I believe that one of the largest reasons for individuals not reporting cybercrime is the evident lack of prosecution and punishment. This can be directly seen with the enforcement rate of cybercrime. Of the reported cybercrime incidents, it is estimated that only 0.31% were enforced with the rule of law. However, the estimated rate of cybercrime incident reporting is around one in six, meaning that the effective estimate for cybercrime enforcement is closer to 0.05% (Eoyang et al., 2018). This makes nearly all cybercrime effectively decriminalized, if there is an almost zero chance of repercussions, then there is no point there fighting it. Another reason could be social impact, such as feeling shamed or less than for being victimized. This could be seen in certain instances, such as a social media account being taken over, having explicit images being used as leverage, or just general embarrassment from being victimized. One final reason for individuals not reporting cybercrime could be fear of backlash from the perpetrator, especially if something of importance or sensitivity is being used as leverage. Individuals may decide for themselves that involving the proper authorities is not worth the risk of tarnishing a person’s reputation and social standing.
Eoyang, M., Peters, A., Mehta, I., & Gaskew, B. (2018). To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors. In Third Way (p. 7). https://thirdway.imgix.net/pdfs/override/To_Catch_A_Hacker_Report.pdf