We conducted six between-subjects survey experiments to examine how judgments of cyber-crime vary as a function of characteristics of the crime. The experiments presented vignettes that described a fictional cybercrime in which someone broke into an organization’s network and downloaded data records. In each experiment, we manipulated the vignettes according to one dimension per experiment: type of data, scope, motivation, the organization’s co-responsibility for the crime, consequences, and context. Participants were U.S. residents recruited via Amazon Mechanical Turk. We find that scope (the number of records downloaded) and the attacker’s motivation had significant effects on the perceived seriousness of the crime. Participants also recommended harsher punishments when the monetary costs of the cybercrime were higher. Furthermore, participants considered cybercrimes committed by activists to be significantly less blameworthy, and deserving of significantly lighter sentences, than cybercrimes committed for profit—contrary to the position sometimes taken by U.S. prosecutors.
