This study presents a novel and thorough framework to conceptualize cybercrime and its impact and discusses the main results of the first two tests of such framework through the administration of two surveys to extensive samples of Belgian businesses. Despite PwC Belgium's (2017) initial attempts, our work constitutes the first study that systematically and empirically investigates cybercrime and the resulting costs and harms suffered by businesses located in Belgium – or, as a matter of fact, in any country of Continental Europe. Moreover, it allows a first analysis of the trends of cybercrime incidence and impact across the period 2016–2018, albeit with strong limitations because it does not rely on a longitudinal, but a cross-sectional design. Notwithstanding this and other limitations discussed below, our study thus starts filling an important gap in the current knowledge of the impact of cybercrime on businesses.

CONCEPTUALIZATION AND RESEARCH DESIGN

Unlike most other studies on the costs and impact of cybercrime, ours rests on a “technology-neutral” typology of cybercrime, i.e., a typology that is independent of the specific techniques used by cybercriminals. Our typology consists of five types of cybercrime that may potentially target businesses:

The first three types belong to the category of “computer-integrity crimes,” that is, “new” crimes that can only be committed online. The latter two belong to the category of “computer-assisted crimes,” which refers to “traditional” crimes that may be committed both offline and online. Our conceptualization of the three computer-integrity crimes is based upon the Council of Europe's 2001 Convention on Cybercrime, and the 2000 Belgian act on cybercrime. “Cyber extortion” has no direct counterpart in the Convention, rather, it is the cyber version of a standard offence in Belgian and other national criminal laws. The last type, “internet fraud,” draws from the offence of computerrelated fraud defined by the Convention (Council of Europe, 2001: 6; art. 8) as well as two other more traditional types of fraud that frequently target businesses online.

Furthermore, we have conceptualized the impact of cybercrime in a novel and thorough way, drawing from Greenfield and Paoli's (2013) harm assessment framework. This framework conceptualizes impact as the overall harm of cybercrime, that is, the “sum” of the harms to material support, or costs, and the harms to other interest dimensions.