frameworks, and quantitative approaches to cybersecurity risk management focus on risk assessment and quantification of cyberattacks and impacts. In addition, the findings presented a four-step IoT cyber risk management framework that identifies, quantifies and prioritises cyber risks.

Datasets are an essential part of cybersecurity research, underlined by the following works. Ilhan Firat et al. ( 2021 ) examined various cybersecurity datasets in detail. The study was motivated by the fact that with the proliferation of the internet and smart technologies, the mode of cyberattacks is also evolving. However, in order to prevent such attacks, they must first be detected; the dissemination and further development of cybersecurity datasets is therefore critical. In their work, the authors observed studies of datasets used in intrusion detection systems. Khraisat et al. ( 2019 ) also identified a need for new datasets in the context of cybersecurity. The researchers presented a taxonomy of current intrusion detection systems, a comprehensive review of notable recent work, and an overview of the datasets commonly used for assessment purposes. In their conclusion, the authors noted that new datasets are needed because most machine-learning techniques are trained and evaluated on the knowledge of old datasets. These datasets do not contain new and comprehensive information and are partly derived from datasets from 1999. The authors noted that the core of this issue is the availability of new public datasets as well as their quality. The availability of data, how it is used, created and shared was also investigated by Zheng et al. ( 2018 ). The researchers analysed 965 cybersecurity research papers published between 2012 and 2016. They created a taxonomy of the types of data that are created and shared and then analysed the data collected via datasets. The researchers concluded that while datasets are recognised as valuable for cybersecurity research, the proportion of publicly available datasets is limited.

The main contributions of this review and what differentiates it from previous studies can be summarised as follows. First, as far as we can tell, it is the first work to summarise all available datasets on cyber risk and cybersecurity in the context of a systematic review and present them to the scientific community and cyber insurance and cybersecurity stakeholders. Second, we investigated, analysed, and made available the datasets to support efficient and timely progress in cyber risk research. And third, we enable comparability of datasets so that the appropriate dataset can be selected depending on the research area.

Methodology

Process and eligibility criteria.

The structure of this systematic review is inspired by the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework (Page et al. 2021 ), and the search was conducted from 3 to 10 May 2021. Due to the continuous development of cyber risks and their countermeasures, only articles published in the last 10 years were considered. In addition, only articles published in peer-reviewed journals written in English were included. As a final criterion, only articles that make use of one or more cybersecurity or cyber risk datasets met the inclusion criteria. Specifically, these studies presented new or existing datasets, used them for methods, or used them to verify new results, as well as analysed them in an economic context and pointed out their effects. The criterion was fulfilled if it was clearly stated in the abstract that one or more datasets were used. A detailed explanation of this selection criterion can be found in the ‘Study selection’ section.

Information sources

In order to cover a complete spectrum of literature, various databases were queried to collect relevant literature on the topic of cybersecurity and cyber risks. Due to the spread of related articles across multiple databases, the literature search was limited to the following four databases for simplicity: IEEE Xplore, Scopus, SpringerLink and Web of Science. This is similar to other literature reviews addressing cyber risks or cybersecurity, including Sardi et al. ( 2021 ), Franke and Brynielsson ( 2014 ), Lagerström (2019), Eling and Schnell ( 2016 ) and Eling ( 2020 ). In this paper, all databases used in the aforementioned works were considered. However, only two studies also used all the databases listed. The IEEE Xplore database contains electrical engineering, computer science, and electronics work from over 200 journals and three million conference papers (IEEE 2021 ). Scopus includes 23,400 peer-reviewed journals from more than 5000 international publishers in the areas of science, engineering, medicine, social sciences and humanities (Scopus 2021 ). SpringerLink contains 3742 journals and indexes over 10 million scientific documents (SpringerLink 2021 ). Finally, Web of Science indexes over 9200 journals in different scientific disciplines (Science 2021 ).

A search string was created and applied to all databases. To make the search efficient and reproducible, the following search string with Boolean operator was used in all databases: cybersecurity OR cyber risk AND dataset OR database. To ensure uniformity of the search across all databases, some adjustments had to be made for the respective search engines. In Scopus, for example, the Advanced Search was used, and the field code ‘Title-ABS-KEY’ was integrated into the search string. For IEEE Xplore, the search was carried out with the Search String in the Command Search and ‘All Metadata’. In the Web of Science database, the Advanced Search was used. The special feature of this search was that it had to be carried out in individual steps. The first search was carried out with the terms cybersecurity OR cyber risk with the field tag Topic (T.S. =) and the second search with dataset OR database. Subsequently, these searches were combined, which then delivered the searched articles for review. For SpringerLink, the search string was used in the Advanced Search under the category ‘Find the resources with all of the words’. After conducting this search string, 5219 studies could be found. According to the eligibility criteria (period, language and only scientific journals), 1581 studies were identified in the databases:

Scopus: 135

Springer Link: 548

Web of Science: 534

An overview of the process is given in Fig.  2 . Combined with the results from the four databases, 854 articles without duplicates were identified.

Literature search process and categorisation of the studies

Study selection

In the final step of the selection process, the articles were screened for relevance. Due to a large number of results, the abstracts were analysed in the first step of the process. The aim was to determine whether the article was relevant for the systematic review. An article fulfilled the criterion if it was recognisable in the abstract that it had made a contribution to datasets or databases with regard to cyber risks or cybersecurity. Specifically, the criterion was considered to be met if the abstract used datasets that address the causes or impacts of cyber risks, and measures in the area of cybersecurity. In this process, the number of articles was reduced to 288. The articles were then read in their entirety, and an expert panel of six people decided whether they should be used. This led to a final number of 255 articles. The years in which the articles were published and the exact number can be seen in Fig.  3 .

Distribution of studies

Data collection process and synthesis of the results

For the data collection process, various data were extracted from the studies, including the names of the respective creators, the name of the dataset or database and the corresponding reference. It was also determined where the data came from. In the context of accessibility, it was determined whether access is free, controlled, available for purchase or not available. It was also determined when the datasets were created and the time period referenced. The application type and domain characteristics of the datasets were identified.

This section analyses the results of the systematic literature review. The previously identified studies are divided into three categories: datasets on the causes of cyber risks, datasets on the effects of cyber risks and datasets on cybersecurity. The classification is based on the intended use of the studies. This system of classification makes it easier for stakeholders to find the appropriate datasets. The categories are evaluated individually. Although complete information is available for a large proportion of datasets, this is not true for all of them. Accordingly, the abbreviation N/A has been inserted in the respective characters to indicate that this information could not be determined by the time of submission. The term ‘use cases in the literature’ in the following and supplementary tables refers to the application areas in which the corresponding datasets were used in the literature. The areas listed there refer to the topic area on which the researchers conducted their research. Since some datasets were used interdisciplinarily, the listed use cases in the literature are correspondingly longer. Before discussing each category in the next sections, Fig.  4 provides an overview of the number of datasets found and their year of creation. Figure  5 then shows the relationship between studies and datasets in the period under consideration. Figure  6 shows the distribution of studies, their use of datasets and their creation date. The number of datasets used is higher than the number of studies because the studies often used several datasets (Table 1 ).

Distribution of dataset results

Correlation between the studies and the datasets

Distribution of studies and their use of datasets

Most of the datasets are generated in the U.S. (up to 58.2%). Canada and Australia rank next, with 11.3% and 5% of all the reviewed datasets, respectively.

Additionally, to create value for the datasets for the cyber insurance industry, an assessment of the applicability of each dataset has been provided for cyber insurers. This ‘Use Case Assessment’ includes the use of the data in the context of different analyses, calculation of cyber insurance premiums, and use of the information for the design of cyber insurance contracts or for additional customer services. To reasonably account for the transition of direct hyperlinks in the future, references were directed to the main websites for longevity (nearest resource point). In addition, the links to the main pages contain further information on the datasets and different versions related to the operating systems. The references were chosen in such a way that practitioners get the best overview of the respective datasets.

Case datasets

This section presents selected articles that use the datasets to analyse the causes of cyber risks. The datasets help identify emerging trends and allow pattern discovery in cyber risks. This information gives cybersecurity experts and cyber insurers the data to make better predictions and take appropriate action. For example, if certain vulnerabilities are not adequately protected, cyber insurers will demand a risk surcharge leading to an improvement in the risk-adjusted premium. Due to the capricious nature of cyber risks, existing data must be supplemented with new data sources (for example, new events, new methods or security vulnerabilities) to determine prevailing cyber exposure. The datasets of cyber risk causes could be combined with existing portfolio data from cyber insurers and integrated into existing pricing tools and factors to improve the valuation of cyber risks.

A portion of these datasets consists of several taxonomies and classifications of cyber risks. Aassal et al. ( 2020 ) propose a new taxonomy of phishing characteristics based on the interpretation and purpose of each characteristic. In comparison, Hindy et al. ( 2020 ) presented a taxonomy of network threats and the impact of current datasets on intrusion detection systems. A similar taxonomy was suggested by Kiwia et al. ( 2018 ). The authors presented a cyber kill chain-based taxonomy of banking Trojans features. The taxonomy built on a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major U.K.-based financial organisation.

In the context of classification, Aamir et al. ( 2021 ) showed the benefits of machine learning for classifying port scans and DDoS attacks in a mixture of normal and attack traffic. Guo et al. ( 2020 ) presented a new method to improve malware classification based on entropy sequence features. The evaluation of this new method was conducted on different malware datasets.

To reconstruct attack scenarios and draw conclusions based on the evidence in the alert stream, Barzegar and Shajari ( 2018 ) use the DARPA2000 and MACCDC 2012 dataset for their research. Giudici and Raffinetti ( 2020 ) proposed a rank-based statistical model aimed at predicting the severity levels of cyber risk. The model used cyber risk data from the University of Milan. In contrast to the previous datasets, Skrjanc et al. ( 2018 ) used the older dataset KDD99 to monitor large-scale cyberattacks using a cauchy clustering method.

Amin et al. ( 2021 ) used a cyberattack dataset from the Canadian Institute for Cybersecurity to identify spatial clusters of countries with high rates of cyberattacks. In the context of cybercrime, Junger et al. ( 2020 ) examined crime scripts, key characteristics of the target company and the relationship between criminal effort and financial benefit. For their study, the authors analysed 300 cases of fraudulent activities against Dutch companies. With a similar focus on cybercrime, Mireles et al. ( 2019 ) proposed a metric framework to measure the effectiveness of the dynamic evolution of cyberattacks and defensive measures. To validate its usefulness, they used the DEFCON dataset.

Due to the rapidly changing nature of cyber risks, it is often impossible to obtain all information on them. Kim and Kim ( 2019 ) proposed an automated dataset generation system called CTIMiner that collects threat data from publicly available security reports and malware repositories. They released a dataset to the public containing about 640,000 records from 612 security reports published between January 2008 and 2019. A similar approach is proposed by Kim et al. ( 2020 ), using a named entity recognition system to extract core information from cyber threat reports automatically. They created a 498,000-tag dataset during their research (Ulven and Wangen 2021 ).

Within the framework of vulnerabilities and cybersecurity issues, Ulven and Wangen ( 2021 ) proposed an overview of mission-critical assets and everyday threat events, suggested a generic threat model, and summarised common cybersecurity vulnerabilities. With a focus on hospitality, Chen and Fiscus ( 2018 ) proposed several issues related to cybersecurity in this sector. They analysed 76 security incidents from the Privacy Rights Clearinghouse database. Supplementary Table 1 lists all findings that belong to the cyber causes dataset.

Impact datasets

This section outlines selected findings of the cyber impact dataset. For cyber insurers, these datasets can form an important basis for information, as they can be used to calculate cyber insurance premiums, evaluate specific cyber risks, formulate inclusions and exclusions in cyber wordings, and re-evaluate as well as supplement the data collected so far on cyber risks. For example, information on financial losses can help to better assess the loss potential of cyber risks. Furthermore, the datasets can provide insight into the frequency of occurrence of these cyber risks. The new datasets can be used to close any data gaps that were previously based on very approximate estimates or to find new results.

Eight studies addressed the costs of data breaches. For instance, Eling and Jung ( 2018 ) reviewed 3327 data breach events from 2005 to 2016 and identified an asymmetric dependence of monthly losses by breach type and industry. The authors used datasets from the Privacy Rights Clearinghouse for analysis. The Privacy Rights Clearinghouse datasets and the Breach level index database were also used by De Giovanni et al. ( 2020 ) to describe relationships between data breaches and bitcoin-related variables using the cointegration methodology. The data were obtained from the Department of Health and Human Services of healthcare facilities reporting data breaches and a national database of technical and organisational infrastructure information. Also in the context of data breaches, Algarni et al. ( 2021 ) developed a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. For their survey, the authors used two industrial reports from the Ponemon institute and VERIZON. To illustrate the scope of data breaches, Neto et al. ( 2021 ) identified 430 major data breach incidents among more than 10,000 incidents. The database created is available and covers the period 2018 to 2019.

With a direct focus on insurance, Biener et al. ( 2015 ) analysed 994 cyber loss cases from an operational risk database and investigated the insurability of cyber risks based on predefined criteria. For their study, they used data from the company SAS OpRisk Global Data. Similarly, Eling and Wirfs ( 2019 ) looked at a wide range of cyber risk events and actual cost data using the same database. They identified cyber losses and analysed them using methods from statistics and actuarial science. Using a similar reference, Farkas et al. ( 2021 ) proposed a method for analysing cyber claims based on regression trees to identify criteria for classifying and evaluating claims. Similar to Chen and Fiscus ( 2018 ), the dataset used was the Privacy Rights Clearinghouse database. Within the framework of reinsurance, Moro ( 2020 ) analysed cyber index-based information technology activity to see if index-parametric reinsurance coverage could suggest its cedant using data from a Symantec dataset.

Paté-Cornell et al. ( 2018 ) presented a general probabilistic risk analysis framework for cybersecurity in an organisation to be specified. The results are distributions of losses to cyberattacks, with and without considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. The data used were from The Common Vulnerability and Exposures database and via confidential access to a database of cyberattacks on a large, U.S.-based organisation. A different conceptual framework for cyber risk classification and assessment was proposed by Sheehan et al. ( 2021 ). This framework showed the importance of proactive and reactive barriers in reducing companies’ exposure to cyber risk and quantifying the risk. Another approach to cyber risk assessment and mitigation was proposed by Mukhopadhyay et al. ( 2019 ). They estimated the probability of an attack using generalised linear models, predicted the security technology required to reduce the probability of cyberattacks, and used gamma and exponential distributions to best approximate the average loss data for each malicious attack. They also calculated the expected loss due to cyberattacks, calculated the net premium that would need to be charged by a cyber insurer, and suggested cyber insurance as a strategy to minimise losses. They used the CSI-FBI survey (1997–2010) to conduct their research.

In order to highlight the lack of data on cyber risks, Eling ( 2020 ) conducted a literature review in the areas of cyber risk and cyber insurance. Available information on the frequency, severity, and dependency structure of cyber risks was filtered out. In addition, open questions for future cyber risk research were set up. Another example of data collection on the impact of cyberattacks is provided by Sornette et al. ( 2013 ), who use a database of newspaper articles, press reports and other media to provide a predictive method to identify triggering events and potential accident scenarios and estimate their severity and frequency. A similar approach to data collection was used by Arcuri et al. ( 2020 ) to gather an original sample of global cyberattacks from newspaper reports sourced from the LexisNexis database. This collection is also used and applied to the fields of dynamic communication and cyber risk perception by Fang et al. ( 2021 ). To create a dataset of cyber incidents and disputes, Valeriano and Maness ( 2014 ) collected information on cyber interactions between rival states.

To assess trends and the scale of economic cybercrime, Levi ( 2017 ) examined datasets from different countries and their impact on crime policy. Pooser et al. ( 2018 ) investigated the trend in cyber risk identification from 2006 to 2015 and company characteristics related to cyber risk perception. The authors used a dataset of various reports from cyber insurers for their study. Walker-Roberts et al. ( 2020 ) investigated the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The datasets of impacts identified are presented below. Due to overlap, some may also appear in the causes dataset (Supplementary Table 2).

Cybersecurity datasets

General intrusion detection.

General intrusion detection systems account for the largest share of countermeasure datasets. For companies or researchers focused on cybersecurity, the datasets can be used to test their own countermeasures or obtain information about potential vulnerabilities. For example, Al-Omari et al. ( 2021 ) proposed an intelligent intrusion detection model for predicting and detecting attacks in cyberspace, which was applied to dataset UNSW-NB 15. A similar approach was taken by Choras and Kozik ( 2015 ), who used machine learning to detect cyberattacks on web applications. To evaluate their method, they used the HTTP dataset CSIC 2010. For the identification of unknown attacks on web servers, Kamarudin et al. ( 2017 ) proposed an anomaly-based intrusion detection system using an ensemble classification approach. Ganeshan and Rodrigues ( 2020 ) showed an intrusion detection system approach, which clusters the database into several groups and detects the presence of intrusion in the clusters. In comparison, AlKadi et al. ( 2019 ) used a localisation-based model to discover abnormal patterns in network traffic. Hybrid models have been recommended by Bhattacharya et al. ( 2020 ) and Agrawal et al. ( 2019 ); the former is a machine-learning model based on principal component analysis for the classification of intrusion detection system datasets, while the latter is a hybrid ensemble intrusion detection system for anomaly detection using different datasets to detect patterns in network traffic that deviate from normal behaviour.

Agarwal et al. ( 2021 ) used three different machine learning algorithms in their research to find the most suitable for efficiently identifying patterns of suspicious network activity. The UNSW-NB15 dataset was used for this purpose. Kasongo and Sun ( 2020 ), Feed-Forward Deep Neural Network (FFDNN), Keshk et al. ( 2021 ), the privacy-preserving anomaly detection framework, and others also use the UNSW-NB 15 dataset as part of intrusion detection systems. The same dataset and others were used by Binbusayyis and Vaiyapuri ( 2019 ) to identify and compare key features for cyber intrusion detection. Atefinia and Ahmadi ( 2021 ) proposed a deep neural network model to reduce the false positive rate of an anomaly-based intrusion detection system. Fossaceca et al. ( 2015 ) focused in their research on the development of a framework that combined the outputs of multiple learners in order to improve the efficacy of network intrusion, and Gauthama Raman et al. ( 2020 ) presented a search algorithm based on Support Vector machine to improve the performance of the detection and false alarm rate to improve intrusion detection techniques. Ahmad and Alsemmeari ( 2020 ) targeted extreme learning machine techniques due to their good capabilities in classification problems and handling huge data. They used the NSL-KDD dataset as a benchmark.

With reference to prediction, Bakdash et al. ( 2018 ) used datasets from the U.S. Department of Defence to predict cyberattacks by malware. This dataset consists of weekly counts of cyber events over approximately seven years. Another prediction method was presented by Fan et al. ( 2018 ), which showed an improved integrated cybersecurity prediction method based on spatial-time analysis. Also, with reference to prediction, Ashtiani and Azgomi ( 2014 ) proposed a framework for the distributed simulation of cyberattacks based on high-level architecture. Kirubavathi and Anitha ( 2016 ) recommended an approach to detect botnets, irrespective of their structures, based on network traffic flow behaviour analysis and machine-learning techniques. Dwivedi et al. ( 2021 ) introduced a multi-parallel adaptive technique to utilise an adaption mechanism in the group of swarms for network intrusion detection. AlEroud and Karabatis ( 2018 ) presented an approach that used contextual information to automatically identify and query possible semantic links between different types of suspicious activities extracted from network flows.

Intrusion detection systems with a focus on IoT

In addition to general intrusion detection systems, a proportion of studies focused on IoT. Habib et al. ( 2020 ) presented an approach for converting traditional intrusion detection systems into smart intrusion detection systems for IoT networks. To enhance the process of diagnostic detection of possible vulnerabilities with an IoT system, Georgescu et al. ( 2019 ) introduced a method that uses a named entity recognition-based solution. With regard to IoT in the smart home sector, Heartfield et al. ( 2021 ) presented a detection system that is able to autonomously adjust the decision function of its underlying anomaly classification models to a smart home’s changing condition. Another intrusion detection system was suggested by Keserwani et al. ( 2021 ), which combined Grey Wolf Optimization and Particle Swam Optimization to identify various attacks for IoT networks. They used the KDD Cup 99, NSL-KDD and CICIDS-2017 to evaluate their model. Abu Al-Haija and Zein-Sabatto ( 2020 ) provide a comprehensive development of a new intelligent and autonomous deep-learning-based detection and classification system for cyberattacks in IoT communication networks that leverage the power of convolutional neural networks, abbreviated as IoT-IDCS-CNN (IoT-based Intrusion Detection and Classification System using Convolutional Neural Network). To evaluate the development, the authors used the NSL-KDD dataset. Biswas and Roy ( 2021 ) recommended a model that identifies malicious botnet traffic using novel deep-learning approaches like artificial neural networks gutted recurrent units and long- or short-term memory models. They tested their model with the Bot-IoT dataset.

With a more forensic background, Koroniotis et al. ( 2020 ) submitted a network forensic framework, which described the digital investigation phases for identifying and tracing attack behaviours in IoT networks. The suggested work was evaluated with the Bot-IoT and UINSW-NB15 datasets. With a focus on big data and IoT, Chhabra et al. ( 2020 ) presented a cyber forensic framework for big data analytics in an IoT environment using machine learning. Furthermore, the authors mentioned different publicly available datasets for machine-learning models.

A stronger focus on a mobile phones was exhibited by Alazab et al. ( 2020 ), which presented a classification model that combined permission requests and application programme interface calls. The model was tested with a malware dataset containing 27,891 Android apps. A similar approach was taken by Li et al. ( 2019a , b ), who proposed a reliable classifier for Android malware detection based on factorisation machine architecture and extraction of Android app features from manifest files and source code.

Literature reviews

In addition to the different methods and models for intrusion detection systems, various literature reviews on the methods and datasets were also found. Liu and Lang ( 2019 ) proposed a taxonomy of intrusion detection systems that uses data objects as the main dimension to classify and summarise machine learning and deep learning-based intrusion detection literature. They also presented four different benchmark datasets for machine-learning detection systems. Ahmed et al. ( 2016 ) presented an in-depth analysis of four major categories of anomaly detection techniques, which include classification, statistical, information theory and clustering. Hajj et al. ( 2021 ) gave a comprehensive overview of anomaly-based intrusion detection systems. Their article gives an overview of the requirements, methods, measurements and datasets that are used in an intrusion detection system.

Within the framework of machine learning, Chattopadhyay et al. ( 2018 ) conducted a comprehensive review and meta-analysis on the application of machine-learning techniques in intrusion detection systems. They also compared different machine learning techniques in different datasets and summarised the performance. Vidros et al. ( 2017 ) presented an overview of characteristics and methods in automatic detection of online recruitment fraud. They also published an available dataset of 17,880 annotated job ads, retrieved from the use of a real-life system. An empirical study of different unsupervised learning algorithms used in the detection of unknown attacks was presented by Meira et al. ( 2020 ).

New datasets

Kilincer et al. ( 2021 ) reviewed different intrusion detection system datasets in detail. They had a closer look at the UNS-NB15, ISCX-2012, NSL-KDD and CIDDS-001 datasets. Stojanovic et al. ( 2020 ) also provided a review on datasets and their creation for use in advanced persistent threat detection in the literature. Another review of datasets was provided by Sarker et al. ( 2020 ), who focused on cybersecurity data science as part of their research and provided an overview from a machine-learning perspective. Avila et al. ( 2021 ) conducted a systematic literature review on the use of security logs for data leak detection. They recommended a new classification of information leak, which uses the GDPR principles, identified the most widely publicly available dataset for threat detection, described the attack types in the datasets and the algorithms used for data leak detection. Tuncer et al. ( 2020 ) presented a bytecode-based detection method consisting of feature extraction using local neighbourhood binary patterns. They chose a byte-based malware dataset to investigate the performance of the proposed local neighbourhood binary pattern-based detection method. With a different focus, Mauro et al. ( 2020 ) gave an experimental overview of neural-based techniques relevant to intrusion detection. They assessed the value of neural networks using the Bot-IoT and UNSW-DB15 datasets.

Another category of results in the context of countermeasure datasets is those that were presented as new. Moreno et al. ( 2018 ) developed a database of 300 security-related accidents from European and American sources. The database contained cybersecurity-related events in the chemical and process industry. Damasevicius et al. ( 2020 ) proposed a new dataset (LITNET-2020) for network intrusion detection. The dataset is a new annotated network benchmark dataset obtained from the real-world academic network. It presents real-world examples of normal and under-attack network traffic. With a focus on IoT intrusion detection systems, Alsaedi et al. ( 2020 ) proposed a new benchmark IoT/IIot datasets for assessing intrusion detection system-enabled IoT systems. Also in the context of IoT, Vaccari et al. ( 2020 ) proposed a dataset focusing on message queue telemetry transport protocols, which can be used to train machine-learning models. To evaluate the performance of machine-learning classifiers, Mahfouz et al. ( 2020 ) created a dataset called Game Theory and Cybersecurity (GTCS). A dataset containing 22,000 malware and benign samples was constructed by Martin et al. ( 2019 ). The dataset can be used as a benchmark to test the algorithm for Android malware classification and clustering techniques. In addition, Laso et al. ( 2017 ) presented a dataset created to investigate how data and information quality estimates enable the detection of anomalies and malicious acts in cyber-physical systems. The dataset contained various cyberattacks and is publicly available.

In addition to the results described above, several other studies were found that fit into the category of countermeasures. Johnson et al. ( 2016 ) examined the time between vulnerability disclosures. Using another vulnerabilities database, Common Vulnerabilities and Exposures (CVE), Subroto and Apriyana ( 2019 ) presented an algorithm model that uses big data analysis of social media and statistical machine learning to predict cyber risks. A similar databank but with a different focus, Common Vulnerability Scoring System, was used by Chatterjee and Thekdi ( 2020 ) to present an iterative data-driven learning approach to vulnerability assessment and management for complex systems. Using the CICIDS2017 dataset to evaluate the performance, Malik et al. ( 2020 ) proposed a control plane-based orchestration for varied, sophisticated threats and attacks. The same dataset was used in another study by Lee et al. ( 2019 ), who developed an artificial security information event management system based on a combination of event profiling for data processing and different artificial network methods. To exploit the interdependence between multiple series, Fang et al. ( 2021 ) proposed a statistical framework. In order to validate the framework, the authors applied it to a dataset of enterprise-level security breaches from the Privacy Rights Clearinghouse and Identity Theft Center database. Another framework with a defensive aspect was recommended by Li et al. ( 2021 ) to increase the robustness of deep neural networks against adversarial malware evasion attacks. Sarabi et al. ( 2016 ) investigated whether and to what extent business details can help assess an organisation's risk of data breaches and the distribution of risk across different types of incidents to create policies for protection, detection and recovery from different forms of security incidents. They used data from the VERIS Community Database.

Datasets that have been classified into the cybersecurity category are detailed in Supplementary Table 3. Due to overlap, records from the previous tables may also be included.

This paper presented a systematic literature review of studies on cyber risk and cybersecurity that used datasets. Within this framework, 255 studies were fully reviewed and then classified into three different categories. Then, 79 datasets were consolidated from these studies. These datasets were subsequently analysed, and important information was selected through a process of filtering out. This information was recorded in a table and enhanced with further information as part of the literature analysis. This made it possible to create a comprehensive overview of the datasets. For example, each dataset contains a description of where the data came from and how the data has been used to date. This allows different datasets to be compared and the appropriate dataset for the use case to be selected. This research certainly has limitations, so our selection of datasets cannot necessarily be taken as a representation of all available datasets related to cyber risks and cybersecurity. For example, literature searches were conducted in four academic databases and only found datasets that were used in the literature. Many research projects also used old datasets that may no longer consider current developments. In addition, the data are often focused on only one observation and are limited in scope. For example, the datasets can only be applied to specific contexts and are also subject to further limitations (e.g. region, industry, operating system). In the context of the applicability of the datasets, it is unfortunately not possible to make a clear statement on the extent to which they can be integrated into academic or practical areas of application or how great this effort is. Finally, it remains to be pointed out that this is an overview of currently available datasets, which are subject to constant change.

Due to the lack of datasets on cyber risks in the academic literature, additional datasets on cyber risks were integrated as part of a further search. The search was conducted on the Google Dataset search portal. The search term used was ‘cyber risk datasets’. Over 100 results were found. However, due to the low significance and verifiability, only 20 selected datasets were included. These can be found in Table 2  in the “ Appendix ”.

The results of the literature review and datasets also showed that there continues to be a lack of available, open cyber datasets. This lack of data is reflected in cyber insurance, for example, as it is difficult to find a risk-based premium without a sufficient database (Nurse et al. 2020 ). The global cyber insurance market was estimated at USD 5.5 billion in 2020 (Dyson 2020 ). When compared to the USD 1 trillion global losses from cybercrime (Maleks Smith et al. 2020 ), it is clear that there exists a significant cyber risk awareness challenge for both the insurance industry and international commerce. Without comprehensive and qualitative data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price cyber insurance accordingly (GAO 2021 ). For instance, the average cyber insurance loss increased from USD 145,000 in 2019 to USD 359,000 in 2020 (FitchRatings 2021 ). Cyber insurance is an important risk management tool to mitigate the financial impact of cybercrime. This is particularly evident in the impact of different industries. In the Energy & Commodities financial markets, a ransomware attack on the Colonial Pipeline led to a substantial impact on the U.S. economy. As a result of the attack, about 45% of the U.S. East Coast was temporarily unable to obtain supplies of diesel, petrol and jet fuel. This caused the average price in the U.S. to rise 7 cents to USD 3.04 per gallon, the highest in seven years (Garber 2021 ). In addition, Colonial Pipeline confirmed that it paid a USD 4.4 million ransom to a hacker gang after the attack. Another ransomware attack occurred in the healthcare and government sector. The victim of this attack was the Irish Health Service Executive (HSE). A ransom payment of USD 20 million was demanded from the Irish government to restore services after the hack (Tidy 2021 ). In the car manufacturing sector, Miller and Valasek ( 2015 ) initiated a cyberattack that resulted in the recall of 1.4 million vehicles and cost manufacturers EUR 761 million. The risk that arises in the context of these events is the potential for the accumulation of cyber losses, which is why cyber insurers are not expanding their capacity. An example of this accumulation of cyber risks is the NotPetya malware attack, which originated in Russia, struck in Ukraine, and rapidly spread around the world, causing at least USD 10 billion in damage (GAO 2021 ). These events highlight the importance of proper cyber risk management.

This research provides cyber insurance stakeholders with an overview of cyber datasets. Cyber insurers can use the open datasets to improve their understanding and assessment of cyber risks. For example, the impact datasets can be used to better measure financial impacts and their frequencies. These data could be combined with existing portfolio data from cyber insurers and integrated with existing pricing tools and factors to better assess cyber risk valuation. Although most cyber insurers have sparse historical cyber policy and claims data, they remain too small at present for accurate prediction (Bessy-Roland et al. 2021 ). A combination of portfolio data and external datasets would support risk-adjusted pricing for cyber insurance, which would also benefit policyholders. In addition, cyber insurance stakeholders can use the datasets to identify patterns and make better predictions, which would benefit sustainable cyber insurance coverage. In terms of cyber risk cause datasets, cyber insurers can use the data to review their insurance products. For example, the data could provide information on which cyber risks have not been sufficiently considered in product design or where improvements are needed. A combination of cyber cause and cybersecurity datasets can help establish uniform definitions to provide greater transparency and clarity. Consistent terminology could lead to a more sustainable cyber market, where cyber insurers make informed decisions about the level of coverage and policyholders understand their coverage (The Geneva Association 2020).

In addition to the cyber insurance community, this research also supports cybersecurity stakeholders. The reviewed literature can be used to provide a contemporary, contextual and categorised summary of available datasets. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks. With the help of the described cybersecurity datasets and the identified information, a comparison of different datasets is possible. The datasets can be used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems.

In this paper, we conducted a systematic review of studies on cyber risk and cybersecurity databases. We found that most of the datasets are in the field of intrusion detection and machine learning and are used for technical cybersecurity aspects. The available datasets on cyber risks were relatively less represented. Due to the dynamic nature and lack of historical data, assessing and understanding cyber risk is a major challenge for cyber insurance stakeholders. To address this challenge, a greater density of cyber data is needed to support cyber insurers in risk management and researchers with cyber risk-related topics. With reference to ‘Open Science’ FAIR data (Jacobsen et al. 2020 ), mandatory reporting of cyber incidents could help improve cyber understanding, awareness and loss prevention among companies and insurers. Through greater availability of data, cyber risks can be better understood, enabling researchers to conduct more in-depth research into these risks. Companies could incorporate this new knowledge into their corporate culture to reduce cyber risks. For insurance companies, this would have the advantage that all insurers would have the same understanding of cyber risks, which would support sustainable risk-based pricing. In addition, common definitions of cyber risks could be derived from new data.

The cybersecurity databases summarised and categorised in this research could provide a different perspective on cyber risks that would enable the formulation of common definitions in cyber policies. The datasets can help companies addressing cybersecurity and cyber risk as part of risk management assess their internal cyber posture and cybersecurity measures. The paper can also help improve risk awareness and corporate behaviour, and provides the research community with a comprehensive overview of peer-reviewed datasets and other available datasets in the area of cyber risk and cybersecurity. This approach is intended to support the free availability of data for research. The complete tabulated review of the literature is included in the Supplementary Material.

This work provides directions for several paths of future work. First, there are currently few publicly available datasets for cyber risk and cybersecurity. The older datasets that are still widely used no longer reflect today's technical environment. Moreover, they can often only be used in one context, and the scope of the samples is very limited. It would be of great value if more datasets were publicly available that reflect current environmental conditions. This could help intrusion detection systems to consider current events and thus lead to a higher success rate. It could also compensate for the disadvantages of older datasets by collecting larger quantities of samples and making this contextualisation more widespread. Another area of research may be the integratability and adaptability of cybersecurity and cyber risk datasets. For example, it is often unclear to what extent datasets can be integrated or adapted to existing data. For cyber risks and cybersecurity, it would be helpful to know what requirements need to be met or what is needed to use the datasets appropriately. In addition, it would certainly be helpful to know whether datasets can be modified to be used for cyber risks or cybersecurity. Finally, the ability for stakeholders to identify machine-readable cybersecurity datasets would be useful because it would allow for even clearer delineations or comparisons between datasets. Due to the lack of publicly available datasets, concrete benchmarks often cannot be applied.

Average cost of a breach of more than 50 million records.

Aamir, M., S.S.H. Rizvi, M.A. Hashmani, M. Zubair, and J. Ahmad. 2021. Machine learning classification of port scanning and DDoS attacks: A comparative analysis. Mehran University Research Journal of Engineering and Technology 40 (1): 215–229. https://doi.org/10.22581/muet1982.2101.19 .

Article   Google Scholar  

Aamir, M., and S.M.A. Zaidi. 2019. DDoS attack detection with feature engineering and machine learning: The framework and performance evaluation. International Journal of Information Security 18 (6): 761–785. https://doi.org/10.1007/s10207-019-00434-1 .

Aassal, A. El, S. Baki, A. Das, and R.M. Verma. 2020. 2020. An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access 8: 22170–22192. https://doi.org/10.1109/ACCESS.2020.2969780 .

Abu Al-Haija, Q., and S. Zein-Sabatto. 2020. An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9 (12): 26. https://doi.org/10.3390/electronics9122152 .

Adhikari, U., T.H. Morris, and S.Y. Pan. 2018. Applying Hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Transactions on Smart Grid 9 (5): 4049–4060. https://doi.org/10.1109/tsg.2017.2647778 .

Agarwal, A., P. Sharma, M. Alshehri, A.A. Mohamed, and O. Alfarraj. 2021. Classification model for accuracy and intrusion detection using machine learning approach. PeerJ Computer Science . https://doi.org/10.7717/peerj-cs.437 .

Agrafiotis, I., J.R.C.. Nurse, M. Goldsmith, S. Creese, and D. Upton. 2018. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity 4: tyy006.

Agrawal, A., S. Mohammed, and J. Fiaidhi. 2019. Ensemble technique for intruder detection in network traffic. International Journal of Security and Its Applications 13 (3): 1–8. https://doi.org/10.33832/ijsia.2019.13.3.01 .

Ahmad, I., and R.A. Alsemmeari. 2020. Towards improving the intrusion detection through ELM (extreme learning machine). CMC Computers Materials & Continua 65 (2): 1097–1111. https://doi.org/10.32604/cmc.2020.011732 .

Ahmed, M., A.N. Mahmood, and J.K. Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60: 19–31. https://doi.org/10.1016/j.jnca.2015.11.016 .

Al-Jarrah, O.Y., O. Alhussein, P.D. Yoo, S. Muhaidat, K. Taha, and K. Kim. 2016. Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics 46 (8): 1796–1806. https://doi.org/10.1109/TCYB.2015.2490802 .

Al-Mhiqani, M.N., R. Ahmad, Z.Z. Abidin, W. Yassin, A. Hassan, K.H. Abdulkareem, N.S. Ali, and Z. Yunos. 2020. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations. Applied Sciences—Basel 10 (15): 41. https://doi.org/10.3390/app10155208 .

Al-Omari, M., M. Rawashdeh, F. Qutaishat, M. Alshira’H, and N. Ababneh. 2021. An intelligent tree-based intrusion detection model for cyber security. Journal of Network and Systems Management 29 (2): 18. https://doi.org/10.1007/s10922-021-09591-y .

Alabdallah, A., and M. Awad. 2018. Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System. KSII Transactions on Internet and Information Systems 12 (10): 5143–5158. https://doi.org/10.3837/tiis.2018.10.027 .

Alazab, M., M. Alazab, A. Shalaginov, A. Mesleh, and A. Awajan. 2020. Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems—the International Journal of eScience 107: 509–521. https://doi.org/10.1016/j.future.2020.02.002 .

Albahar, M.A., R.A. Al-Falluji, and M. Binsawad. 2020. An empirical comparison on malicious activity detection using different neural network-based models. IEEE Access 8: 61549–61564. https://doi.org/10.1109/ACCESS.2020.2984157 .

AlEroud, A.F., and G. Karabatis. 2018. Queryable semantics to detect cyber-attacks: A flow-based detection approach. IEEE Transactions on Systems, Man, and Cybernetics: Systems 48 (2): 207–223. https://doi.org/10.1109/TSMC.2016.2600405 .

Algarni, A.M., V. Thayananthan, and Y.K. Malaiya. 2021. Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems. Applied Sciences (switzerland) . https://doi.org/10.3390/app11083678 .

Alhowaide, A., I. Alsmadi, and J. Tang. 2021. Towards the design of real-time autonomous IoT NIDS. Cluster Computing—the Journal of Networks Software Tools and Applications . https://doi.org/10.1007/s10586-021-03231-5 .

Ali, S., and Y. Li. 2019. Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access 7: 108647–108659. https://doi.org/10.1109/ACCESS.2019.2933304 .

AlKadi, O., N. Moustafa, B. Turnbull, and K.K.R. Choo. 2019. Mixture localization-based outliers models for securing data migration in cloud centers. IEEE Access 7: 114607–114618. https://doi.org/10.1109/ACCESS.2019.2935142 .

Allianz. 2021. Allianz Risk Barometer. https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2021.pdf . Accessed 15 May 2021.

Almiani, M., A. AbuGhazleh, A. Al-Rahayfeh, S. Atiewi, and Razaque, A. 2020. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101: 102031. https://doi.org/10.1016/j.simpat.2019.102031

Alsaedi, A., N. Moustafa, Z. Tari, A. Mahmood, and A. Anwar. 2020. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8: 165130–165150. https://doi.org/10.1109/access.2020.3022862 .

Alsamiri, J., and K. Alsubhi. 2019. Internet of Things cyber attacks detection using machine learning. International Journal of Advanced Computer Science and Applications 10 (12): 627–634.

Alsharafat, W. 2013. Applying artificial neural network and eXtended classifier system for network intrusion detection. International Arab Journal of Information Technology 10 (3): 230–238.

Google Scholar  

Amin, R.W., H.E. Sevil, S. Kocak, G. Francia III., and P. Hoover. 2021. The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information (switzerland) 12 (1): 1–18. https://doi.org/10.3390/info12010002 .

Arcuri, M.C., L.Z. Gai, F. Ielasi, and E. Ventisette. 2020. Cyber attacks on hospitality sector: Stock market reaction. Journal of Hospitality and Tourism Technology 11 (2): 277–290. https://doi.org/10.1108/jhtt-05-2019-0080 .

Arp, D., M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T. Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Ndss 14: 23–26.

Ashtiani, M., and M.A. Azgomi. 2014. A distributed simulation framework for modeling cyber attacks and the evaluation of security measures. Simulation 90 (9): 1071–1102. https://doi.org/10.1177/0037549714540221 .

Atefinia, R., and M. Ahmadi. 2021. Network intrusion detection using multi-architectural modular deep neural network. Journal of Supercomputing 77 (4): 3571–3593. https://doi.org/10.1007/s11227-020-03410-y .

Avila, R., R. Khoury, R. Khoury, and F. Petrillo. 2021. Use of security logs for data leak detection: A systematic literature review. Security and Communication Networks 2021: 29. https://doi.org/10.1155/2021/6615899 .

Azeez, N.A., T.J. Ayemobola, S. Misra, R. Maskeliunas, and R. Damasevicius. 2019. Network Intrusion Detection with a Hashing Based Apriori Algorithm Using Hadoop MapReduce. Computers 8 (4): 15. https://doi.org/10.3390/computers8040086 .

Bakdash, J.Z., S. Hutchinson, E.G. Zaroukian, L.R. Marusich, S. Thirumuruganathan, C. Sample, B. Hoffman, and G. Das. 2018. Malware in the future forecasting of analyst detection of cyber events. Journal of Cybersecurity . https://doi.org/10.1093/cybsec/tyy007 .

Barletta, V.S., D. Caivano, A. Nannavecchia, and M. Scalera. 2020. Intrusion detection for in-vehicle communication networks: An unsupervised Kohonen SOM approach. Future Internet . https://doi.org/10.3390/FI12070119 .

Barzegar, M., and M. Shajari. 2018. Attack scenario reconstruction using intrusion semantics. Expert Systems with Applications 108: 119–133. https://doi.org/10.1016/j.eswa.2018.04.030 .

Bessy-Roland, Y., A. Boumezoued, and C. Hillairet. 2021. Multivariate Hawkes process for cyber insurance. Annals of Actuarial Science 15 (1): 14–39.

Bhardwaj, A., V. Mangat, and R. Vig. 2020. Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud. IEEE Access 8: 181916–181929. https://doi.org/10.1109/ACCESS.2020.3028690 .

Bhati, B.S., C.S. Rai, B. Balamurugan, and F. Al-Turjman. 2020. An intrusion detection scheme based on the ensemble of discriminant classifiers. Computers & Electrical Engineering 86: 9. https://doi.org/10.1016/j.compeleceng.2020.106742 .

Bhattacharya, S., S.S.R. Krishnan, P.K.R. Maddikunta, R. Kaluri, S. Singh, T.R. Gadekallu, M. Alazab, and U. Tariq. 2020. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9 (2): 16. https://doi.org/10.3390/electronics9020219 .

Bibi, I., A. Akhunzada, J. Malik, J. Iqbal, A. Musaddiq, and S. Kim. 2020. A dynamic DL-driven architecture to combat sophisticated android malware. IEEE Access 8: 129600–129612. https://doi.org/10.1109/ACCESS.2020.3009819 .

Biener, C., M. Eling, and J.H. Wirfs. 2015. Insurability of cyber risk: An empirical analysis. The   Geneva Papers on Risk and Insurance—Issues and Practice 40 (1): 131–158. https://doi.org/10.1057/gpp.2014.19 .

Binbusayyis, A., and T. Vaiyapuri. 2019. Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach. IEEE Access 7: 106495–106513. https://doi.org/10.1109/ACCESS.2019.2929487 .

Biswas, R., and S. Roy. 2021. Botnet traffic identification using neural networks. Multimedia Tools and Applications . https://doi.org/10.1007/s11042-021-10765-8 .

Bouyeddou, B., F. Harrou, B. Kadri, and Y. Sun. 2021. Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing—the Journal of Networks Software Tools and Applications 24 (2): 1435–1453. https://doi.org/10.1007/s10586-020-03203-1 .

Bozkir, A.S., and M. Aydos. 2020. LogoSENSE: A companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Computers & Security 95: 18. https://doi.org/10.1016/j.cose.2020.101855 .

Brower, D., and M. McCormick. 2021. Colonial pipeline resumes operations following ransomware attack. Financial Times .

Cai, H., F. Zhang, and A. Levi. 2019. An unsupervised method for detecting shilling attacks in recommender systems by mining item relationship and identifying target items. The Computer Journal 62 (4): 579–597. https://doi.org/10.1093/comjnl/bxy124 .

Cebula, J.J., M.E. Popeck, and L.R. Young. 2014. A Taxonomy of Operational Cyber Security Risks Version 2 .

Chadza, T., K.G. Kyriakopoulos, and S. Lambotharan. 2020. Learning to learn sequential network attacks using hidden Markov models. IEEE Access 8: 134480–134497. https://doi.org/10.1109/ACCESS.2020.3011293 .

Chatterjee, S., and S. Thekdi. 2020. An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems. Reliability Engineering and System Safety . https://doi.org/10.1016/j.ress.2019.106664 .

Chattopadhyay, M., R. Sen, and S. Gupta. 2018. A comprehensive review and meta-analysis on applications of machine learning techniques in intrusion detection. Australasian Journal of Information Systems 22: 27.

Chen, H.S., and J. Fiscus. 2018. The inhospitable vulnerability: A need for cybersecurity risk assessment in the hospitality industry. Journal of Hospitality and Tourism Technology 9 (2): 223–234. https://doi.org/10.1108/JHTT-07-2017-0044 .

Chhabra, G.S., V.P. Singh, and M. Singh. 2020. Cyber forensics framework for big data analytics in IoT environment using machine learning. Multimedia Tools and Applications 79 (23–24): 15881–15900. https://doi.org/10.1007/s11042-018-6338-1 .

Chiba, Z., N. Abghour, K. Moussaid, A. Elomri, and M. Rida. 2019. Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms. Computers and Security 86: 291–317. https://doi.org/10.1016/j.cose.2019.06.013 .

Choras, M., and R. Kozik. 2015. Machine learning techniques applied to detect cyber attacks on web applications. Logic Journal of the IGPL 23 (1): 45–56. https://doi.org/10.1093/jigpal/jzu038 .

Chowdhury, S., M. Khanzadeh, R. Akula, F. Zhang, S. Zhang, H. Medal, M. Marufuzzaman, and L. Bian. 2017. Botnet detection using graph-based feature clustering. Journal of Big Data 4 (1): 14. https://doi.org/10.1186/s40537-017-0074-7 .

Cost Of A Cyber Incident: Systematic Review And Cross-Validation, Cybersecurity & Infrastructure Agency , 1, https://www.cisa.gov/sites/default/files/publications/CISA-OCE_Cost_of_Cyber_Incidents_Study-FINAL_508.pdf (2020).

D’Hooge, L., T. Wauters, B. Volckaert, and F. De Turck. 2019. Classification hardness for supervised learners on 20 years of intrusion detection data. IEEE Access 7: 167455–167469. https://doi.org/10.1109/access.2019.2953451 .

Damasevicius, R., A. Venckauskas, S. Grigaliunas, J. Toldinas, N. Morkevicius, T. Aleliunas, and P. Smuikys. 2020. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics 9 (5): 23. https://doi.org/10.3390/electronics9050800 .

De Giovanni, A.L.D., and M. Pirra. 2020. On the determinants of data breaches: A cointegration analysis. Decisions in Economics and Finance . https://doi.org/10.1007/s10203-020-00301-y .

Deng, L., D. Li, X. Yao, and H. Wang. 2019. Retracted Article: Mobile network intrusion detection for IoT system based on transfer learning algorithm. Cluster Computing 22 (4): 9889–9904. https://doi.org/10.1007/s10586-018-1847-2 .

Donkal, G., and G.K. Verma. 2018. A multimodal fusion based framework to reinforce IDS for securing Big Data environment using Spark. Journal of Information Security and Applications 43: 1–11. https://doi.org/10.1016/j.jisa.2018.10.001 .

Dunn, C., N. Moustafa, and B. Turnbull. 2020. Robustness evaluations of sustainable machine learning models against data Poisoning attacks in the Internet of Things. Sustainability 12 (16): 17. https://doi.org/10.3390/su12166434 .

Dwivedi, S., M. Vardhan, and S. Tripathi. 2021. Multi-parallel adaptive grasshopper optimization technique for detecting anonymous attacks in wireless networks. Wireless Personal Communications . https://doi.org/10.1007/s11277-021-08368-5 .

Dyson, B. 2020. COVID-19 crisis could be ‘watershed’ for cyber insurance, says Swiss Re exec. https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/covid-19-crisis-could-be-watershed-for-cyber-insurance-says-swiss-re-exec-59197154 . Accessed 7 May 2020.

EIOPA. 2018. Understanding cyber insurance—a structured dialogue with insurance companies. https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_understanding_cyber_insurance.pdf . Accessed 28 May 2018

Elijah, A.V., A. Abdullah, N.Z. JhanJhi, M. Supramaniam, and O.B. Abdullateef. 2019. Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: An empirical study. International Journal of Advanced Computer Science and Applications 10 (9): 520–528.

Eling, M., and K. Jung. 2018. Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance Mathematics & Economics 82: 167–180. https://doi.org/10.1016/j.insmatheco.2018.07.003 .

Eling, M., and W. Schnell. 2016. What do we know about cyber risk and cyber risk insurance? Journal of Risk Finance 17 (5): 474–491. https://doi.org/10.1108/jrf-09-2016-0122 .

Eling, M., and J. Wirfs. 2019. What are the actual costs of cyber risk events? European Journal of Operational Research 272 (3): 1109–1119. https://doi.org/10.1016/j.ejor.2018.07.021 .

Eling, M. 2020. Cyber risk research in business and actuarial science. European Actuarial Journal 10 (2): 303–333.

Elmasry, W., A. Akbulut, and A.H. Zaim. 2019. Empirical study on multiclass classification-based network intrusion detection. Computational Intelligence 35 (4): 919–954. https://doi.org/10.1111/coin.12220 .

Elsaid, S.A., and N.S. Albatati. 2020. An optimized collaborative intrusion detection system for wireless sensor networks. Soft Computing 24 (16): 12553–12567. https://doi.org/10.1007/s00500-020-04695-0 .

Estepa, R., J.E. Díaz-Verdejo, A. Estepa, and G. Madinabeitia. 2020. How much training data is enough? A case study for HTTP anomaly-based intrusion detection. IEEE Access 8: 44410–44425. https://doi.org/10.1109/ACCESS.2020.2977591 .

European Council. 2021. Cybersecurity: how the EU tackles cyber threats. https://www.consilium.europa.eu/en/policies/cybersecurity/ . Accessed 10 May 2021

Falco, G. et al. 2019. Cyber risk research impeded by disciplinary barriers. Science (American Association for the Advancement of Science) 366 (6469): 1066–1069.

Fan, Z.J., Z.P. Tan, C.X. Tan, and X. Li. 2018. An improved integrated prediction method of cyber security situation based on spatial-time analysis. Journal of Internet Technology 19 (6): 1789–1800. https://doi.org/10.3966/160792642018111906015 .

Fang, Z.J., M.C. Xu, S.H. Xu, and T.Z. Hu. 2021. A framework for predicting data breach risk: Leveraging dependence to cope with sparsity. IEEE Transactions on Information Forensics and Security 16: 2186–2201. https://doi.org/10.1109/tifs.2021.3051804 .

Farkas, S., O. Lopez, and M. Thomas. 2021. Cyber claim analysis using Generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics 98: 92–105. https://doi.org/10.1016/j.insmatheco.2021.02.009 .

Farsi, H., A. Fanian, and Z. Taghiyarrenani. 2019. A novel online state-based anomaly detection system for process control networks. International Journal of Critical Infrastructure Protection 27: 11. https://doi.org/10.1016/j.ijcip.2019.100323 .

Ferrag, M.A., L. Maglaras, S. Moschoyiannis, and H. Janicke. 2020. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications 50: 19. https://doi.org/10.1016/j.jisa.2019.102419 .

Field, M. 2018. WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled. https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/ . Accessed 9 May 2018.

FitchRatings. 2021. U.S. Cyber Insurance Market Update (Spike in Claims Leads to Decline in 2020 Underwriting Performance). https://www.fitchratings.com/research/insurance/us-cyber-insurance-market-update-spike-in-claims-leads-to-decline-in-2020-underwriting-performance-26-05-2021 .

Fossaceca, J.M., T.A. Mazzuchi, and S. Sarkani. 2015. MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications 42 (8): 4062–4080. https://doi.org/10.1016/j.eswa.2014.12.040 .

Franke, U., and J. Brynielsson. 2014. Cyber situational awareness–a systematic review of the literature. Computers & security 46: 18–31.

Freeha, K., K.J. Hwan, M. Lars, and M. Robin. 2021. Data breach management: An integrated risk model. Information & Management 58 (1): 103392. https://doi.org/10.1016/j.im.2020.103392 .

Ganeshan, R., and P. Rodrigues. 2020. Crow-AFL: Crow based adaptive fractional lion optimization approach for the intrusion detection. Wireless Personal Communications 111 (4): 2065–2089. https://doi.org/10.1007/s11277-019-06972-0 .

GAO. 2021. CYBER INSURANCE—Insurers and policyholders face challenges in an evolving market. https://www.gao.gov/assets/gao-21-477.pdf . Accessed 16 May 2021.

Garber, J. 2021. Colonial Pipeline fiasco foreshadows impact of Biden energy policy. https://www.foxbusiness.com/markets/colonial-pipeline-fiasco-foreshadows-impact-of-biden-energy-policy . Accessed 4 May 2021.

Gauthama Raman, M.R., N. Somu, S. Jagarapu, T. Manghnani, T. Selvam, K. Krithivasan, and V.S. Shankar Sriram. 2020. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artificial Intelligence Review 53 (5): 3255–3286. https://doi.org/10.1007/s10462-019-09762-z .

Gavel, S., A.S. Raghuvanshi, and S. Tiwari. 2021. Distributed intrusion detection scheme using dual-axis dimensionality reduction for Internet of things (IoT). Journal of Supercomputing . https://doi.org/10.1007/s11227-021-03697-5 .

GDPR.EU. 2021. FAQ. https://gdpr.eu/faq/ . Accessed 10 May 2021.

Georgescu, T.M., B. Iancu, and M. Zurini. 2019. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in IoT networks. Sensors (switzerland) . https://doi.org/10.3390/s19153380 .

Giudici, P., and E. Raffinetti. 2020. Cyber risk ordering with rank-based statistical models. AStA Advances in Statistical Analysis . https://doi.org/10.1007/s10182-020-00387-0 .

Goh, J., S. Adepu, K.N. Junejo, and A. Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In CRITIS.

Gong, X.Y., J.L. Lu, Y.F. Zhou, H. Qiu, and R. He. 2021. Model uncertainty based annotation error fixing for web attack detection. Journal of Signal Processing Systems for Signal Image and Video Technology 93 (2–3): 187–199. https://doi.org/10.1007/s11265-019-01494-1 .

Goode, S., H. Hoehle, V. Venkatesh, and S.A. Brown. 2017. USER compensation as a data breach recovery action: An investigation of the sony playstation network breach. MIS Quarterly 41 (3): 703–727.

Guo, H., S. Huang, C. Huang, Z. Pan, M. Zhang, and F. Shi. 2020. File entropy signal analysis combined with wavelet decomposition for malware classification. IEEE Access 8: 158961–158971. https://doi.org/10.1109/ACCESS.2020.3020330 .

Habib, M., I. Aljarah, and H. Faris. 2020. A Modified multi-objective particle swarm optimizer-based Lévy flight: An approach toward intrusion detection in Internet of Things. Arabian Journal for Science and Engineering 45 (8): 6081–6108. https://doi.org/10.1007/s13369-020-04476-9 .

Hajj, S., R. El Sibai, J.B. Abdo, J. Demerjian, A. Makhoul, and C. Guyeux. 2021. Anomaly-based intrusion detection systems: The requirements, methods, measurements, and datasets. Transactions on Emerging Telecommunications Technologies 32 (4): 36. https://doi.org/10.1002/ett.4240 .

Heartfield, R., G. Loukas, A. Bezemskij, and E. Panaousis. 2021. Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning. IEEE Transactions on Information Forensics and Security 16: 1720–1735. https://doi.org/10.1109/tifs.2020.3042049 .

Hemo, B., T. Gafni, K. Cohen, and Q. Zhao. 2020. Searching for anomalies over composite hypotheses. IEEE Transactions on Signal Processing 68: 1181–1196. https://doi.org/10.1109/TSP.2020.2971438

Hindy, H., D. Brosset, E. Bayne, A.K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens. 2020. A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8: 104650–104675. https://doi.org/10.1109/ACCESS.2020.3000179 .

Hong, W., D. Huang, C. Chen, and J. Lee. 2020. Towards accurate and efficient classification of power system contingencies and cyber-attacks using recurrent neural networks. IEEE Access 8: 123297–123309. https://doi.org/10.1109/ACCESS.2020.3007609 .

Husák, M., M. Zádník, V. Bartos, and P. Sokol. 2020. Dataset of intrusion detection alerts from a sharing platform. Data in Brief 33: 106530.

IBM Security. 2020. Cost of a Data breach Report. https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf . Accessed 19 May 2021.

IEEE. 2021. IEEE Quick Facts. https://www.ieee.org/about/at-a-glance.html . Accessed 11 May 2021.

Kilincer, I.F., F. Ertam, and S. Abdulkadir. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 107840. https://doi.org/10.1016/j.comnet.2021.107840 .

Jaber, A.N., and S. Ul Rehman. 2020. FCM-SVM based intrusion detection system for cloud computing environment. Cluster Computing—the Journal of Networks Software Tools and Applications 23 (4): 3221–3231. https://doi.org/10.1007/s10586-020-03082-6 .

Jacobs, J., S. Romanosky, B. Edwards, M. Roytman, and I. Adjerid. 2019. Exploit prediction scoring system (epss). arXiv:1908.04856

Jacobsen, A. et al. 2020. FAIR principles: Interpretations and implementation considerations. Data Intelligence 2 (1–2): 10–29. https://doi.org/10.1162/dint_r_00024 .

Jahromi, A.N., S. Hashemi, A. Dehghantanha, R.M. Parizi, and K.K.R. Choo. 2020. An enhanced stacked LSTM method with no random initialization for malware threat hunting in safety and time-critical systems. IEEE Transactions on Emerging Topics in Computational Intelligence 4 (5): 630–640. https://doi.org/10.1109/TETCI.2019.2910243 .

Jang, S., S. Li, and Y. Sung. 2020. FastText-based local feature visualization algorithm for merged image-based malware classification framework for cyber security and cyber defense. Mathematics 8 (3): 13. https://doi.org/10.3390/math8030460 .

Javeed, D., T.H. Gao, and M.T. Khan. 2021. SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT. Electronics 10 (8): 16. https://doi.org/10.3390/electronics10080918 .

Johnson, P., D. Gorton, R. Lagerstrom, and M. Ekstedt. 2016. Time between vulnerability disclosures: A measure of software product vulnerability. Computers & Security 62: 278–295. https://doi.org/10.1016/j.cose.2016.08.004 .

Johnson, P., R. Lagerström, M. Ekstedt, and U. Franke. 2018. Can the common vulnerability scoring system be trusted? A Bayesian analysis. IEEE Transactions on Dependable and Secure Computing 15 (6): 1002–1015. https://doi.org/10.1109/TDSC.2016.2644614 .

Junger, M., V. Wang, and M. Schlömer. 2020. Fraud against businesses both online and offline: Crime scripts, business characteristics, efforts, and benefits. Crime Science 9 (1): 13. https://doi.org/10.1186/s40163-020-00119-4 .

Kalutarage, H.K., H.N. Nguyen, and S.A. Shaikh. 2017. Towards a threat assessment framework for apps collusion. Telecommunication Systems 66 (3): 417–430. https://doi.org/10.1007/s11235-017-0296-1 .

Kamarudin, M.H., C. Maple, T. Watson, and N.S. Safa. 2017. A LogitBoost-based algorithm for detecting known and unknown web attacks. IEEE Access 5: 26190–26200. https://doi.org/10.1109/ACCESS.2017.2766844 .

Kasongo, S.M., and Y.X. Sun. 2020. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security 92: 15. https://doi.org/10.1016/j.cose.2020.101752 .

Keserwani, P.K., M.C. Govil, E.S. Pilli, and P. Govil. 2021. A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model. Journal of Reliable Intelligent Environments 7 (1): 3–21. https://doi.org/10.1007/s40860-020-00126-x .

Keshk, M., E. Sitnikova, N. Moustafa, J. Hu, and I. Khalil. 2021. An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems. IEEE Transactions on Sustainable Computing 6 (1): 66–79. https://doi.org/10.1109/TSUSC.2019.2906657 .

Khan, I.A., D.C. Pi, A.K. Bhatia, N. Khan, W. Haider, and A. Wahab. 2020. Generating realistic IoT-based IDS dataset centred on fuzzy qualitative modelling for cyber-physical systems. Electronics Letters 56 (9): 441–443. https://doi.org/10.1049/el.2019.4158 .

Khraisat, A., I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab. 2020. Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9 (1): 18. https://doi.org/10.3390/electronics9010173 .

Khraisat, A., I. Gondal, P. Vamplew, and J. Kamruzzaman. 2019. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2 (1): 20. https://doi.org/10.1186/s42400-019-0038-7 .

Kilincer, I.F., F. Ertam, and A. Sengur. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 16. https://doi.org/10.1016/j.comnet.2021.107840 .

Kim, D., and H.K. Kim. 2019. Automated dataset generation system for collaborative research of cyber threat analysis. Security and Communication Networks 2019: 10. https://doi.org/10.1155/2019/6268476 .

Kim, G., C. Lee, J. Jo, and H. Lim. 2020. Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network. International Journal of Machine Learning and Cybernetics 11 (10): 2341–2355. https://doi.org/10.1007/s13042-020-01122-6 .

Kirubavathi, G., and R. Anitha. 2016. Botnet detection via mining of traffic flow characteristics. Computers & Electrical Engineering 50: 91–101. https://doi.org/10.1016/j.compeleceng.2016.01.012 .

Kiwia, D., A. Dehghantanha, K.K.R. Choo, and J. Slaughter. 2018. A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science 27: 394–409. https://doi.org/10.1016/j.jocs.2017.10.020 .

Koroniotis, N., N. Moustafa, and E. Sitnikova. 2020. A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework. Future Generation Computer Systems 110: 91–106. https://doi.org/10.1016/j.future.2020.03.042 .

Kruse, C.S., B. Frederick, T. Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25 (1): 1–10.

Kshetri, N. 2018. The economics of cyber-insurance. IT Professional 20 (6): 9–14. https://doi.org/10.1109/MITP.2018.2874210 .

Kumar, R., P. Kumar, R. Tripathi, G.P. Gupta, T.R. Gadekallu, and G. Srivastava. 2021. SP2F: A secured privacy-preserving framework for smart agricultural Unmanned Aerial Vehicles. Computer Networks . https://doi.org/10.1016/j.comnet.2021.107819 .

Kumar, R., and R. Tripathi. 2021. DBTP2SF: A deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Transactions on Emerging Telecommunications Technologies 32 (4): 27. https://doi.org/10.1002/ett.4222 .

Laso, P.M., D. Brosset, and J. Puentes. 2017. Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data in Brief 14: 186–191. https://doi.org/10.1016/j.dib.2017.07.038 .

Lee, J., J. Kim, I. Kim, and K. Han. 2019. Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7: 165607–165626. https://doi.org/10.1109/ACCESS.2019.2953095 .

Lee, S.J., P.D. Yoo, A.T. Asyhari, Y. Jhi, L. Chermak, C.Y. Yeun, and K. Taha. 2020. IMPACT: Impersonation attack detection via edge computing using deep Autoencoder and feature abstraction. IEEE Access 8: 65520–65529. https://doi.org/10.1109/ACCESS.2020.2985089 .

Leong, Y.-Y., and Y.-C. Chen. 2020. Cyber risk cost and management in IoT devices-linked health insurance. The Geneva Papers on Risk and Insurance—Issues and Practice 45 (4): 737–759. https://doi.org/10.1057/s41288-020-00169-4 .

Levi, M. 2017. Assessing the trends, scale and nature of economic cybercrimes: overview and Issues: In Cybercrimes, cybercriminals and their policing, in crime, law and social change. Crime, Law and Social Change 67 (1): 3–20. https://doi.org/10.1007/s10611-016-9645-3 .

Li, C., K. Mills, D. Niu, R. Zhu, H. Zhang, and H. Kinawi. 2019a. Android malware detection based on factorization machine. IEEE Access 7: 184008–184019. https://doi.org/10.1109/ACCESS.2019.2958927 .

Li, D.Q., and Q.M. Li. 2020. Adversarial deep ensemble: evasion attacks and defenses for malware detection. IEEE Transactions on Information Forensics and Security 15: 3886–3900. https://doi.org/10.1109/tifs.2020.3003571 .

Li, D.Q., Q.M. Li, Y.F. Ye, and S.H. Xu. 2021. A framework for enhancing deep neural networks against adversarial malware. IEEE Transactions on Network Science and Engineering 8 (1): 736–750. https://doi.org/10.1109/tnse.2021.3051354 .

Li, R.H., C. Zhang, C. Feng, X. Zhang, and C.J. Tang. 2019b. Locating vulnerability in binaries using deep neural networks. IEEE Access 7: 134660–134676. https://doi.org/10.1109/access.2019.2942043 .

Li, X., M. Xu, P. Vijayakumar, N. Kumar, and X. Liu. 2020. Detection of low-frequency and multi-stage attacks in industrial Internet of Things. IEEE Transactions on Vehicular Technology 69 (8): 8820–8831. https://doi.org/10.1109/TVT.2020.2995133 .

Liu, H.Y., and B. Lang. 2019. Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences—Basel 9 (20): 28. https://doi.org/10.3390/app9204396 .

Lopez-Martin, M., B. Carro, and A. Sanchez-Esguevillas. 2020. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications . https://doi.org/10.1016/j.eswa.2019.112963 .

Loukas, G., D. Gan, and Tuan Vuong. 2013. A review of cyber threats and defence approaches in emergency management. Future Internet 5: 205–236.

Luo, C.C., S. Su, Y.B. Sun, Q.J. Tan, M. Han, and Z.H. Tian. 2020. A convolution-based system for malicious URLs detection. CMC—Computers Materials Continua 62 (1): 399–411.

Mahbooba, B., M. Timilsina, R. Sahal, and M. Serrano. 2021. Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021: 11. https://doi.org/10.1155/2021/6634811 .

Mahdavifar, S., and A.A. Ghorbani. 2020. DeNNeS: Deep embedded neural network expert system for detecting cyber attacks. Neural Computing & Applications 32 (18): 14753–14780. https://doi.org/10.1007/s00521-020-04830-w .

Mahfouz, A., A. Abuhussein, D. Venugopal, and S. Shiva. 2020. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet 12 (11): 1–19. https://doi.org/10.3390/fi12110180 .

Maleks Smith, Z., E. Lostri, and J.A. Lewis. 2020. The hidden costs of cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf . Accessed 16 May 2021.

Malik, J., A. Akhunzada, I. Bibi, M. Imran, A. Musaddiq, and S.W. Kim. 2020. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access 8: 134695–134706. https://doi.org/10.1109/ACCESS.2020.3009849 .

Manimurugan, S. 2020. IoT-Fog-Cloud model for anomaly detection using improved Naive Bayes and principal component analysis. Journal of Ambient Intelligence and Humanized Computing . https://doi.org/10.1007/s12652-020-02723-3 .

Martin, A., R. Lara-Cabrera, and D. Camacho. 2019. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. Information Fusion 52: 128–142. https://doi.org/10.1016/j.inffus.2018.12.006 .

Mauro, M.D., G. Galatro, and A. Liotta. 2020. Experimental review of neural-based approaches for network intrusion management. IEEE Transactions on Network and Service Management 17 (4): 2480–2495. https://doi.org/10.1109/TNSM.2020.3024225 .

McLeod, A., and D. Dolezel. 2018. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems 108: 57–68. https://doi.org/10.1016/j.dss.2018.02.007 .

Meira, J., R. Andrade, I. Praca, J. Carneiro, V. Bolon-Canedo, A. Alonso-Betanzos, and G. Marreiros. 2020. Performance evaluation of unsupervised techniques in cyber-attack anomaly detection. Journal of Ambient Intelligence and Humanized Computing 11 (11): 4477–4489. https://doi.org/10.1007/s12652-019-01417-9 .

Miao, Y., J. Ma, X. Liu, J. Weng, H. Li, and H. Li. 2019. Lightweight fine-grained search over encrypted data in Fog computing. IEEE Transactions on Services Computing 12 (5): 772–785. https://doi.org/10.1109/TSC.2018.2823309 .

Miller, C., and C. Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (S 91).

Mireles, J.D., E. Ficke, J.H. Cho, P. Hurley, and S.H. Xu. 2019. Metrics towards measuring cyber agility. IEEE Transactions on Information Forensics and Security 14 (12): 3217–3232. https://doi.org/10.1109/tifs.2019.2912551 .

Mishra, N., and S. Pandya. 2021. Internet of Things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review. IEEE Access . https://doi.org/10.1109/ACCESS.2021.3073408 .

Monshizadeh, M., V. Khatri, B.G. Atli, R. Kantola, and Z. Yan. 2019. Performance evaluation of a combined anomaly detection platform. IEEE Access 7: 100964–100978. https://doi.org/10.1109/ACCESS.2019.2930832 .

Moreno, V.C., G. Reniers, E. Salzano, and V. Cozzani. 2018. Analysis of physical and cyber security-related events in the chemical and process industry. Process Safety and Environmental Protection 116: 621–631. https://doi.org/10.1016/j.psep.2018.03.026 .

Moro, E.D. 2020. Towards an economic cyber loss index for parametric cover based on IT security indicator: A preliminary analysis. Risks . https://doi.org/10.3390/risks8020045 .

Moustafa, N., E. Adi, B. Turnbull, and J. Hu. 2018. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access 6: 32910–32924. https://doi.org/10.1109/ACCESS.2018.2844794 .

Moustakidis, S., and P. Karlsson. 2020. A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity . https://doi.org/10.1186/s42400-020-00056-4 .

Mukhopadhyay, A., S. Chatterjee, K.K. Bagchi, P.J. Kirs, and G.K. Shukla. 2019. Cyber Risk Assessment and Mitigation (CRAM) framework using Logit and Probit models for cyber insurance. Information Systems Frontiers 21 (5): 997–1018. https://doi.org/10.1007/s10796-017-9808-5 .

Murphey, H. 2021a. Biden signs executive order to strengthen US cyber security. https://www.ft.com/content/4d808359-b504-4014-85f6-68e7a2851bf1?accessToken=zwAAAXl0_ifgkc9NgINZtQRAFNOF9mjnooUb8Q.MEYCIQDw46SFWsMn1iyuz3kvgAmn6mxc0rIVfw10Lg1ovJSfJwIhAK2X2URzfSqHwIS7ddRCvSt2nGC2DcdoiDTG49-4TeEt&sharetype=gift?token=fbcd6323-1ecf-4fc3-b136-b5b0dd6a8756 . Accessed 7 May 2021.

Murphey, H. 2021b. Millions of connected devices have security flaws, study shows. https://www.ft.com/content/0bf92003-926d-4dee-87d7-b01f7c3e9621?accessToken=zwAAAXnA7f2Ikc8L-SADkm1N7tOH17AffD6WIQ.MEQCIDjBuROvhmYV0Mx3iB0cEV7m5oND1uaCICxJu0mzxM0PAiBam98q9zfHiTB6hKGr1gGl0Azt85yazdpX9K5sI8se3Q&sharetype=gift?token=2538218d-77d9-4dd3-9649-3cb556a34e51 . Accessed 6 May 2021.

Murugesan, V., M. Shalinie, and M.H. Yang. 2018. Design and analysis of hybrid single packet IP traceback scheme. IET Networks 7 (3): 141–151. https://doi.org/10.1049/iet-net.2017.0115 .

Mwitondi, K.S., and S.A. Zargari. 2018. An iterative multiple sampling method for intrusion detection. Information Security Journal 27 (4): 230–239. https://doi.org/10.1080/19393555.2018.1539790 .

Neto, N.N., S. Madnick, A.M.G. De Paula, and N.M. Borges. 2021. Developing a global data breach database and the challenges encountered. ACM Journal of Data and Information Quality 13 (1): 33. https://doi.org/10.1145/3439873 .

Nurse, J.R.C., L. Axon, A. Erola, I. Agrafiotis, M. Goldsmith, and S. Creese. 2020. The data that drives cyber insurance: A study into the underwriting and claims processes. In 2020 International conference on cyber situational awareness, data analytics and assessment (CyberSA), 15–19 June 2020.

Oliveira, N., I. Praca, E. Maia, and O. Sousa. 2021. Intelligent cyber attack detection and classification for network-based intrusion detection systems. Applied Sciences—Basel 11 (4): 21. https://doi.org/10.3390/app11041674 .

Page, M.J. et al. 2021. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews 10 (1): 89. https://doi.org/10.1186/s13643-021-01626-4 .

Pajouh, H.H., R. Javidan, R. Khayami, A. Dehghantanha, and K.R. Choo. 2019. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Transactions on Emerging Topics in Computing 7 (2): 314–323. https://doi.org/10.1109/TETC.2016.2633228 .

Parra, G.D., P. Rad, K.K.R. Choo, and N. Beebe. 2020. Detecting Internet of Things attacks using distributed deep learning. Journal of Network and Computer Applications 163: 13. https://doi.org/10.1016/j.jnca.2020.102662 .

Paté-Cornell, M.E., M. Kuypers, M. Smith, and P. Keller. 2018. Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis 38 (2): 226–241. https://doi.org/10.1111/risa.12844 .

Pooser, D.M., M.J. Browne, and O. Arkhangelska. 2018. Growth in the perception of cyber risk: evidence from U.S. P&C Insurers. The Geneva Papers on Risk and Insurance—Issues and Practice 43 (2): 208–223. https://doi.org/10.1057/s41288-017-0077-9 .

Pu, G., L. Wang, J. Shen, and F. Dong. 2021. A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology 26 (2): 146–153. https://doi.org/10.26599/TST.2019.9010051 .

Qiu, J., W. Luo, L. Pan, Y. Tai, J. Zhang, and Y. Xiang. 2019. Predicting the impact of android malicious samples via machine learning. IEEE Access 7: 66304–66316. https://doi.org/10.1109/ACCESS.2019.2914311 .

Qu, X., L. Yang, K. Guo, M. Sun, L. Ma, T. Feng, S. Ren, K. Li, and X. Ma. 2020. Direct batch growth hierarchical self-organizing mapping based on statistics for efficient network intrusion detection. IEEE Access 8: 42251–42260. https://doi.org/10.1109/ACCESS.2020.2976810 .

Rahman, Md.S., S. Halder, Md. Ashraf Uddin, and U.K. Acharjee. 2021. An efficient hybrid system for anomaly detection in social networks. Cybersecurity 4 (1): 10. https://doi.org/10.1186/s42400-021-00074-w .

Ramaiah, M., V. Chandrasekaran, V. Ravi, and N. Kumar. 2021. An intrusion detection system using optimized deep neural network architecture. Transactions on Emerging Telecommunications Technologies 32 (4): 17. https://doi.org/10.1002/ett.4221 .

Raman, M.R.G., K. Kannan, S.K. Pal, and V.S.S. Sriram. 2016. Rough set-hypergraph-based feature selection approach for intrusion detection systems. Defence Science Journal 66 (6): 612–617. https://doi.org/10.14429/dsj.66.10802 .

Rathore, S., J.H. Park. 2018. Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing 72: 79–89. https://doi.org/10.1016/j.asoc.2018.05.049 .

Romanosky, S., L. Ablon, A. Kuehn, and T. Jones. 2019. Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity (oxford) 5 (1): tyz002.

Sarabi, A., P. Naghizadeh, Y. Liu, and M. Liu. 2016. Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity 2 (1): 15–28. https://doi.org/10.1093/cybsec/tyw004 .

Sardi, Alberto, Alessandro Rizzi, Enrico Sorano, and Anna Guerrieri. 2021. Cyber risk in health facilities: A systematic literature review. Sustainability 12 (17): 7002.

Sarker, Iqbal H., A.S.M. Kayes, Shahriar Badsha, Hamed Alqahtani, Paul Watters, and Alex Ng. 2020. Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data 7 (1): 41. https://doi.org/10.1186/s40537-020-00318-5 .

Scopus. 2021. Factsheet. https://www.elsevier.com/__data/assets/pdf_file/0017/114533/Scopus_GlobalResearch_Factsheet2019_FINAL_WEB.pdf . Accessed 11 May 2021.

Sentuna, A., A. Alsadoon, P.W.C. Prasad, M. Saadeh, and O.H. Alsadoon. 2021. A novel Enhanced Naïve Bayes Posterior Probability (ENBPP) using machine learning: Cyber threat analysis. Neural Processing Letters 53 (1): 177–209. https://doi.org/10.1007/s11063-020-10381-x .

Shaukat, K., S.H. Luo, V. Varadharajan, I.A. Hameed, S. Chen, D.X. Liu, and J.M. Li. 2020. Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies 13 (10): 27. https://doi.org/10.3390/en13102509 .

Sheehan, B., F. Murphy, M. Mullins, and C. Ryan. 2019. Connected and autonomous vehicles: A cyber-risk classification framework. Transportation Research Part a: Policy and Practice 124: 523–536. https://doi.org/10.1016/j.tra.2018.06.033 .

Sheehan, B., F. Murphy, A.N. Kia, and R. Kiely. 2021. A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research 24 (12): 1619–1638.

Shlomo, A., M. Kalech, and R. Moskovitch. 2021. Temporal pattern-based malicious activity detection in SCADA systems. Computers & Security 102: 17. https://doi.org/10.1016/j.cose.2020.102153 .

Singh, K.J., and T. De. 2020. Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems 29 (1): 71–83. https://doi.org/10.1515/jisys-2017-0472 .

Skrjanc, I., S. Ozawa, T. Ban, and D. Dovzan. 2018. Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering. Applied Soft Computing 62: 592–601. https://doi.org/10.1016/j.asoc.2017.11.008 .

Smart, W. 2018. Lessons learned review of the WannaCry Ransomware Cyber Attack. https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf . Accessed 7 May 2021.

Sornette, D., T. Maillart, and W. Kröger. 2013. Exploring the limits of safety analysis in complex technological systems. International Journal of Disaster Risk Reduction 6: 59–66. https://doi.org/10.1016/j.ijdrr.2013.04.002 .

Sovacool, B.K. 2008. The costs of failure: A preliminary assessment of major energy accidents, 1907–2007. Energy Policy 36 (5): 1802–1820. https://doi.org/10.1016/j.enpol.2008.01.040 .

SpringerLink. 2021. Journal Search. https://rd.springer.com/search?facet-content-type=%22Journal%22 . Accessed 11 May 2021.

Stojanovic, B., K. Hofer-Schmitz, and U. Kleb. 2020. APT datasets and attack modeling for automated detection methods: A review. Computers & Security 92: 19. https://doi.org/10.1016/j.cose.2020.101734 .

Subroto, A., and A. Apriyana. 2019. Cyber risk prediction through social media big data analytics and statistical machine learning. Journal of Big Data . https://doi.org/10.1186/s40537-019-0216-1 .

Tan, Z., A. Jamdagni, X. He, P. Nanda, R.P. Liu, and J. Hu. 2015. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers 64 (9): 2519–2533. https://doi.org/10.1109/TC.2014.2375218 .

Tidy, J. 2021. Irish cyber-attack: Hackers bail out Irish health service for free. https://www.bbc.com/news/world-europe-57197688 . Accessed 6 May 2021.

Tuncer, T., F. Ertam, and S. Dogan. 2020. Automated malware recognition method based on local neighborhood binary pattern. Multimedia Tools and Applications 79 (37–38): 27815–27832. https://doi.org/10.1007/s11042-020-09376-6 .

Uhm, Y., and W. Pak. 2021. Service-aware two-level partitioning for machine learning-based network intrusion detection with high performance and high scalability. IEEE Access 9: 6608–6622. https://doi.org/10.1109/ACCESS.2020.3048900 .

Ulven, J.B., and G. Wangen. 2021. A systematic review of cybersecurity risks in higher education. Future Internet 13 (2): 1–40. https://doi.org/10.3390/fi13020039 .

Vaccari, I., G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso. 2020. MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20 (22): 17. https://doi.org/10.3390/s20226578 .

Valeriano, B., and R.C. Maness. 2014. The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research 51 (3): 347–360. https://doi.org/10.1177/0022343313518940 .

Varghese, J.E., and B. Muniyal. 2021. An Efficient IDS framework for DDoS attacks in SDN environment. IEEE Access 9: 69680–69699. https://doi.org/10.1109/ACCESS.2021.3078065 .

Varsha, M. V., P. Vinod, K.A. Dhanya. 2017 Identification of malicious android app using manifest and opcode features. Journal of Computer Virology and Hacking Techniques 13 (2): 125–138. https://doi.org/10.1007/s11416-016-0277-z

Velliangiri, S., and H.M. Pandey. 2020. Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Generation Computer Systems—the International Journal of Escience 110: 80–90. https://doi.org/10.1016/j.future.2020.03.049 .

Verma, A., and V. Ranga. 2020. Machine learning based intrusion detection systems for IoT applications. Wireless Personal Communications 111 (4): 2287–2310. https://doi.org/10.1007/s11277-019-06986-8 .

Vidros, S., C. Kolias, G. Kambourakis, and L. Akoglu. 2017. Automatic detection of online recruitment frauds: Characteristics, methods, and a public dataset. Future Internet 9 (1): 19. https://doi.org/10.3390/fi9010006 .

Vinayakumar, R., M. Alazab, K.P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman. 2019. Deep learning approach for intelligent intrusion detection system. IEEE Access 7: 41525–41550. https://doi.org/10.1109/access.2019.2895334 .

Walker-Roberts, S., M. Hammoudeh, O. Aldabbas, M. Aydin, and A. Dehghantanha. 2020. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. Journal of Supercomputing 76 (4): 2643–2664. https://doi.org/10.1007/s11227-019-03028-9 .

Web of Science. 2021. Web of Science: Science Citation Index Expanded. https://clarivate.com/webofsciencegroup/solutions/webofscience-scie/ . Accessed 11 May 2021.

World Economic Forum. 2020. WEF Global Risk Report. http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf . Accessed 13 May 2020.

Xin, Y., L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, and C. Wang. 2018. Machine learning and deep learning methods for cybersecurity. IEEE Access 6: 35365–35381. https://doi.org/10.1109/ACCESS.2018.2836950 .

Xu, C., J. Zhang, K. Chang, and C. Long. 2013. Uncovering collusive spammers in Chinese review websites. In Proceedings of the 22nd ACM international conference on Information & Knowledge Management.

Yang, J., T. Li, G. Liang, W. He, and Y. Zhao. 2019. A Simple recurrent unit model based intrusion detection system with DCGAN. IEEE Access 7: 83286–83296. https://doi.org/10.1109/ACCESS.2019.2922692 .

Yuan, B.G., J.F. Wang, D. Liu, W. Guo, P. Wu, and X.H. Bao. 2020. Byte-level malware classification based on Markov images and deep learning. Computers & Security 92: 12. https://doi.org/10.1016/j.cose.2020.101740 .

Zhang, S., X.M. Ou, and D. Caragea. 2015. Predicting cyber risks through national vulnerability database. Information Security Journal 24 (4–6): 194–206. https://doi.org/10.1080/19393555.2015.1111961 .

Zhang, Y., P. Li, and X. Wang. 2019. Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7: 31711–31722.

Zheng, Muwei, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. 2018. Cybersecurity research datasets: taxonomy and empirical analysis. In 11th {USENIX} workshop on cyber security experimentation and test ({CSET} 18).

Zhou, X., W. Liang, S. Shimizu, J. Ma, and Q. Jin. 2021. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics 17 (8): 5790–5798. https://doi.org/10.1109/TII.2020.3047675 .

Zhou, Y.Y., G. Cheng, S.Q. Jiang, and M. Dai. 2020. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks 174: 17. https://doi.org/10.1016/j.comnet.2020.107247 .

Download references

Open Access funding provided by the IReL Consortium.

Author information

Authors and affiliations.

University of Limerick, Limerick, Ireland

Frank Cremer, Barry Sheehan, Arash N. Kia, Martin Mullins & Finbarr Murphy

TH Köln University of Applied Sciences, Cologne, Germany

Michael Fortmann & Stefan Materne

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Barry Sheehan .

Ethics declarations

Conflict of interest.

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file1 (PDF 334 kb)

Supplementary file1 (docx 418 kb), rights and permissions.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cremer, F., Sheehan, B., Fortmann, M. et al. Cyber risk and cybersecurity: a systematic review of data availability. Geneva Pap Risk Insur Issues Pract 47 , 698–736 (2022). https://doi.org/10.1057/s41288-022-00266-6

Download citation

Received : 15 June 2021

Accepted : 20 January 2022

Published : 17 February 2022

Issue Date : July 2022

DOI : https://doi.org/10.1057/s41288-022-00266-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Cyber insurance
• Systematic review
• Cybersecurity
• Find a journal
• Publish with us
• Track your research

Journal of Online Trust and Safety

Current Issue

This special issue of the Journal of Online Trust and Safety, guest edited by Tongtong Zhang , brings together research on state-society collaboration for online harassment in authoritarian and semi-democratic regimes. It includes two papers on coordinated mass reporting of social media accounts for allegedly violating platform policies. Both papers leverage interviews with targets of harassment campaigns – a challenging task in repressive contexts – and examine the strategic ambiguity of the actors responsible for these campaigns. Additionally, the issue features an introductory essay that highlights how these tactics complement other pro-government repressive measures online. The Journal of Online Trust and Safety is grateful to the Omidyar Network for their generous support.

Letter from the Editor

Peer-reviewed articles.

• Online research

Online safety research

Ofcom is the regulator for online safety in the UK. So, it's important for us to understand what people do online, how they can be exposed to harm and how it affects them.

Our research looks at specific aspects of online safety, particularly areas that aren’t as well understood or explored. It covers issues like illegal and harmful content, and the protection of children.

Here’s our latest work in this area:

Protection of children online, research Published 8 May 2024

One Click Away: a study on the prevalence of non-suicidal self injury, suicide, and eating disorder content accessible by search engines Published 31 January 2024

Assessing the risk of foreign influence in UK search results Published 19 September 2023

ISD reports into online terrorism, violence and hate Published 19 September 2023

Online content for use in the commission of fraud - accessibility via search services Published 18 September 2023

Sale of prohibited items on search services Published 18 September 2023

A model for understanding user journeys in online gaming environments Published 4 April 2023

Exploring Safety in the Online Content Journey Published 13 October 2021

The A-SPARC model of online platforms Published 13 October 2021

Sign up for updates

Stanford University

A program of the  Cyber Policy Center , a joint initiative of the  Freeman Spogli Institute for International Studies and Stanford Law School .

Call for Proposals: Expanding Online Trust & Safety Research

• Stanford Internet Observatory

The Stanford Internet Observatory is pleased to announce the launch of a pilot program to support researchers studying issues of online trust and safety in the majority world. The pilot program will seek to fund 6-10 proposals broadly studying issues associated with online safety outside of the North American or Western European context. Given the pilot nature of this program, the committee may chose not to fund any projects any projects in this call. Topics within trust and safety might include, but are not limited to, fraud, harassment, information interference, abusive content, encryption, internet connectivity, child safety and content moderation. This program aims to support research that explores these issues in the majority world. Projects may, for example, investigate online abuse affecting users in underrepresented languages, on non-mainstream devices or platforms, and in diverse political and social contexts. The research should highlight the impact of trust and safety issues on users worldwide.

Trust and safety research is rapidly expanding, drawing on insights from various academic disciplines to comprehend and address online risks. New research will continue to inform our understanding of best practices in the field and the impact of platform design and policy changes on users around the world.

We are open to applications to support either qualitative or quantitative research, or both. We encourage proposals that involve original data collection (such as interviews or surveys) or original data analysis (such as analysis of a specific safety issue in a particular country on a specific platform). We cannot support projects that are exclusively reviews of existing literature. 

Individuals and organizations can submit proposals for up to $15,000. Participants on selected proposals will have opportunities for mentorship and feedback in the form of workshops to build a  community along with individual check-ins. The  project will culminate with a virtual symposium bringing together all the  participants to present their work. Participants are encouraged to submit their research papers to the Journal of Online Trust and Safety or other peer-reviewed publications.

This program is supported by a generous gift from the Omidyar Network.

Eligibility

Researchers must be affiliated with an academic institution, research institution, think tank, NGO, journalistic organization, or civil society organization that will serve as the contracted fundee.

The proposal can include work that is ongoing or incremental to a larger project.

Proposal guidelines

Researchers interested in participating in this program must submit an application form and supplemental materials. Applicants will be asked to provide:

• Name(s), title(s) and affiliation(s) of participating researchers
• Brief motivation for proposed project
• Research question(s) to be addressed
• Context: Where will the research take place?
• Research Methodology (please be as detailed as possible)
• Brief explanation for why you/your team is qualified to conduct this research
• Project Timeline
• Data acquisition (for example, survey implementation costs, transportation costs for interviews)

Researcher time

Evaluation criteria

Proposals will be evaluated based on the following criteria:

How relevant is this project to the current field of online trust and safety?

Will the research question result in new knowledge in the field, either through a novel question or through a new global perspective?

How feasible is it for the research team to complete the project in the indicated timeframe?

Does the proposed methodology  adequately address the research question(s)?

Timeline and Application

Proposals can be submitted using the link below. All attachments should be in .docx or .pdf format. Application due date is January 30, 2024. Decisions will be announced by March 1, 2024.  For any application related questions, please email [email protected] .

Funding will be disbursed in two phases with 70% of the funding at project start and 30% after submission of the final deliverable.

Application Link

Following is the timeline of the program:

Call for Applications —------------------------------November  1, 2023

Info Session ---------------------------------------December 13, 2024

Application Deadline--------------------------------January  30, 2024

Decisions Announced---------------------------March 1, 2024

Project Commencement—----------------------------April 1, 2024

Workshop 1----------------------------------------June, 2024

Mid-Point Check-in---------------------------------September, 2024

Workshop 2----------------------------------------January, 2025

Final Deliverable Submission--------------------------April, 2025

ELIGIBILITY

Who is eligible to apply?

Applicants may apply from industry, NGOs, civil society organizations, or academia. For researchers in academia, we defer to your institution’s policies on who may apply for contract opportunities.

Can applicants submit multiple applications?

While we do not pose restrictions on how many projects a single applicant can submit, we strongly prefer that applicants choose just one project to submit to the call. Applicants may be affiliated with more than one proposal. Applicants should not submit the same proposal under multiple names.

PROGRAM STRUCTURE

What types of mentorship opportunities are offered?

Selected project leads will meet with researchers affiliated with the Stanford Cyber Policy Center for advice and feedback on their work. Selected project leads will also be connected to each other to share input and feedback.

What are the expected deliverables at the end of the project period?

We expect participants on selected proposals to give a final presentation and share a working paper based on the work completed. 

Is there an opportunity to publish in the Journal of Online Trust and Safety?

The Journal of Online Trust and Safety maintains an independent review process for their submissions. While the selected projects are encouraged to submit their papers to the journal, there is no guarantee of publication.

What types of costs can be included in the budget?

Your project budget should cover costs directly related to completing the scope of work. This may include researcher salary, hiring research assistants, data collection, enumerator costs, and institutional overhead. Costs may be split across these categories at the applicants’ discretion. The strongest applications will have clear budget justifications that show how the costs will contribute to the project.

What is the maximum proposal length?

Your proposal summary should be limited to two pages. The budget and timeline do not count towards the two page proposal summary.

Can this funding be used to support ongoing work or combined with other funding?

Yes, we are happy for this contract to support incremental work towards an ongoing project. Your proposal should clearly explain how this funding will fit with other funding and what work will be completed during the 12 months of the project.

Will funding be distributed to the individual applying or to their organization?

We are amenable to both options depending on the preferences and requirements of your organization. We are not able to split the funding across multiple entities.

Should research focus on just one country or many? Do researchers need to be based in the country or countries that are the focus of their research?

Your research proposal should focus on issues that affect users in and/or from the Majority World. Applicants may be based anywhere in the world, including in the Global North. Projects may focus on just one country or may dive into a question that impacts users in a broader region. The project can also adapt a previous study from a Global North context to a Majority World context.

What topics are within scope for the call?

We take a broad view on trust & safety, and are open to any project that relates to potential harms caused by users’ interactions with internet-based technologies, or ways users may develop more confidence in their safe use of technology. Likewise, we are open to projects that look at the use of technology to improve safety or wellbeing.

Do you have preferences for the types of methods used in the research?

We are open to projects that use qualitative, quantitative, or mixed methods. Research that is legal or doctrinal is also in scope for the call. We are unlikely to fund research that proposes only to review existing research.

What will make for a strong proposal research question?

Strong proposals will have a narrowly scoped research question that will be feasible to address in the 12 month timeline of the contract.

For academics proposing a project involving human subjects, should applicants have IRB approval before submitting their proposal? 

IRB approval is not required at the time of application, however, it will be viewed favorably in the review process. 

What ethical requirements do you have for proposals from civil society or non-profit organizations?

We encourage you to mention in the proposal what ethical issues may arise from your research, and how you will mitigate potential risks. This could include risks to participants in your research, or broader risks. 

We will follow up with finalists should we have any clarifying questions regarding project ethics and project implementation.

Research Papers

Revenge porn helpline 2023 annual report, report harmful content annual report 2023, professionals online safety helpline annual report 2023, england schools online safety policy & practice assessment 2023, online safety school index 2023, projectevolve - understanding online safety delivery and assessment in schools, revenge porn helpline 2022 annual report, professionals online safety helpline annual report 2022, report harmful content report 2022, cyber security in uk schools report 2022, england schools online safety policy and practice report 2022, projectevolve - evaluation report, intimate image abuse: an evolving landscape, through these walls, report harmful content annual report 2021, uk schools online safety policy & practice assessment 2021, uk safer internet centre helpline annual report 2020, online safety - how well do schools protect children in england 2021, report harmful content annual report 2020, uk schools online safety policy & practice assessment 2020, digital ghost stories; impact, risks and reasons, uksic achievements report, 2016-2018, uk schools online safety policy and practice assessment 2018, ransomware white paper october 2018, online safety - keeping children safe in education.

Publication

The online safety bill.

In this policy brief, Ross Anderson and Sam Gilbert provide an overview of what's in the UK’s Online Safety Bill and the many criticisms that have been levelled at it. They argue it is right to impose a duty of care on major tech platforms, but make five recommendations for more effective ways to tackle online harms - including "offline" interventions.

The UK’s Online Safety Bill is continuing its slow progress through parliamentary procedures. But even as the Government of new Prime Minister Liz Truss has said it will continue with the legislation, some of its contents continue to be contentious. With a further round of debate in the House of Commons and then the House of Lords due to take place in the months ahead, this timely policy brief sets out some of the key issues. While there is broad agreement that some action is needed to address online harms, defining these is not straightforward. Nor is devising effective means of implementation and enforcement of some aspects of the Bill as it stands. With a complex piece of legislation that is extremely broad in its scope, the chances of unintended consequences are high — unless great care is taken at this stage of shaping the legislative detail.

The aim of this Policy Brief by Ross Anderson, Professor of Security Engineering at the Universities of Cambridge and Edinburgh, and Bennett Institute Research Affiliate Sam Gilbert, is to shed light on some important aspects of the legislation, ahead of the next stages of parliamentary debate. Although focused on the current UK policy decision, the issues raised have far broader implications, as many countries are considering how best governments can ensure the digital environment serves their society in the light of widespread concerns about the consequences of misinformation, polarisation, harms to young people, terrorist finance, surveillance, and other issues that have been part of the public debate. The concerns and the dilemmas raised are almost universal, while the planned UK legislation is among the earliest and most comprehensive. 

Ross Anderson

Ross Anderson is Professor of Security Engineering at the Universitiesof Cambridge and Edinburgh. He is a Fellow of both the Royal Societyand the Royal Academy of Engineering, and chairs the...

Sam Gilbert

Affiliated researcher.

Sam Gilbert is an entrepreneur and researcher working at the intersection of politics and technology. An expert in data-driven marketing, Sam was Employee No.1 and Chief Marketing Officer at Bought...

Professor Diane Coyle

Bennett professor of public policy and co-director of the bennett institute for public policy.

Professor Coyle co-directs the Institute with Professor Kenny. She is heading research under the progress and productivity themes. Biography Professor Dame Diane Coyle is the Bennett Professor of Public Policy...

Related Articles

Children, competition and the metaverse

Crypto populism

Policymakers, web3, and the metaverse

Facebook, Australia’s Media Bargaining Law, and Political Moralizing

Register your interest.

Due to some validation requirements, you may be unable to submit the form without Javascript enabled.

Let us know if you’d be interested in reading more about this and related research by submitting your details below.

By submitting this form, you will be supplying us with your personal information so that we may contact you.

Townscapes: Pride in Place

A world divided: russia, china and the west.

• Follow UNSW on LinkedIn
• Follow UNSW on Instagram
• Follow UNSW on Facebook
• Follow UNSW on WeChat
• Follow UNSW on TikTok

More than 300 million child victims of online sexual abuse globally: report

Image: Adobe Stock (AI-generated).

Research reveals the global scale of child sexual abuse and exploitation for the first time.

This report contains material that references child abuse. Readers may find the content confronting or disturbing. To speak to a Lifeline Crisis Supporter, phone 13 11 14. 

More than 300 million children a year are victims of online sexual abuse and exploitation, according to an estimate of the global scale of the crisis.

Around one in eight children worldwide (approximately 302 million children) have been victims of non-consensual taking, sharing and exposure to sexual images and videos in the past year. Furthermore, one in eight children globally is estimated to have been subject in the past year to online solicitation, such as unwanted sexual talk, which can include non-consensual sexting, unwanted sexual questions and unwanted sexual act requests by adults or other youths.

Offences can also take the form of “sextortion”, where predators demand money from victims to keep images private to abuse AI deepfake technology.

The findings are published in a report today by the Childlight Global Child Safety Institute at the University of Edinburgh, Scotland, in partnership with UNSW Sydney , as part of the first global index of child sexual exploitation and abuse prevalence across three indicators: victimisation, perpetration, and availability of child sexual abuse material online. The report draws upon data from over 36 million reports to the leading policing organisations, surveys, and analysis of 125 studies, including the work of criminologist Professor Michael Salter from the School of Social Sciences at UNSW Arts, Design & Architecture .

Media enquiries

For enquiries about this story and interview requests, please contact  Ben Knight , News & Content Coordinator, UNSW Arts, Design & Architecture. Phone:  (02) 9065 4915 Email:  [email protected]

Professor Salter, who is the inaugural director of the new Childlight East Asia and Pacific hub at UNSW, said the global index aims to provide a universal measure of child sexual abuse and exploitation. 

“We’ve previously never had a globally agreed baseline for the measure of child sexual abuse and exploitation to understand the scale of the problem, track efforts to reduce it, and hold governments to account,” said Prof. Salter. “By shining a light on the extent as well as the nature of child sexual exploitation and abuse, it is our hope that this research can be a catalyst for change to keep children safe.”

The global scale of child sexual abuse

Children are also being exploited and sexually abused across the world every second of every day. The report found files containing sexual images of children are reported once every second to the five main watchdog and policing organisations in the world. 

“The world needs to know these atrocities are affecting children in every classroom, in every school, in every country,” said Professor Deborah Fry, an expert in international child protection at the University of Edinburgh and lead of the Childlight project. “These aren’t harmless images: they are deeply damaging, and the abuse continues with every view and the failure of taking down this abusive content.”

While problems exist in all parts of the world, the report found the United States was a particularly high-risk area, with high levels of child sexual abuse material hosted there. It also found about a quarter of U.S. children (23 per cent) reported being victims in the past year of non-consensual taking, sharing and unwanted exposure to sexual images and videos. 

One in nine men in the United States (equating to almost 14 million men) admitted online sexual offending against children at some point in their lives. A recent study led by Prof. Salter also estimated nearly one in ten Australian men have committed a sexual offence against a child.

“The higher rates of child sex offending in the United States are driven by policy decisions, including a lack of investment in public health and child welfare and a reluctance to regulate online environments,” Prof. Salter said. “We’re talking about children who have been sexually abused because they are using technology, services and products that are promoted to them by commercial entities who facilitate this, and we need to focus our attention on the role they play in ensuring child safety online.”

It is our hope that this research can be a catalyst for change to keep children safe. Professor Michael Salter

A public health crisis

2021 Australian of the Year, Grace Tame, a survivor of childhood sexual abuse, said the figures in the report showed that child sexual abuse is a “global public health crisis that is steadily worsening.”

Prof. Michael Salter said the problem has worsened since Covid 19 and should be treated as an epidemic. 

“Child sexual abuse is a public health issue with long-term impacts on the mental and physical health of victims and survivors,” Prof. Salter said. “There are significant safety implications for children who are abused online, particularly images and videos have been recorded have been distributed and framing it as an epidemic captures the sheer scale of its prevalence and devastating lifelong impacts.”

“Whilst we are calling for this to be dealt with as a public health issue, we recognise this will take time – time that children don’t have,” said Childlight CEO Paul Stanfield. “Police cannot deal with the scale of the problem, and more needs to be done to prevent it happening in the first place. 

“Children’s safety needs to be put before the privacy of offenders and corporate profit.”

Stop It Now! Australia works with adults concerned about their own or someone else’s sexual thoughts or behaviours towards children. Call the anonymous helpline on 1800-01-1800 or access resources at  www.stopitnow.org.au

Share this story

• Share this page on Email
• Share this page on Facebook
• Share this page on Twitter
• Share this page on LinkedIn
• Share this page on WhatsApp
• Share this page on FacebookMessenger
• Share this page on WeChat
• Share this page on Copy

Related stories

Global partnership to combat sexual exploitation and abuse of children

Almost 1 in 10 Australian men have committed a sexual offence against children: study

'You never forget the knock at the door': why families of child sex abuse material offenders need more help

COVID effect left world’s children more vulnerable online

is Mainsite

• Search all IEEE websites
• Mission and vision
• IEEE at a glance
• IEEE Strategic Plan
• Organization of IEEE
• Diversity, Equity, & Inclusion
• Organizational Ethics
• Annual Report
• History of IEEE
• Volunteer resources
• IEEE Corporate Awards Program
• Financials and Statistics
• IEEE Future Directions
• IEEE for Industry (Corporations, Government, Individuals)

IEEE Climate Change

• Humanitarian and Philanthropic Opportunities
• Select an option
• Get the latest news
• Access volunteer resources (Code of Ethics, financial forms, tools and templates, and more)
• Find IEEE locations
• Get help from the IEEE Support Center
• Recover your IEEE Account username and password
• Learn about the IEEE Awards program and submit nomination
• View IEEE's organizational structure and leadership
• Apply for jobs at IEEE
• See the history of IEEE
• Learn more about Diversity, Equity & Inclusion at IEEE
• Join an IEEE Society
• Renew your membership
• Member benefits
• IEEE Contact Center
• Connect locally
• Memberships and Subscriptions Catalog
• Member insurance and discounts
• Member Grade Elevation
• Get your company engaged
• Access your Account
• Learn about membership dues
• Learn about Women in Engineering (WIE)
• Access IEEE member email
• Find information on IEEE Fellows
• Access the IEEE member directory
• Learn about the Member-Get-a-Member program
• Learn about IEEE Potentials magazine
• Learn about Student membership
• Affinity groups
• IEEE Societies
• Technical Councils
• Technical Communities
• Geographic Activities
• Working groups
• IEEE Regions
• IEEE Collabratec®
• IEEE Resource Centers
• IEEE DataPort
• See the IEEE Regions
• View the MGA Operations Manual
• Find information on IEEE Technical Activities
• Get IEEE Chapter resources
• Find IEEE Sections, Chapters, Student Branches, and other communities
• Learn how to create an IEEE Student Chapter
• Upcoming conferences
• IEEE Meetings, Conferences & Events (MCE)
• IEEE Conference Application
• IEEE Conference Organizer Education Program
• See benefits of authoring a conference paper
• Search for 2025 conferences
• Search for 2024 conferences
• Find conference organizer resources
• Register a conference
• Publish conference papers
• Manage conference finances
• Learn about IEEE Meetings, Conferences & Events (MCE)
• Visit the IEEE SA site
• Become a member of the IEEE SA
• Find information on the IEEE Registration Authority
• Obtain a MAC, OUI, or Ethernet address
• Access the IEEE 802.11™ WLAN standard
• Purchase standards
• Get free select IEEE standards
• Purchase standards subscriptions on IEEE Xplore®
• Get involved with standards development
• Find a working group
• Find information on IEEE 802.11™
• Access the National Electrical Safety Code® (NESC®)
• Find MAC, OUI, and Ethernet addresses from Registration Authority (regauth)
• Get free IEEE standards
• Learn more about the IEEE Standards Association
• View Software and Systems Engineering Standards
• IEEE Xplore® Digital Library
• Subscription options
• IEEE Spectrum
• The Institute
• Proceedings of the IEEE
• IEEE Access®
• Author resources
• Get an IEEE Xplore Digital Library trial for IEEE members
• Review impact factors of IEEE journals
• Request access to the IEEE Thesaurus and Taxonomy
• Access the IEEE copyright form
• Find article templates in Word and LaTeX formats
• Get author education resources
• Visit the IEEE Xplore digital library
• Find Author Digital Tools for IEEE paper submission
• Review the IEEE plagiarism policy
• Get information about all stages of publishing with IEEE
• IEEE Learning Network (ILN)
• IEEE Credentialing Program
• Pre-university
• IEEE-Eta Kappa Nu
• Accreditation
• Access continuing education courses on the IEEE Learning Network
• Find STEM education resources on TryEngineering.org
• Learn about the TryEngineering Summer Institute for high school students
• Explore university education program resources
• Access pre-university STEM education resources
• Learn about IEEE certificates and how to offer them
• Find information about the IEEE-Eta Kappa Nu honor society
• Learn about resources for final-year engineering projects
• Access career resources

Conferences

Ieee sponsors over 2,000 annual conferences and events worldwide, curating cutting-edge content for all of the technical fields of interest within ieee..

Expand All | Collapse All

• > Search for 2025 conferences
• > Search for 2024 conferences
• > Find conference organizer resources
• > Apply for IEEE sponsorship
• > Publish conference papers
• > Manage conference finances
• > Learn about IEEE Meetings, Conferences & Events (MCE)

• Register now
• Search all IEEE conferences

Registration is open—register today!

• 2024 46th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC)
• 2024 IEEE AUTOTESTCON
• 2024 IEEE SustainTech Expo: Technology Solutions for a Sustainable Future (SustainTech)

Calls for Papers

• 2024 IEEE Asian Solid-State Circuits Conference (A-SSCC)
• 2024 31st IEEE International Conference on Electronics, Circuits and Systems (ICECS)

IEEE Conferences, Events & Experiences

IEEE Conferences, Events & Experiences (CEE) is a dedicated partner made up of event industry experts driven to shape innovative and high-quality events.

CEE specializes in event management including registration, audience development, and program design, as well as sponsorship, publications, and financial management for over 2,000 annual events worldwide.

• Visit the CEE website

The CEE team is available to assist you.

Email  [email protected]  with questions or concerns, or call: Toll-Free: +1 855 340 4333 (US & Canada) Toll: +1 732 562 3878 (worldwide)

Virtual Events team  

• View the presentation (PPTX, 3 MB)

IEEE Conference Application  

• Submit an IEEE Conference Application
• View tutorials on the IEEE Conference Application
• Read about the IEEE Conference Application

Conference publications

IEEE produces cutting-edge conference publications in various technology areas that are recognized by academia and industry worldwide. Articles submitted for publication follow a paper-selection process and are peer reviewed before they are published.

• Learn more about IEEE conference publications (PDF, 2 MB)
• Browse conference publications in the IEEE Xplore® Digital Library
• Learn more about the IEEE Conference Publications Committee

Calls for papers

IEEE provides the right forum for authors and speakers to present their work at various annual conferences worldwide. IEEE continuously updates its database with opportunities to submit abstracts and papers.

• Search for upcoming call for papers deadlines in your field of interest

IEEE Conferences Committee

* IEEE volunteers and staff must use their IEEE Account to access content within the IEEE Technical Activities Operations site. In some instances, access to certain content areas is further limited based on IEEE volunteer roles.

• Learn more about the IEEE Conferences Committee (PDF, 2 MB)
• Search for IEEE Committee Meetings - use filter: IEEE Conferences Committee (sign-in required)
• View IEEE Organizational Roster - IEEE Conferences Committee (sign-in required)

Local meetings and events

IEEE provides its members and volunteers with networking and interaction opportunities through local meetings and events hosted by the local Sections, Chapters, and other regional governing bodies.

• Find a local Section or Chapter meeting

Related Information >

Join/Renew IEEE or a Society

Receive member access to select content, product discounts, and more.

• Review all member benefits

The IEEE App

Let's stay connected.

• Download today

Sustainable events

Find guidance, online tools, and resources for designing and supporting sustainable IEEE events.

IEEE is committed to helping combat and mitigate the effects of climate change.  

• See what's new on the IEEE Climate Change site

Log in using your username and password

• Search More Search for this keyword Advanced search
• Latest content
• Current issue
• BMJ Journals More You are viewing from: Google Indexer

You are here

• Online First
• Pedestrian safety on the road to net zero: cross-sectional study of collisions with electric and hybrid-electric cars in Great Britain
• Article Text
• Article info
• Citation Tools
• Rapid Responses
• Article metrics

• http://orcid.org/0000-0003-4431-8822 Phil J Edwards ,
• Siobhan Moore ,
• Craig Higgins
• London School of Hygiene & Tropical Medicine , London , UK
• Correspondence to Dr Phil J Edwards, London School of Hygiene & Tropical Medicine, London WC1E 7HT, UK; phil.edwards{at}LSHTM.ac.uk

Background Plans to phase out fossil fuel-powered internal combustion engine (ICE) vehicles and to replace these with electric and hybrid-electric (E-HE) vehicles represent a historic step to reduce air pollution and address the climate emergency. However, there are concerns that E-HE cars are more hazardous to pedestrians, due to being quieter. We investigated and compared injury risks to pedestrians from E-HE and ICE cars in urban and rural environments.

Methods We conducted a cross-sectional study of pedestrians injured by cars or taxis in Great Britain. We estimated casualty rates per 100 million miles of travel by E-HE and ICE vehicles. Numerators (pedestrians) were extracted from STATS19 datasets. Denominators (car travel) were estimated by multiplying average annual mileage (using National Travel Survey datasets) by numbers of vehicles. We used Poisson regression to investigate modifying effects of environments where collisions occurred.

Results During 2013–2017, casualty rates per 100 million miles were 5.16 (95% CI 4.92 to 5.42) for E-HE vehicles and 2.40 (95%CI 2.38 to 2.41) for ICE vehicles, indicating that collisions were twice as likely (RR 2.15; 95% CI 2.05 to 2.26) with E-HE vehicles. Poisson regression found no evidence that E-HE vehicles were more dangerous in rural environments (RR 0.91; 95% CI 0.74 to 1.11); but strong evidence that E-HE vehicles were three times more dangerous than ICE vehicles in urban environments (RR 2.97; 95% CI 2.41 to 3.7). Sensitivity analyses of missing data support main findings.

Conclusion E-HE cars pose greater risk to pedestrians than ICE cars in urban environments. This risk must be mitigated as governments phase out petrol and diesel cars.

• WOUNDS AND INJURIES
• CLIMATE CHANGE

Data availability statement

Data are available in a public, open-access repository. Numerator data (numbers of pedestrians injured in collisions) are publicly available from the Road Safety Data (STATS19) datasets ( https://www.data.gov.uk/dataset/cb7ae6f0-4be6-4935-9277-47e5ce24a11f/road-safety-data ). Denominator data (100 million miles of car travel per year) may be estimated by multiplying average annual mileage by numbers of vehicle registrations (publicly available from Department for Transport, https://www.gov.uk/government/statistical-data-sets/veh02-licensed-cars ). Average annual mileage for E-HE and ICE vehicles may be estimated separately for urban and rural environments using data that may obtained under special licence from the National Travel Survey datasets ( http://doi.org/10.5255/UKDA-Series-2000037 ).

https://doi.org/10.1136/jech-2024-221902

Statistics from Altmetric.com

Request permissions.

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

WHAT IS ALREADY KNOWN ON THIS TOPIC

Electric cars are quieter than cars with petrol or diesel engines and may pose a greater risk to pedestrians.

The US National Highway Transportation Safety Agency found that during 2000–2007 the odds of an electric or hybrid-electric car causing a pedestrian injury were 35% greater than a car with a petrol or diesel engine.

The UK Transport Research Laboratory found the pedestrian casualty rate per 10 000 registered electric or hybrid-electric vehicles during 2005–2007 in Great Britain was lower than the rate for petrol or diesel vehicles.

WHAT THIS STUDY ADDS

In Great Britain during 2013–2017, pedestrians were twice as likely to be hit by an electric or hybrid-electric car than by a petrol or diesel car; the risks were higher in urban areas.

HOW THIS STUDY MIGHT AFFECT RESEARCH, PRACTICE OR POLICY

The greater risk to pedestrian safety posed by electric or hybrid-electric cars needs to be mitigated as governments proceed to phase out petrol and diesel cars.

Drivers of electric or hybrid-electric cars must be cautious of pedestrians who may not hear them approaching and may step into the road thinking it is safe to do so, particularly in towns and cities.

Introduction

Many governments have set targets to reach net-zero emissions to help mitigate the harms of climate change. Short-term health benefits of reduced emissions are expected from better air quality with longer-term benefits from reduced global temperatures. 1

Transition to electric and hybrid-electric (E-HE) cars

One such target is to phase out sales of new fossil fuel-powered internal combustion engine (ICE) vehicles and replace these with E-HE vehicles. 2 3

Pedestrian safety

Road traffic injuries are the leading cause of death for children and young adults. 4 A quarter of all road traffic deaths are of pedestrians. 5 Concerns have been raised that E-HE cars may be more hazardous to pedestrians than ICE cars, due to being quieter. 6 7 It has been hypothesised that E-HE cars pose a greater risk of injury to pedestrians in urban areas where background ambient noise levels are higher. 8 However, there has been relatively little empirical research on possible impacts of E-HE cars on pedestrian road safety. A study commissioned for the US National Highway Transportation Safety Agency based on data from 16 States found that the odds of an E-HE vehicle causing a pedestrian injury were 35% greater than an ICE vehicle. 9 In contrast, a study commissioned by the UK Department for Transport found pedestrian casualty rates from collisions with E-HE vehicles during 2005–2007 were lower than for ICE vehicles. 10 Possible reasons for these conflicting results are that the two studies used different designs and estimated different measures of relative risk—the first used a case–control design and estimated an OR, whereas the second used a cross-sectional study and estimated a rate ratio. ORs will often differ from rate ratios. 11 Other reasons include differences between the USA and the UK in the amount and quality of walking infrastructure. 12

Aim and objectives

We aimed to add to the evidence base on whether E-HE cars pose a greater injury risk to pedestrians than ICE cars by analysing road traffic injury data and travel survey data in Great Britain.

We sought to improve on the previous UK study by using distance travelled instead of number of registered vehicles as the measure of exposure in estimation of collision rates.

The objectives of this study were:

To estimate pedestrian casualty rates for E-HE and ICE vehicles and to compare these by calculating a rate ratio;

To assess whether or not the evidence supports the hypothesis that casualty rate ratios vary according to urban or rural environments. 8

Study design

This study was an analysis of differences in casualty rates of pedestrians per 100 million miles of E-HE car travel and rates per 100 million miles of ICE car travel.

This study was set in Great Britain between 2013 and 2017.

Participants

The study participants were all pedestrians reported to have been injured in a collision with a car or a taxi.

The exposure was the type of propulsion of the colliding vehicle, E-HE or ICE. E-HE vehicles were treated as a single powertrain type, regardless of the mode of operation that a hybrid vehicle was in at the time of collision (hybrid vehicles typically start in electric mode and change from battery to combustion engine at higher speeds). 13

The outcome of interest was a pedestrian casualty.

Effect modification by road environment

We used the urban–rural classification 14 of the roads on which the collisions occurred to investigate whether casualty rate ratios comparing E-HE with ICE vehicles differed between rural and urban environments.

Data sources/measurement

Numerator data (numbers of pedestrians injured in collisions) were extracted from the Road Safety Data (STATS19) datasets. 15

Denominator data (100 million miles of car travel per year) were estimated by multiplying average annual mileage by numbers of vehicle registrations. 16 Average annual mileage for E-HE and ICE vehicles was estimated separately for urban and rural environments using data obtained under special licence from the National Travel Survey (NTS) datasets. 17 We estimated average annual mileage for the years 2013–2017 because the NTS variable for the vehicle fuel type did not include ‘hybrid’ prior to 2013 and data from 2018 had not been uploaded to the UK data service due to problems with the archiving process (Andrew Kelly, Database Manager, NTS, Department for Transport, 23 March 2020, personal communication). Denominators were thus available for the years 2013–2017.

Data preparation

The datasets for collisions, casualties and vehicles from the STATS19 database were merged using a unique identification number for each collision.

Statistical methods

We calculated annual casualty rates for E-HE and ICE vehicles separately and we compared these by calculating a rate ratio. We used Poisson regression models to estimate rate ratios with 95% CIs and to investigate any modifying effects of the road environment in which the collisions occurred. For this analysis, our regression model included explanatory terms for the main effects of the road environment, plus terms for the interaction between type of propulsion and the road environment. The assumptions for Poisson regression were met in our study: we modelled count data (counts of pedestrians injured), traffic collisions were independent of each other, occurring in different places over time, and never occurring simultaneously. Data preparation, management and analyses were carried out using Microsoft Access 2019 and Stata V.16. 18

Sensitivity analysis

We conducted an extreme case analysis where all missing propulsion codes were assumed to be ICE vehicles (there were over a 100 times more ICE vehicles than E-HE vehicles on the roads in Great Britain during our study period, 16 so missing propulsion is more likely to have been ICE).

The sample size for this study included all available recorded road traffic collisions in Great Britain during the study period. We estimated that for our study to have 80% power at the 5% significance level to show a difference in casualty rates of 2 per 100 miles versus 5.5 per 100 miles, we would require 481 million miles of vehicle travel in each group (E-HE and ICE); whereas to have 90% power at the 1% significance level to show this difference, 911 million miles of vehicle travel would be required in each group. Our study includes 32 000 million miles of E-HE vehicle travel and 3 000 000 million miles of ICE vehicle travel and therefore our study was sufficiently powered to detect differences in casualty rates of these magnitudes.

Between 2013 and 2017, there were 916 713 casualties from reported road traffic collisions in Great Britain. 120 197 casualties were pedestrians. Of these pedestrians, 96 285 had been hit by a car or taxi. Most pedestrians—71 666 (74%) were hit by an ICE car or taxi. 1652 (2%) casualties were hit by an E-HE car or taxi. For 22 829 (24%) casualties, the vehicle propulsion code was missing. Most collisions occurred in urban environments and a greater proportion of the collisions with E-HE vehicles occurred in an urban environment (94%) than did collisions with ICE vehicles (88%) ( figure 1 ).

• Download figure
• Open in new tab
• Download powerpoint

Flow chart of pedestrian casualties in collisions with E-HE or ICE cars or taxis from reported road traffic collisions in Great Britain 2013–2017. E-HE, electric and hybrid-electric; ICE, internal combustion engine.

Main results

During the period 2013 to 2017, the average annual casualty rates of pedestrians per 100 million miles were 5.16 (95% CI 4.92 to 5.42) for E-HE vehicles and 2.40 (95% CI 2.38 to 2.41) for ICE vehicles, which indicates that collisions with pedestrians were on average twice as likely (RR 2.15 (95% CI 2.05 to 2.26), p<0.001) with E-HE vehicles as with ICE vehicles ( table 1 ).

• View inline

Pedestrian casualties due to collisions with cars or taxis from reported road traffic collisions in Great Britain 2013–2017—by vehicle propulsion type

In our extreme case analysis, the 22 829 pedestrian casualties where vehicle propulsion was missing were all assumed to have been struck by ICE vehicles. In this case, average casualty rates of pedestrians per 100 million miles were 3.16 (95% CI 3.14 to 3.18) for ICE vehicles, which would indicate that collisions with pedestrians were on average 63% more likely (RR 1.63 (95% CI 1.56 to 1.71), p<0.001) with E-HE vehicles than with ICE vehicles ( table 2 ).

Extreme case sensitivity analysis—pedestrian casualties due to collisions with cars or taxis from reported road traffic collisions in Great Britain 2013–2017 by vehicle propulsion type where 22 829 missing vehicle propulsion codes are assumed to be ICE vehicles

Relative risks according to road environment

Casualty rates were higher in urban than rural environments ( tables 3 and 4 ).

Pedestrian casualties due to collisions with cars or taxis from reported road traffic collisions in Great Britain 2013–2017—by vehicle propulsion type in urban road environments

Pedestrian casualties due to collisions with cars or taxis from reported road traffic collisions in Great Britain 2013–2017—by vehicle propulsion type in rural road environments

Urban environments

Collisions with pedestrians in urban environments were on average over two and a half times as likely (RR 2.69 (95% CI 2.56 to 2.83, p<0.001) with E-HE vehicles as with ICE vehicles ( table 3 ).

The extreme case sensitivity analysis showed collisions with pedestrians in urban environments were more likely with E-HE vehicles (RR 2.05; 95% CI 1.95 to 2.15).

Rural environments

Collisions with pedestrians in rural environments were equally likely (RR 0.91; 95% CI 0.74 to 1.11) with E-HE vehicles as with ICE vehicles ( table 4 ).

The extreme case sensitivity analysis found evidence that collisions with pedestrians in rural environments were less likely with E-HE vehicles (RR 0.68; 95% CI 0.55 to 0.83).

Results of Poisson regression analysis

Our Poisson regression model results ( table 5 ) showed that pedestrian injury rates were on average 9.28 (95% CI 9.07 to 9.49) times greater in urban than in rural environments. There was no evidence that E-HE vehicles were more dangerous than ICE vehicles in rural environments (RR 0.91; 95% CI 0.74 to 1.11), consistent with our finding in table 4 . There was strong evidence that E-HE vehicles were on average three times more dangerous than ICE vehicles in urban environments (RR 2.97; 95% CI 2.41 to 3.67).

Results of Poisson regression analysis of annual casualty rates of pedestrians per 100 million miles by road environment and the interaction between vehicle propulsion type and environment

Statement of principal findings

This study found that in Great Britain between 2013 and 2017, casualty rates of pedestrians due to collisions with E-HE cars and taxis were higher than those due to collisions with ICE cars and taxis. Our best estimate is that such collisions are on average twice as likely, and in urban areas E-HE vehicles are on average three times more dangerous than ICE vehicles, consistent with the theory that E-HE vehicles are less audible to pedestrians in urban areas where background ambient noise levels are higher.

Strengths and weaknesses of the study

There are several limitations to this study which are discussed below.

The data used were not very recent. However, ours is the most current analysis of E-HE vehicle collisions using the STATS19 dataset.

Before we can infer that E-HE vehicles pose a greater risk to pedestrians than ICE vehicles, we must consider whether our study is free from confounding and selection bias. Confounding occurs when the exposure and outcome share a common cause. 19 Confounders in this study would be factors that may both cause a traffic collision and also cause the exposure (use of an E-HE car). Younger, less experienced drivers (ie, ages 16–24) are more likely to be involved in a road traffic collision 20 and are also more likely to own an electric car. 21 Some of the observed increased risk of electric cars may therefore be due to younger drivers preferring electric cars. This would cause positive confounding, meaning that the true relative risk of electric cars is less than we have estimated in our study. Regarding selection bias, it is known that the STATS19 dataset does not include every road traffic casualty in Great Britain, as some non-fatal casualties are not reported to the police. 22 If casualties from collisions are reported to the police differentially according to the type of vehicle propulsion, this may have biased our results; however, there is no reason to suspect that a pedestrian struck by a petrol or diesel car is any more or less likely to report the collision to the police than one struck by an electric car.

We must also address two additional concerns as ours is a cross-sectional study: The accuracy of exposure assignment (including the potential for recall bias) and the adequacy of prevalence as a proxy for incidence. 23 First, the accuracy of exposure assignment and the potential for recall bias are not issues for this study, as the exposure (type of propulsion of the colliding vehicle, E-HE or ICE), is assigned independently of the casualties by the UK Department for Transport who link the vehicle registration number (VRN) of each colliding vehicle to vehicle data held by the UK Driver Vehicle and Licensing Agency (DVLA). 10 Second, we have not used prevalence as a proxy for incidence but have estimated incidence using total distance travelled by cars as the measure of exposure.

We may therefore reasonably infer from our study results that E-HE vehicles pose a greater risk to pedestrians than ICE vehicles in urban environments, and that part of the risk may be due to younger people’s preference for E-HE cars.

A major limitation of the STATS19 road safety dataset used in this study was that it did not contain a vehicle propulsion code for all vehicles in collisions with pedestrians. We excluded these vehicles from our primary analysis (a complete case analysis) and we also conducted an extreme case sensitivity analysis. We will now argue why imputation of missing vehicle propulsion codes would not have added value to this study. Vehicle propulsion data are obtained for the STATS19 dataset by the UK Department for Transport who link the VRN of each colliding vehicle recorded in STATS19 to vehicles data held by the UK DVLA. The STATS19 data on reported collisions and casualties are collected by a Police Officer when an injury road accident is reported to them; Most police officers write details of the casualties and the vehicles involved in their notebooks for transcription onto the STATS19 form later at the Police station. 24 The VRN is one of 18 items recorded on each vehicle involved in a collision. Items may occasionally be missed due to human error during this process. Where a VRN is missing, vehicle propulsion will be missing in the STATS19 dataset. The chance that any vehicle-related item is missing will be independent of any characteristics of the casualties involved and so the vehicle propulsion codes are missing completely at random (MCAR). As the missing propulsion data are very likely MCAR, the set of pedestrians with no missing data is a random sample from the source population and hence our complete case analysis for handling the missing data gives unbiased results. The extreme case sensitivity analysis we performed shows a possible result that could occur, and it demonstrates our conclusions in urban environments are robust to the missing data. Lastly, to impute the missing data would require additional variables which are related to the likelihood of a VRN being missing. Such variables were not available and therefore we do not believe a useful multiple imputation analysis could have been performed.

Strengths and weaknesses in relation to other studies

Our study uses hundreds of millions of miles of car travel as the denominators in our estimates of annual pedestrian casualty rates which is a more accurate measure of exposure to road hazards than the number of registered vehicles, which was used as the denominator in a previous study in the UK. 10 Our results differ to this previous study which found that pedestrian casualty rates from collisions with E-HE vehicles during 2005–2007 were lower than those from ICE vehicles. Our study has updated this previous analysis and shows that casualty rates due to E-HE vehicle collisions exceed those due to ICE vehicle collisions. Similarly, our study uses a more robust measure of risk (casualty rates per miles of car travel) than that used in a US study. 9 Our study results are consistent with this US study that found that the odds of an E-HE vehicle causing a pedestrian injury were 35% greater than an ICE vehicle. Brand et al 8 hypothesised, without any supporting data, that “hybrid and electric low-noise cars cause an increase in traffic collisions involving vulnerable road users in urban areas” and recommended that “further investigations have to be done with the increase of low-noise cars to prove our hypothesis right.” 8 We believe that our study is the first to provide empirical evidence in support of this hypothesis.

Meaning of the study: possible explanations and implications for clinicians and policymakers

More pedestrians are injured in Great Britain by petrol and diesel cars than by electric cars, but compared with petrol and diesel cars, electric cars pose a greater risk to pedestrians and the risk is greater in urban environments. One plausible explanation for our results is that background ambient noise levels differ between urban and rural areas, causing electric vehicles to be less audible to pedestrians in urban areas. Such differences may impact on safety because pedestrians usually hear traffic approaching and take care to avoid any collision, which is more difficult if they do not hear electric vehicles. This is consistent with audio-testing evidence in a small study of vision-impaired participants. 10 From a Public Health perspective, our results should not discourage active forms of transport beneficial to health, such as walking and cycling, rather they can be used to ensure that any potential increased traffic injury risks are understood and safeguarded against. A better transport policy response to the climate emergency might be the provision of safe, affordable, accessible and integrated public transport systems for all. 25

Unanswered questions and future research

It will be of interest to investigate the extent to which younger drivers are involved in collisions of E-HE cars with pedestrians.

If the braking distance of electric cars is longer, 26 and electric cars are heavier than their petrol and diesel counterparts, 27 these factors may increase the risks and the severity of injuries sustained by pedestrians and require investigation.

As car manufacturers continue to develop and equip new electric cars with Collision Avoidance Systems and Autonomous Emergency Braking to ensure automatic braking in cases where pedestrians or cyclists move into the path of an oncoming car, future research can repeat the analyses presented in this study to evaluate whether the risks of E-HE cars to pedestrians in urban areas have been sufficiently mitigated.

Conclusions

E-HE vehicles pose a greater risk to pedestrians than petrol and diesel powered vehicles in urban environments. This risk needs to be mitigated as governments proceed to phase out petrol and diesel cars.

Ethics statements

Patient consent for publication.

Not applicable.

Ethics approval

This study involves human participants and was approved by the LSHTM MSc Research Ethics Committee (reference #16400). The study uses the anonymised records of people injured in road traffic collisions, data which are routinely collected by UK police forces. The participants are unknown to the investigators and could not be contacted.

Acknowledgments

We thank Rebecca Steinbach for her advice on analysis of National Travel Survey data, Jonathan Bartlett for his advice on missing data, and Ben Armstrong for his advice on Poisson regression. We are grateful to the reviewers and to Dr C Mary Schooling, Associate Editor, whose comments helped us improve the manuscript. We are grateful to Jim Edwards and Graham Try for their comments on earlier versions of this manuscript.

• H Baqui A ,
• Benfield T , et al
• Gilchrist J
• ↵ WHO factsheet on road traffic injuries . Available : https://www.who.int/news-room/fact-sheets/detail/road-traffic-injuries#:~:text=Approximately%201.19%20million%20people%20die,adults%20aged%205%E2%80%9329%20years [Accessed 14 Apr 2024 ].
• ↵ Reported road casualties great Britain, annual report . 2022 . Available : https://www.gov.uk/government/statistics/reported-road-casualties-great-britain-annual-report-2022 [Accessed 14 Apr 2024 ].
• Maryland General Assembly
• Haas P , et al
• Morgan PA ,
• Muirhead M , et al
• Greenland S
• Buehler R ,
• Alternative Fuels Data Center
• Government-Statistics
• Department for Transport
• Department for Transport. (2023
• Hernán MA ,
• Hernández-Díaz S ,
• Barriers Direct
• Savitz DA ,
• Wellenius GA
• Transport Scotland

Contributors CH and PJE developed the idea for this study and supervised SM in performing the literature search, downloading, managing and analysing the data. SM wrote the first draft of the manuscript, which was the dissertation for her MSc in Public Health. PJE prepared the first draft of the manuscript for the journal. All authors assisted in editing and refining the manuscript. The corresponding author attests that all listed authors meet authorship criteria and that no others meeting the criteria have been omitted. PJE (guarantor) accepts full responsibility for the work and the conduct of the study, had access to the data and controlled the decision to publish.

Funding This study was conducted in part fulfilment of the Masters degree in Public Health at the London School of Hygiene & Tropical Medicine. The second author was self-funded for her studies for this degree.

Competing interests None declared.

Provenance and peer review Not commissioned; externally peer reviewed.

Read the full text or download the PDF:

industrial safety Recently Published Documents

Total documents.

• Latest Documents
• Most Cited Documents
• Contributed Authors
• Related Sources
• Related Keywords

The New Safety Trends: The Challenges through Industry 4.0

Industrial engineering achieved rapid growth in providing safety measurements in all industries, following different safety policies to prevent faults in sectors. Industrial safety is an essential feature to give an accident-free environment. The safety policies and measurements encourage the industrial people to work in different perilous conditions. Industries prepare their safety policy and safety manual to identify various faults and risks. It is necessary to create awareness in industrial working members, and industries maintain special departments for safety. The safety guidelines prevent occupational injuries and accidents. The safety rules and regulations reduce the waste of human and other resources in industries. The study evaluates safety models used in industry to identify issues involved in the selection, implementation, and evaluation. This research provides insight into the overall process for industrial safety and, most essential, overviews on the methodology. Predicting industrial faults and risks emphasized the industrial engineering process and used machine learning algorithms for classifications. Many issues and challenges discussed industrial safety and provided novel innovation ideas for researchers.

A FACTORIAL ANALYSIS OF INDUSTRIAL SAFETY

Teaching of “control systems of hazardous and harmful factors” with “the legal basis for civil security” in the institution building and civil security profiles (for specialty construction and civil security).

Problem statement. The article is aimed at determining the characteristics of the specialty, the presenceof problems in learning. The purpose of the article is to highlight the main problems associated with the production andthe process of mastering the profession. As the specialty is quite young, there are often no materials to master it byfuture specialists. We hope that we have managed to overcome these shortcomings. The training of future specialists intoday's changing conditions of production needs and employers poses new challenges to higher education, includinguniversities that train specialists in the field of civil security. The article is built in the classical style according to therequirements of the Ministry of Education and Science of Ukraine to scientific articles. Purpose. The specialty is one ofthe most relevant and popular specialties of training and is focused primarily on training specialists who are able toensure effective implementation of labor protection policy, industrial safety and cooperation with state supervisoryauthorities in accordance with regulations and international standards. The specialty allows to acquire practical andspecialized knowledge and skills in the field of both technical and human sciences, related to the risks that arise in theprocess of work, methods of eliminating hazards, assessment of occupational risks, etc. Graduates can interpret the roleand place of a person in solving health and safety problems with all the consequences. Conclusions. The purpose of thespecialists in civil safety and labor protection is to implement the task of compulsory state social insurance againstaccidents at work and occupational diseases, including participation in ensuring the employer's preventive and othermeasures aimed at eliminating harmful and dangerous factors of production, prevention of accidents at work,occupational diseases and other cases of threat to the health of personnel caused by working conditions, and providingthe employer with practical assistance in constantly improving the forms and methods of preventive work in the field oflabor protection.

Appropriate Smart Factory : Demonstration of Applicability to Industrial Safety

As industrial safety increases, various industrial accident prevention technologies using smart factory technology are being studied. However, small and medium enterprises (SMEs), which account for the majority of industrial accidents, are having difficulties in preventing industrial accidents by applying these smart factory technologies due to practical problems. In this study, customized monitoring and warning systems for each type of industrial accident were developed and applied to the actual field. Through this, we demonstrated industrial accident prevention technology through appropriate smart factory technology used by SMEs. A customized monitoring system using vision, current, temperature, and gas sensors was established for the four major disaster types: worker body access, short circuit and overcurrent, fire and burns due to high temperature, and emission of hazardous gas. In addition, a notification method suitable for each work environment was applied so that the monitored risk factors could be recognized quickly, and real-time data transmission and display enabled workers and managers to understand the disaster risk effectively. Through the application and demonstration of these appropriate smart factory technologies, the spread of these industrial safety technologies is to be discussed.

Functions of responsible for training in digital systems for industrial safety

The functional capabilities provided by the digital production safety training system for those responsible for training allow the software complex to be maintained in a stable operational state when exposed to emergency situations, to fulfill all the necessary needs of responsible users with the authority to create effective training programs and to test the knowledge of workers on production safety, to quickly form up-to-date digital reporting documentation for the organization.

Analysis and design of industrial safety automatic identification system based on Tiny-YOLOv3

New in the field of health and safety.

The review presents innovations in the field of legislation, information on initiatives in the field of labor protection and industrial safety

Explanations of labor protection specialists

Rostrud specialists provide clarifications on issues related to training in the provision of first aid, assessment of occupational risks, and industrial safety.

Construction Safety Law

<p>The development of industrial safety law in Britain and New Zealand and the origins of construction, safety law are outlined in Part I. The administration and interpretation of the Construction Act 1959 are described in Part II, and Part III highlights the comparable statute law in three Commonwealth countries. The thesis will assist persons engaged in industry, lawyers and departmental officers in the understanding of the law and its application to construction work. The information presented on overseas law will assist those involved in the task of reviewing and consolidating the New Zealand industrial safety, health and welfare legislation. The history of the British Factories Acts leading on to the Health and Safety at Work Act 1974, described in Chapter 1, highlights the importance of a self-regulating, integrated statutory system and a professional inspectorate with an advisory role and residual enforcement powers. New Zealand safety law has developed as the country's industrial needs have determined, as will be seen from Chapter 2. Generally, British statutes have been adopted, but construction safety law is the exception and Chapter 3 shows that, from the earliest Bill introduced by Richard John Seddon in 1892 up to the present, the legislation covering the construction industry has been initiated and drafted with industry representation. The more empirical subjects such as current policy and practice, sanctions, codes, education, other legislation and reform, as well as the purpose, effect, extent and application of the Construction Act 1959 are discussed in Chapter 4. The results of the author's legal research and analysis are contained in Chapters 5 and 6 under the headings of 'Liabilities' and 'Technical Law'. The responsibilities of employers, workmen, safety supervisors, inspectors and the Crown are set out and explained in terms of the statute and the interpretation from the case law. The technical subjects include scaffolding, guardrails, brittle roofing, fall of objects, access, excavations, mechanical plant, demolition, eye protection, asbestos, work in compressed air, health and welfare. Chapters 7, 8 and 9 examine the present legislation, in Britain, Australia and Canada and indicate a trend towards a unified approach to occupational safety, health and welfare and one enactment for all places of work, and with separate regulations and codes of practice for each industry. This study has been carried out by the present Chief Safety Engineer of the Department of Labour who has been responsible for the administration of the Construction Act 1959 since 1968. A separately bound appendix includes a copy of the Construction Act 1959 and the Amendments (Appendix A), the Inspection of Building Appliances Bill 1892 (Appendix B), the Scaffolding Inspection Act 1906 (Appendix C), the Tasmanian Industrial Safety, Health and Welfare Act 1977 (Appendix D), the Ontario Occupational Health and Safety Act 1978 (Appendix E), and copies of the unreported judgments and decisions referred to in the thesis (Appendix F).</p>

Export Citation Format

Share document.

Health & Environmental Research Online (HERO)

• Learn about HERO
• Search HERO
• Projects in HERO
• Risk Assessment
• Transparency & Integrity