cyber crime research articles

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Springer Nature - PMC COVID-19 Collection

Research trends in cybercrime victimization during 2010–2020: a bibliometric analysis

Huong thi ngoc ho.

1 School of Journalism and Communication, Huazhong University of Science and Technology, Wuhan, Hubei China

Hai Thanh Luong

2 School of Global, Urban and Social Studies, RMIT University, Melbourne, Australia

Associated Data

The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.

Research on cybercrime victimization is relatively diversified; however, no bibliometric study has been found to introduce the panorama of this subject. The current study aims to address this research gap by performing a bibliometric analysis of 387 Social Science Citation Index articles relevant to cybercrime victimization from Web of Science database during the period of 2010–2020. The purpose of the article is to examine the research trend and distribution of publications by five main fields, including time, productive authors, prominent sources, active institutions, and leading countries/regions. Furthermore, this study aims to determine the global collaborations and current gaps in research of cybercrime victimization. Findings indicated the decidedly upward trend of publications in the given period. The USA and its authors and institutions were likely to connect widely and took a crucial position in research of cybercrime victimization. Cyberbullying was identified as the most concerned issue over the years and cyber interpersonal crimes had the large number of research comparing to cyber-dependent crimes. Future research is suggested to concern more about sample of the elder and collect data in different countries which are not only European countries or the USA. Cross-nation research in less popular continents in research map was recommended to be conducted more. This paper contributed an overview of scholarly status of cybercrime victimization through statistical evidence and visual findings; assisted researchers to optimize their own research direction; and supported authors and institutions to build strategies for research collaboration.

Introduction

To date, the debate of cybercrime definition has been controversial which is considered as one of the five areas of cyber criminology (Ngo and Jaishankar 2017 ; Drew 2020 ). 1 Several terms are used to illustrate ‘cybercrime’, such as ‘high-tech crime’ (Insa 2007 ), ‘computer crime’ (Choi 2008 ; Skinner and Fream 1997 ), ‘digital crime’ (Gogolin 2010 ), or ‘virtual crime’ (Brenner 2001 ). ‘Cybercrime’, however, has been the most popular in the public parlance (Wall 2004 ). A propensity considers crime directly against computer as cybercrime, while other tendency asserts that any crime committed via internet or related to a computer is cybercrime (Marsh and Melville 2008 ; Wall 2004 ). Hence, there is a distinction between ‘true cybercrime’ or ‘high-tech’ cybercrime and ‘low-tech’ cybercrime (Wagen and Pieters 2020 ). Council of Europe defines ‘any criminal offense committed against or with the help of a computer network’ as cybercrime (Abdullah and Jahan 2020 , p. 90). Despite different approaches, cybercrime generally includes not only new types of crimes which have just occurred after the invention of computer and internet (Holt and Bossler 2014 ; Drew 2020 ) but also traditional types of crimes which took the advantages of information communication technology (ICT) as vehicle for illegal behaviors (Luong 2021 ; Nguyen and Luong 2020 ; Luong et al. 2019 ). Two main cybercrime categories identified, respectively, are cyber-dependent crime (hacking, malware, denial of service attacks) and cyber-enable crime (phishing, identity theft, cyber romance scam, online shopping fraud). Nevertheless, there are several different classifications of cybercrime such as cybercrime against certain individuals, groups of individuals, computer networks, computer users, critical infrastructures, virtual entities (Wagen and Pieters 2020 ); cyber-trespass, cyber-deceptions, cyber-pornography, and cyber-violence (Wall 2001 ).

Due to the common prevalence of cybercrime, the increasing threats of cybercrime victimization are obviously serious. Cybercrime victimization has become a crucial research subfield in recent years (Wagen and Pieters 2020 ). It is difficult to differ “forms of online victimization” and “acts that actually constitute a crime”, then it is usual for researchers to focus less on perspective of criminal law and consider any negative experiences online as cybercrime (Näsi et al. 2015 , p. 2). It was likely to lead to practical gaps between theory and practice in terms of investigating the nexus of offender and victims on cyberspace. In the light of literature review, numerous specific aspects of cybercrime victimization were investigated by questionnaire surveys or interview survey such as the prevalence of cybercrime victimization (Näsi et al. 2015 ; Whitty and Buchanan 2012 ); causes and predictors of cybercrime victimization (Abdullah and Jahan 2020 ; Algarni et al. 2017 ; Ilievski 2016 ; Jahankhani 2013 ; Kirwan et al. 2018 ; Näsi et al. 2015 ; Reyns et al. 2019 ; Saad et al. 2018 ); and the relationship between social networking sites (SNS) and cybercrime victimization (Das and Sahoo 2011 ; Algarni et al. 2017 ; Benson et al. 2015 ; Seng et al. 2018 ). To some extent, therefore, the current study examines cybercrime victimization in the large scale, referring to any negative experiences on cyberspace or computer systems. Nevertheless, no bibliometric analysis was found to show the research trend and general landscape of this domain.

Bibliometric is a kind of statistical analysis which uses information in a database to provide the depth insight into the development of a specified area (Leung et al. 2017 ). The present study aims to address this research gap by providing a bibliometric review of the relevant SSCI articles in WoS database during the period of 2010–2020. The pattern of publications, the productivity of main elements (authors, journals, institutions, and countries/regions), statistic of citations, classification of key terms, research gaps, and other collaborations will be presented and discussed in section four and five after reviewing literatures and presenting our methods conducted. This article contributes an overview of research achievements pertaining to cybercrime victimization in the given period through statistical evidence and visual findings; assists researchers to perceive clearly about the key positions in research maps of this field, and obtain more suggestions to develop their own research direction.

Literature review

Cybercrime victimization.

Cybercrime victimization may exist in two levels including institutional and individual level (Näsi et al. 2015 ). For the former, victim is governments, institutions, or corporations, whereas for the latter, victim is a specific individual (Näsi et al. 2015 ). A wide range of previous studies concerned about individual level of victim and applied Lifestyle Exposure Theory (LET), Routine Activity Theory (RAT) and General Theory of Crime to explain cybercrime victimization (Choi 2008 ; Holt and Bossler 2009 ; Ngo and Paternoster 2011 ). Basing on these theories, situational and individual factors were supposed to play an important role in understanding cybercrime victimization (Choi 2008 ; Van Wilsem 2013 ). However, there was another argument that situational and individual factors did not predict cybercrime victimization (Ngo and Paternoster 2011 ; Wagen and Pieters 2020 ). Overall, most of those studies just focused only one distinctive kind of cybercrime such as computer viruses, malware infection, phishing, cyberbullying, online harassment, online defamation, identity theft, cyberstalking, online sexual solicitation, cyber romance scams or online consumer fraud. Referring to results of the prior research, some supported for the applicability of mentioned theories but other did not share the same viewpoint (Leukfeldt and Yar 2016 ). It was hard to evaluate the effect of LET or RAT for explanation of cybercrime victimization because the nature of examined cybercrime were different (Leukfeldt and Holt 2020 ; Leukfeldt and Yar 2016 ).

Previous research determined that cybercrime victimization was more common in younger group compared to older group because the young is the most active online user (Näsi et al. 2015 ; Oksanen and Keipi 2013 ) and males tended to become victims of cybercrime more than females in general (Näsi et al. 2015 ). However, findings might be different in research which concerned specific types of cybercrime. Women were more likely to be victims of the online romance scam (Whitty and Buchanan 2012 ) and sexual harassment (Näsi et al. 2015 ), while men recorded higher rate of victimization of cyber-violence and defamation. Other demographic factors were also examined such as living areas (Näsi et al. 2015 ), education (Oksanen and Keipi 2013 ; Saad et al. 2018 ) and economic status (Oksanen and Keipi 2013 ; Saad et al. 2018 ). Furthermore, several prior studies focus on the association of psychological factors and cybercrime victimization, including awareness and perception (Ariola et al. 2018 ; Saridakis et al. 2016 ), personality (Kirwan et al. 2018 ; Orchard et al. 2014 ; Parrish et al. 2009 ), self-control (Ilievski 2016 ; Ngo and Paternoster 2011 ; Reyns et al. 2019 ), fear of cybercrime (Lee et al. 2019 ), online behaviors (Al-Nemrat and Benzaïd 2015 ; Saridakis et al. 2016 ). Psychological factors were assumed to have effects on cybercrime victimization at distinctive levels.

Another perspective which was much concerned by researchers was the relationship between cybercrime victimization and SNS. SNS has been a fertile land for cybercriminals due to the plenty of personal information shared, lack of guard, the availability of communication channels (Seng et al. 2018 ), and the networked nature of social media (Vishwanath 2015 ). When users disclosed their personal information, they turned themselves into prey for predators in cyberspace. Seng et al. ( 2018 ) did research to understand impact factors on user’s decision to react and click on suspicious posts or links on Facebook. The findings indicated that participants’ interactions with shared contents on SNS were affected by their relationship with author of those contents; they often ignored the location of shared posts; several warning signals of suspicious posts were not concerned. Additionally, Vishwanath ( 2015 ) indicated factors that led users to fall victims on the SNS; Algarni et al. ( 2017 ) investigated users’ susceptibility to social engineering victimization on Facebook; and Kirwan et al. ( 2018 ) determined risk factors resulting in falling victims of SNS scam.

Bibliometric of cybercrime victimization

“Bibliometric” is a term which was coined by Pritchard in 1969 and a useful method which structures, quantifies bibliometric information to indicate the factors constituting the scientific research within a specific field (Serafin et al. 2019 ). Bibliometric method relies on some basic types of analysis, namely co-authorship, co-occurrence, citation, co-citation, and bibliographic coupling. This method was employed to various research domains such as criminology (Alalehto and Persson 2013 ), criminal law (Jamshed et al. 2020 ), marketing communication (Kim et al. 2019 ), social media (Chen et al. 2019 ; Gan and Wang 2014 ; Leung et al. 2017 ; Li et al. 2017 ; You et al. 2014 ; Zyoud et al. 2018 ), communication (Feeley 2008 ), advertising (Pasadeos 1985 ), education (Martí-Parreño et al. 2016 ).

Also, there are more and more scholars preferring to use bibliometric analysis on cyberspace-related subject such as: cyber behaviors (Serafin et al. 2019 ), cybersecurity (Cojocaru and Cojocaru 2019 ), cyber parental control (Altarturi et al. 2020 ). Serafin et al. ( 2019 ) accessed the Scopus database to perform a bibliometric analysis of cyber behavior. All documents were published by four journals: Cyberpsychology, Behavior and Social Networking (ISSN: 21522723), Cyberpsychology and Behavior (ISSN: 10949313) , Computers in Human Behavior (ISSN: 07475632) and Human–Computer Interaction (ISSN: 07370024), in duration of 2000–2018. Findings indicated the use of Facebook and other social media was the most common in research during this period, while psychological matters were less concerned (Serafin et al. 2019 ). Cojocaru and Cojocaru ( 2019 ) examined the research status of cybersecurity in the Republic of Moldavo, then made a comparison with the Eastern Europe countries’ status. This study employed bibliometric analysis of publications from three data sources: National Bibliometric Instrument (database from Republic of Moldavo), Scopus Elsevier and WoS. The Republic of Moldavo had the moderate number of scientific publications on cybersecurity; Russian Federation, Poland, Romania, Czech Republic, and Ukraine were the leading countries in Eastern Europe area (Cojocaru and Cojocaru 2019 ). Altarturi et al. ( 2020 ) was interested in bibliometric analysis of cyber parental control, basing on publications between 2000 and 2019 in Scopus and WoS. This research identified some most used keywords including ‘cyberbullying’, ‘bullying’, ‘adolescents’ and ‘adolescence’, showing their crucial position in the domain of cyber parental control (Altarturi et al. 2020 ). ‘Cyber victimization’ and ‘victimization’ were also mentioned as the common keywords by Altarturi et al. ( 2020 ). Prior research much focus on how to protect children from cyberbullying. Besides, four online threats for children were determined: content, contact, conduct and commercial threats (Altarturi et al. 2020 ).

Generally, it has been recorded several published bibliometric analyses of cyber-related issues but remained a lack of bibliometric research targeting cybercrime victimization. Thus, the present study attempts to fill this gap, reviewing the achievements of existed publications as well as updating the research trend in this field.

In detail, our current study aims to address four research questions (RQs):

What is overall distribution of publication based on year, institutions and countries, sources, and authors in cybercrime victimization?

Which are the topmost cited publications in terms of cybercrime victimization?

Who are the top co-authorships among authors, institutions, and countries in research cybercrime victimization?

What are top keywords, co-occurrences and research gaps in the field of cybercrime victimization?

Data collection procedure

Currently, among specific approaches in cybercrime’s fileds, WoS is “one of the largest and comprehensive bibliographic data covering multidisciplinary areas” (Zyoud et al. 2018 , p. 2). This paper retrieved data from the SSCI by searching publications of cybercrime victimization on WoS database to examine the growth of publication; top keywords; popular topics; research gaps; and top influential authors, institutions, countries, and journals in the academic community.

This paper employed Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) for data collection procedure. For timeline, we preferred to search between 2010 and 2020 on the WoS system with two main reasons. First, when the official update of the 2009 PRISMA Statement had ready upgraded with the specific guidelines and stable techniques, we consider beginning since 2010 that is timely to test. Secondly, although there are several publications from the early of 2021 to collect by the WoS, its updated articles will be continued until the end of the year. Therefore, we only searched until the end of 2020 to ensure the full updates.

To identify publications on cybercrime victimization, the study accessed WoS and used two keywords for searching: ‘cybercrime victimization’ or ‘cyber victimization’ after testing and looking for some terminology-related topics. Accordingly, the paper applied a combination of many other searching terms besides two selected words such as “online victimization”, “victim of cybercrime”, “phishing victimization”, “online romance victimization”, “cyberstalking victim”, “interpersonal cybercrime victimization”, or “sexting victimization”, the results, however, were not really appropriate. A lot of papers did not contain search keywords in their titles, abstracts, keywords and were not relavant to study topic. After searching with many different terms and comparing the results, the current study selected the two search terms for the most appropriate articles. The query result consisted of 962 documents. Basing on the result from preliminary searching, retrieved publications were refined automatically on WoS by criteria of timespan, document types, language, research areas, and WoS Index as presented in Table ​ Table1. 1 . Accordingly, the criteria for automatic filter process were basic information of an articles and classified clearly in WoS system so the results reached high accuracy. The refined results are 473 articles.

Criteria for automatic filter

After automatic filters, file of data was converted to Microsoft Excel 2016 for screening. The present study examined titles and abstracts of 473 articles to assess the eligibility of each publication according to the relevance with given topic. There are 387 articles are eligible,while 86 irrelevant publications were excluded.

Data analysis

Prior to data analysis, the raw data were cleaned in Microsoft Excel 2016. Different forms of the same author’s name were corrected for consistency, for example “Zhou, Zong-Kui” and “Zhou Zongkui”, “Van Cleemput, Katrien” and “Van Cleemput, K.”, “Williams, Matthew L.” and “Williams, Matthew”. Similarly, different keywords (single/plural or synonyms) used for the same concept were identified and standardized such as “victimization” and “victimisation”; “adolescent” and “adolescents”; “cyber bullying”, “cyber-bullying” and “cyberbullying”; “routine activity theory” and “routine activities theory”.

The data were processed by Microsoft Excel 2016 and VOS Viewer version 1.6.16; then it was analyzed according to three main aspects. First, descriptive statistic provided evidence for yearly distribution and growth trend of publications, frequency counts of citations, the influential authors, the predominant journals, the top institutions and countries/territories, most-cited publications. Second, co-authorship and co-occurrence analysis were constructed and visualized by VOS Viewer version 1.6.16 to explore the network collaborations. Finally, the current study also investigated research topics through content analysis of keywords. The authors’ keywords were classified into 15 themes, including: #1 cybercrime; #2 sample and demographic factors; #3 location; #4 theory; #5 methodology; #6 technology, platforms and related others; #7 psychology and mental health; #8 physical health; #9 family; #10 school; #11 society; #12 crimes and deviant behaviors; #13 victim; #14 prevention and intervention; and #15 others. Besides, the study also added other keywords from titles and abstracts basing on these themes, then indicated aspects examined in previous research.

In this section, all findings corresponding with four research questions identified at the ouset of this study would be illustrated (Fig.  1 ).

PRISMA diagram depicts data collection from WoS database

Distribution of publication

Distribution by year, institutions and countries.

Basing on retrieved data, it was witnessed an increasing trend of articles relevant to cybercrime victimization in SSCI list during the time of 2010–2020 but it had slight fluctuations in each year as shown in Fig.  2 . The total number of articles over this time was 387 items, which were broken into two sub-periods: 2010–2014 and 2015–2020. It is evident that the latter period demonstrated the superiority of the rate of articles (79.33%) compared to the previous period (20.67%). The yearly quantity of publications in this research subject was fewer than forty before 2015. Research of cybercrime victimization reached a noticeable development in 2016 with over fifty publications, remained the large number of publications in the following years and peaked at 60 items in 2018.

Annual distribution of publications

Distribution by institutions and countries

Table ​ Table2 2 shows the top contributing institutions according to the quantity of publications related to cybercrime victimization. Of the top institutions, four universities were from the USA, two ones were from Spain, two institutions were from Australia and the rest ones were from Czech Republic, Belgium, Greece, and Austria. Specifically, Masaryk University (17 documents) became the most productive publishing institution, closely followed by Michigan State University (16 documents). The third and fourth places were University of Antwerp (13 documents) and Weber State University (10 documents). Accordingly, the institutions from The USA and Europe occupied the vast majority.

Top contributing institutions based on total publications

TP total publications, TC total citations for the publications reviewed, AC average citations per document

In Table ​ Table2, 2 , University of Seville (total citations: 495, average citations: 70.71) ranked first and University of Cordoba (total citations: 484, average citations: 60.50) stayed at the second place in both total citations and average citations.

Referring to distribution of publications by countries, there were 45 countries in database contributing to the literature of cybercrime victimization. The USA recorded the highest quantity of papers, creating an overwhelming difference from other countries (159 documents) as illustrated in Fig.  3 . Of the top productive countries, eight European countries which achieved total of 173 publications were England (39 documents), Spain (34 documents), Germany (22 documents), Netherlands (18 documents), Italy (17 documents) and Czech Republic (17 documents), Belgium (14 documents), Greece (12 documents). Australia ranked the fourth point (32 documents), followed by Canada (30 documents). One Asian country which came out seventh place, at the same position with Netherlands was China (18 documents).

Top productive countries based on the number of publications

Distribution by sources

Table ​ Table3 3 enumerates the top leading journals in the number of publications relevant to cybercrime victimization. The total publications of the first ranking journal— Computers in Human Behavior were 56, over twice as higher as the second raking journal— Cyberpsychology, Behavior and Social Networking (24 articles). Most of these journals have had long publishing history, starting their publications before 2000. Only three journals launched after 2000, consisting of Journal of School Violence (2002), Cyberpsychology: Journal of Psychosocial Research on Cyberspace (2007) and Frontiers in Psychology (2010). Besides, it is remarked that one third of the top journals focuses on youth related issues: Journal of Youth and Adolescence , Journal of Adolescence, School Psychology International and Journal of School Violence .

Top leading journals based on the quantity of publications

SPY Started Publication Year

In Table ​ Table3, 3 , relating to total citations, Computers in Human Behavior remained the first position with 2055 citations. Journal of Youth and Adolescence had total 1285 citations, ranked second and followed by Aggressive Behavior with 661 citations. In terms of average citations per documents, an article of Journal of Youth and Adolescence was cited 67.63 times in average, much higher than average citations of one in Computers in Human Behavior (36.70 times). The other journals which achieved the high number of average citations per document were School Psychology International (59.00 times), Journal of Adolescence (44.83 times) and Aggressive Behavior (44.07 times).

Distribution by authors

Table ​ Table4 4 displays ten productive authors based on article count; total citations of each author and their average citations per document are also included. Michelle F. Wright from Pennsylvania State University ranked first with twenty publications, twice as higher as the second positions, Thomas J. Holt (10 articles) from Michigan State University and Bradford W. Reyns (10 articles) from Weber State University. Rosario Ortega-Ruiz from University of Cordoba stayed at the third place in terms of total publications but the first place in aspect of total citations (483 citations) and the average citations (60.38 times).

Top productive authors based on article count

Of the most productive authors based on total publications, there were three authors from universities in the USA; one from the university in Canada (Brett Holfeld); the others were from institutions in Euro, including Spain (Rosario Ortega-Ruiz), Greece (Constantinos M. Kokkinos) and Belgium (Heidi Vandebosch), Netherlands (Rutger Leukfeldt) and Austria (Takuya Yanagida and Christiane Spiel).

Most-cited publications

The most-cited literature items are displayed in Table ​ Table5. 5 . The article which recorded the highest number of citations was ‘Psychological, Physical, and Academic Correlates of Cyberbullying and Traditional Bullying’ (442 citations) by Robin M. Kowalski et al. published in Journal of Adolescent Health , 2013. Seven of ten most-cited articles were about cyberbullying; focused on youth population; made comparisons between cyberbullying and traditional bullying; analyzed the impact of several factors such as psychological, physical, academic factors or use of Internet; discussed on preventing strategies. The other publications studied victimization of cyberstalking and cyber dating abuse. All most-cited articles were from 2015 and earlier.

The most-cited publications in subject of cybercrime victimization during 2010–2020

Of the top productive authors, only Bradford W. Reyns had an article appeared in the group of most-cited publications. His article ‘Being Pursued Online: Applying Cyberlifestyle-Routine Activities Theory to Cyberstalking Victimization’ (2011) was cited 172 times.

Co-authorship analysis

“Scientific collaboration is a complex social phenomenon in research” (Glänzel and Schubert 2006 , p. 257) and becomes the increasing trend in individual, institutional and national levels. In bibliometric analysis, it is common to assess the productivity and international collaboration of research; identify key leading researchers, institutions, or countries (E Fonseca et al. 2016 ) as well as potential collaborators in a specific scientific area (Romero and Portillo-Salido 2019 ) by co-authorship analysis which constructs networks of authors and countries (Eck and Waltman 2020 ).

This section analyses international collaboration relevant to research of cybercrime victimization among authors, institutions, and countries during 2010–2020 through visualization of VOS Viewer software.

Collaboration between authors

Referring to the threshold of choose in this analysis, minimum number of documents of author is three and there were 80 authors for final results. Figure  4 illustrates the relationships between 80 scientists who study in subject of cybercrime victimization during 2010–2020. It shows several big groups of researchers (Wright’s group, Vandebosch’s group, or Holt’s group), while numerous authors had limited or no connections to others (Sheri Bauman, Michelle K. Demaray or Jennifer D. Shapka).

Collaboration among authors via network visualization (threshold three articles for an author, displayed 80 authors)

Figure  5 displayed a significant network containing 23 authors who were active in collaboration in detail. The displayed items in Fig.  5 are divided into five clusters coded with distinctive colors, including red, green, blue, yellow, and purple. Each author item was represented by their label and a circle; the size of label and circle are depended on the weight of the item, measured by the total publications (Eck and Waltman 2020 ). The thickness of lines depends on the strength of collaboration (Eck and Waltman 2020 ).

Collaboration among authors via network visualization (threshold three articles for an author, displayed 23 authors)

The most significant cluster was red one which is comprised of six researchers: Michelle F. Wright, Sebastian Wachs, Yan Li, Anke Gorzig, Manuel Gamez-Guadix and Esther Calvete. The remarked author for the red cluster was Michelle F. Wright whose value of total link strength is 24. She had the strongest links with Sebastian Wachs; closely link with Yan Li, Anke Gorzig, Manuel Gamez-Guadix and collaborated with authors of yellow cluster, including Shanmukh V. Kamble, Li Lei, Hana Machackova, Shruti Soudi as well as Takuya Yanagida of blue cluster. Michelle F. Wright who obtained the largest number of published articles based on criteria of this study made various connections with other scholars who were from many different institutions in the world. This is also an effective way to achieve more publications.

Takuya Yanagida was the biggest node for the blue cluster including Petra Gradinger, Daniel Graf, Christiane Spiel, Dagmar Strohmeier. Total link strength for Takuya Yanagida was 28; twelve connections. It is observed that Takuya Yanagida’ s research collaboration is definitely active. Besides, other research groups showed limited collaborations comparing with the red and blue ones.

Collaboration between institutions

The connections among 156 institutions which published at least two documents per one are shown in Fig.  6 . Interestingly, there is obvious connections among several distinctive clusters which were coded in color of light steel blue, orange, purple, steel blue, green, red, yellow, light red, dark turquoise, light blue, brown and light green. These clusters created a big chain of connected institutions and were in the center of the figure, while other smaller clusters or unlinked bubbles (gray color) were distributed in two sides. The biggest chain consisted of most of productive institutions such as Masaryk University, Michigan State University, University of Antwerp, Weber State University, University of Cordoba, Edith Cowan University, University of Cincinnati, University of Victoria, University of Vienna, and University of Seville.

Collaboration among institutions via network visualization (threshold two articles for an institution, 156 institutions were displayed)

Light steel blue and orange clusters presented connections among organizations from Australia. Light green included institutions from Netherland, while turquoise and light blue consisted of institutions from the USA. Yellow cluster was remarked by the various collaborations among institutions from China and Hong Kong Special Administrative Region (Renmin University of China and South China Normal University, University of Hong Kong, the Hong Kong Polytechnic University and the Chinese University of Hong Kong), the USA (University of Virginia), Cyprus (Eastern Mediterranean University), Japan (Shizuoka University), India (Karnataka University) and Austria (University Applied Sciences Upper Austria). Central China Normal University is another Chinese institution which appeared in Fig.  5 , linking with Ministry of Education of the People’s Republic of China, Suny Stony Brook and University of Memphis from the USA.

Masaryk University and Michigan State University demonstrated their productivity in both the quantity of publications and the collaboration network. They were active in research collaboration, reaching twelve and eleven links, respectively, with different institutions, but focused much on networking with institutions in the USA and Europe.

Collaboration between countries

The collaboration among 45 countries which published at least one SSCI documents of cybercrime victimization during the given period was examined in VOS Viewer but just 42 items were displayed via overlay visualization. Figure  7 depicts the international collaborations among significant countries. The USA is the biggest bubble due to its biggest number of documents and shows connections with 26 countries/regions in Euro, Asia, Australia, Middle East. Excepting European countries, England collaborate with the USA, Australia, South Korea, Japan, Thailand, Singapore, Sri Lanka, and Colombia. Spain and Germany almost focus on research network within Euro. China has the strongest tie with the USA, link with Australia, Germany, Czech Republic, Austria, Cyprus and Turkey, Japan, Indian, Vietnam.

Collaboration among countries via overlay visualization

Color bar in Fig.  7 is determined by the average publication year of each country and the color of circles based on it. It is unsurprised that the USA, Australia, England, or Spain shows much research experience in this field and maintain the large number of publications steadily. Interestingly, although the average publication year of South Korea or Cyprus was earlier than other countries (purple color), their quantities of documents were moderate. The new nodes (yellow circles) in the map included Vietnam, Norway, Pakistan, Ireland, Scotland, Switzerland.

Keywords and co-occurrence

The present paper examined the related themes and contents in research of cybercrime victimization during 2010–2020 through collecting author keywords, adding several keywords from tiles and abstracts. Besides, this study also conducted co-occurrence analysis of author keywords to show the relationships among these keywords.

The keywords were collected and categorized into 15 themes in Table ​ Table6, 6 , including cybercrime; sample and demographic factors; location; theory; methodology; technology, platform, and related others; psychology and mental health; physical health; family; school; society; crimes and other deviant behaviors; victim; prevention and intervention; and others.

Statistic of keywords in themes

These keywords were most of author keyword, adding a few selected keywords from the titles and abstracts by the author of this current study

In the theme of cybercrime, there were numerous types of cybercrimes such as cyberbullying, cyber aggression, cyberstalking, cyber harassment, sextortion and other cyber dating crimes, cyber fraud, identity theft, phishing, hacking, malware, or ransomware. Generally, the frequency of interpersonal cybercrimes or cyber-enable crimes was much higher than cyber-dependent crimes. Cyberbullying was the most common cybercrime in research.

Relating to sample and demographic factors, there were sample of children, adolescent, adults, and the elder who were divided into more detail levels in each research; however, adolescent was the most significant sample. Besides, demographic factor of gender received a remarked concern from scholars.

It is usual that most of the research were carried out in one country, in popular it was the USA, Spain, Germany, England, Australia, Canada or Netherland but sometimes the new ones were published such as Chile, Vietnam, Thailand or Singapore. It was witnessed that some studies showed data collected from a group of countries such as two countries (Canada and the United State), three countries (Israel, Litva, Luxembourg), four countries (the USA, the UK, Germany, and Finland), or six Europe countries (Spain, Germany, Italy, Poland, the United Kingdom and Greece).

A wide range of theories were applied in this research focusing on criminological and psychological theories such as Routine Activities Theory, Lifestyle—Routine Activities Theory, General Strain Theory, the Theory of Reasoned Action or Self-control Theory.

Table ​ Table6 6 indicated a lot of different research methods covering various perspective of cybercrime victimization: systematic review, questionnaire survey, interview, experiment, mix method, longitudinal study, or cross-national research; many kinds of analysis such as meta-analysis, social network analysis, latent class analysis, confirmatory factor analysis; and a wide range of measurement scales which were appropriate for each variable.

Topic of cybercrime victimization had connections with some main aspects of technology (information and communication technologies, internet, social media or technology related activities), psychology (self-esteem, fear, attitude, personality, psychological problems, empathy, perceptions or emotion), physical health, family (parents), school (peers, school climate), society (norms, culture, social bonds), victim, other crimes (violence, substance use), prevention and intervention.

Co-occurrence analysis was performed with keywords suggested by authors and the minimum number of occurrences per word is seven. The result showed 36 frequent keywords which clustered into five clusters as illustrated in Fig.  8 .

Co-occurrence between author keywords via network visualization (the minimum number of occurrences per word is seven, 36 keywords were displayed)

Figure  8 illustrates some main issues which were concerned in subject of cybercrime victimization, as well as the relationship among them. Fifteen most frequent keywords were presented by big bubbles, including: ‘cyberbullying’ (174 times), ‘cyber victimization’ (90 times), ‘adolescent’ (79 times), ‘bullying’ (66 times), ‘victimization’ (56 times), ‘cybercrime’ (40 times), ‘cyber aggression’ (37 times), ‘depression’ (23 times), ‘aggression’ (14 times), ‘routine activities theory’ (13 times), ‘cyberstalking’ (11 times), ‘gender’ (11 times), ‘longitudinal’ (10 times), ‘peer victimization’ (10 times) and ‘self-esteem’ (10 times).

‘Cyberbullying’ linked with many other keywords, demonstrating the various perspectives in research of this topic. The thick lines which linked ‘cyberbullying’ and ‘bullying’, ‘adolescent’, ‘cyber victimization’, ‘victimization’ showed the strong connections between them; there were close relationship between ‘cyber aggression’, ‘bystander”, ‘self-esteem’ or ‘moral disengagement’ and ‘cyberbullying’.

‘Cybercrime’ had strong links with ‘victimization’, ‘routine activities theory’. In Fig.  8 , the types of cybercrime which occurred at least seven times were: cyberbullying, cyber aggression, hacking, cyberstalking, and cyber dating abuse.

The increasing trend over the years reveals the increasing concern of scholarly community on this field, especially in the boom of information technology and other communication devices and the upward trend in research of cyberspace-related issues (Altarturi et al. 2020 ; Leung et al. 2017 ; Serafin et al. 2019 ). It predicts the growth of cybercrime victimization research in future.

Psychology was the more popular research areas in database, defeating criminology penology. As part of the ‘human factors of cybercrime’, human decision-making based on their psychological perspectives plays as a hot topic in cyber criminology (Leukfeldt and Holt 2020 ). Then, it is observed that journals in psychology field was more prevalent in top of productive sources. Besides, journal Computers in Human Behavior ranked first in total publications, but Journal of Youth and Adolescence ranked higher place in the average citations per document. Generally, top ten journals having highest number of publications on cybercrime victimization are highly qualified ones and at least 10 years in publishing industry.

The USA demonstrated its leading position in the studied domain in terms of total publications as well as the various collaborations with other countries. The publications of the USA occupied much higher than the second and third countries: England and Spain. It is not difficult to explain for this fact due to the impressive productivity of institutions and authors from the USA. A third of top twelve productive institutions were from the USA. Three leading positions of top ten productive authors based on document count were from institutions of the USA, number one was Michelle F. Wright; others were Thomas J. Holt and Bradford W. Reyns.

Furthermore, these authors also participated in significant research groups and become the important nodes in those clusters. The most noticeable authors in co-authors network were Michelle F. Wright. The US institutions also had strong links in research network. The USA was likely to be open in collaboration with numerous countries from different continents in the world. It was assessed to be a crucial partner for others in the international co-publication network (Glänzel and Schubert 2006 ).

As opposed to the USA, most of European countries prefer developing research network within Europe and had a limited collaboration with other areas. Australia, the USA, or Japan was in a small group of countries which had connections with European ones. Nevertheless, European countries still showed great contributions for research of cybercrime victimization and remained stable links in international collaboration. The prominent authors from Euro are Rosario Ortega-Ruiz, Constantinos M. Kokkinos or Rutger Leukfeldt.

It is obvious that the limited number of publications from Asia, Middle East, Africa, or other areas resulted in the uncomprehensive picture of studied subject. For example, in the Southeast Asia, Malaysia and Vietnam lacked the leading authors with their empirical studies to review and examine the nature of cybercrimes, though they are facing to practical challenges and potential threats in the cyberspace (Lusthaus 2020a , b ). The present study indicated that Vietnam, Ireland, or Norway was the new nodes and links in research network.

Several nations which had a small number of publications such as Vietnam, Thailand, Sri Lanka, or Chile started their journey of international publications. It is undeniable that globalization and the context of global village (McLuhan 1992 ) requires more understanding about the whole nations and areas. Conversely, each country or area also desires to engage in international publications. Therefore, new nodes and clusters are expected to increase and expand.

The findings indicated that cyberbullying was the most popular topic on research of cybercrime victimization over the given period. Over a half of most-cited publications was focus on cyberbullying. Additionally, ‘cyberbullying’ was the most frequent author keyword which co-occurred widely with distinctive keywords such as ‘victimization’, ‘adolescents’, ‘bullying’, ‘social media’, ‘internet’, ‘peer victimization’ or ‘anxiety’.

By reviewing keywords, several research gaps were indicated. Research samples were lack of population of the children and elders, while adolescent and youth were frequent samples of numerous studies. Although young people are most active in cyberspace, it is still necessary to understand other populations. Meanwhile, the elderly was assumed to use information and communication technologies to improve their quality of life (Tsai et al. 2015 ), their vulnerability to the risk of cybercrime victimization did not reduce. Those older women were most vulnerable to phishing attacks (Lin et al. 2019 ; Oliveira et al. 2017 ). Similarly, the population of children with distinctive attributes has become a suitable target for cybercriminals, particularly given the context of increasing online learning due to Covid-19 pandemic impacts. These practical gaps should be prioritized to focus on research for looking the suitable solutions in the future. Besides, a vast majority of research were conducted in the scope of one country; some studies collected cross-national data, but the number of these studies were moderate and focused much on developed countries. There are rooms for studies to cover several countries in Southeast Asia or South Africa.

Furthermore, although victims may be both individuals and organizations, most of research concentrated much more on individuals rather than organizations or companies. Wagen and Pieters ( 2020 ) indicated that victims include both human and non-human. They conducted research covering cases of ransomware victimization, Bonet victimization and high-tech virtual theft victimization and applying Actor-Network Theory to provide new aspect which did not aim to individual victims. The number of this kind of research, however, was very limited. Additionally, excepting cyberbullying and cyber aggression were occupied the outstanding quantity of research, other types of cybercrime, especially, e-whoring, or social media-related cybercrime should still be studied more in the future.

Another interesting topic is the impact of family on cybercrime victimization. By reviewing keyword, it is clear that the previous studies aimed to sample of adolescent, hence, there are many keywords linking with parents such as ‘parent-adolescent communication’, ‘parent-adolescent information sharing’, ‘parental mediation’, ‘parental monitoring of cyber behavior’, ‘parental style’. As mentioned above, it is necessary to research more on sample of the elder, then, it is also essential to find out how family members affect the elder’s cybercrime victimization.

It is a big challenge to deal with problems of cybercrime victimization because cybercrime forms become different daily (Näsi et al. 2015 ). Numerous researchers engage in understanding this phenomenon from various angles. The current bibliometric study assessed the scholarly status on cybercrime victimization during 2010–2020 by retrieving SSCI articles from WoS database. There is no study that applied bibliometric method to research on the examined subject. Hence, this paper firstly contributed statistical evidence and visualized findings to literature of cybercrime victimization.

Statistical description was applied to measure the productive authors, institutions, countries/regions, sources, and most-cited documents, mainly based on publication and citation count. The international collaborations among authors, institutions, and countries were assessed by co-authors, while the network of author keywords was created by co-occurrence analysis. The overall scholarly status of cybercrime victimization research was drawn clearly and objectively. The research trend, popular issues and current gaps were reviewed, providing numerous suggestions for policymakers, scholars, and practitioners about cyber-related victimization (Pickering and Byrne 2014 ). Accordingly, the paper indicated the most prevalent authors, most-cited papers but also made summary of contributions of previous research as well as identified research gaps. First, this article supports for PhD candidates or early-career researchers concerning about cybercrime victimization. Identifying the leading authors, remarked journals, or influencing articles, gaps related to a specific research topic is important and useful task for new researchers to start their academic journey. Although this information is relatively simple, it takes time and is not easy for newcomers to find out, especially for ones in poor or developing areas which have limited conditions and opportunities to access international academic sources. Thus, the findings in the current paper provided for them basic but necessary answers to conduct the first step in research. Secondly, by indicating research gaps in relevance to sample, narrow topics or scope of country, the paper suggests future study fulfilling them to complete the field of cybercrime victimization, especial calling for publications from countries which has had a modest position in global research map. Science requires the balance and diversity, not just focusing on a few developed countries or areas. Finally, the present study assists researchers and institutions to determined strategy and potential partners for their development of research collaborations. It not only improve productivity of publication but also create an open and dynamic environment for the development of academic field.

Despite mentioned contributions, this study still has unavoidable limitations. The present paper just focused on SSCI articles from WoS database during 2010–2020. It did not cover other sources of databases that are known such as Scopus, ScienceDirect, or Springer; other types of documents; the whole time; or articles in other languages excepting English. Hence it may not cover all data of examined subject in fact. Moreover, this bibliometric study just performed co-authorship and co-occurrence analysis. The rest of analysis such as citation, co-citation and bibliographic coupling have not been conducted. Research in the future is recommended to perform these kinds of assessment to fill this gap. To visualize the collaboration among authors, institutions, countries, or network of keywords, this study used VOS Viewer software and saved the screenshots as illustrations. Therefore, not all items were displayed in the screenshot figures.

Data availability

Declarations.

The authors declare that they have no competing interest.

1 In the ‘commemorating a decade in existence of the International Journal of Cyber Criminoogy’, Ngo and Jaishankar ( 2017 ) called for further research with focusing on five main areas in the Cyber Criminiology, including (1) defining and classifying cybercrime, (2) assessing the prevalence, nature, and trends of cybercrime, (3) advancing the field of cyber criminology, (4) documenting best practices in combating and preventing cybercrime, and (5) cybercrime and privacy issues.

Contributor Information

Huong Thi Ngoc Ho, Email: moc.liamg@252nhgnouH .

Hai Thanh Luong, Email: [email protected] .

• Abdullah ATM, Jahan I. Causes of cybercrime victimization: a systematic literature review. Int J Res Rev. 2020; 7 (5):89–98. [ Google Scholar ]
• Al-Nemrat A, Benzaïd C (2015) Cybercrime profiling: Decision-tree induction, examining perceptions of internet risk and cybercrime victimisation. In: Proceedings—14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, vol 1, pp 1380–1385. 10.1109/Trustcom.2015.534
• Alalehto TI, Persson O. The Sutherland tradition in criminology: a bibliometric story. Crim Justice Stud. 2013; 26 (1):1–18. doi: 10.1080/1478601X.2012.706753. [ CrossRef ] [ Google Scholar ]
• Algarni A, Xu Y, Chan T. An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook. Eur J Inf Syst. 2017; 26 (6):661–687. doi: 10.1057/s41303-017-0057-y. [ CrossRef ] [ Google Scholar ]
• Altarturi HHM, Saadoon M, Anuar NB. Cyber parental control: a bibliometric study. Child Youth Serv Rev. 2020 doi: 10.1016/j.childyouth.2020.105134. [ CrossRef ] [ Google Scholar ]
• Ariola B, Laure ERF, Perol ML, Talines PJ. Cybercrime awareness and perception among Students of Saint Michael College of Caraga. SMCC Higher Educ Res J. 2018; 1 (1):1. doi: 10.18868/cje.01.060119.03. [ CrossRef ] [ Google Scholar ]
• Benson V, Saridakis G, Tennakoon H. Purpose of social networking use and victimisation: are there any differences between university students and those not in HE? Comput Hum Behav. 2015; 51 :867–872. doi: 10.1016/j.chb.2014.11.034. [ CrossRef ] [ Google Scholar ]
• Brenner SW. Is there such a thing as “rough”? Calif Crim Law Rev. 2001; 4 (1):348–349. doi: 10.3109/09637487909143344. [ CrossRef ] [ Google Scholar ]
• Chen X, Wang S, Tang Y, Hao T. A bibliometric analysis of event detection in social media. Online Inf Rev. 2019; 43 (1):29–52. doi: 10.1108/OIR-03-2018-0068. [ CrossRef ] [ Google Scholar ]
• Choi K. Computer Crime Victimization and Integrated Theory: an empirical assessment. Int J Cyber Criminol. 2008; 2 (1):308–333. [ Google Scholar ]
• Cojocaru I, Cojocaru I (2019) A bibliomentric analysis of cybersecurity research papers in Eastern Europe: case study from the Republic of Moldova. In: Central and Eastern European E|Dem and E|Gov Days, pp 151–161
• Das B, Sahoo JS. Social networking sites—a critical analysis of its impact on personal and social life. Int J Bus Soc Sci. 2011; 2 (14):222–228. [ Google Scholar ]
• Drew JM. A study of cybercrime victimisation and prevention: exploring the use of online crime prevention behaviours and strategies. J Criminol Res Policy Pract. 2020; 6 (1):17–33. doi: 10.1108/JCRPP-12-2019-0070. [ CrossRef ] [ Google Scholar ]
• E Fonseca B, Sampaio, de Araújo Fonseca MV, Zicker F (2016). Co-authorship network analysis in health research: method and potential use. Health Res Policy Syst 14(1):1–10. 10.1186/s12961-016-0104-5 [ PMC free article ] [ PubMed ]
• Feeley TH. A bibliometric analysis of communication journals from 2002 to 2005. Hum Commun Res. 2008; 34 :505–520. doi: 10.1111/j.1468-2958.2008.00330.x. [ CrossRef ] [ Google Scholar ]
• Gan C, Wang W. A bibliometric analysis of social media research from the perspective of library and information science. IFIP Adv Inf Commun Technol. 2014; 445 :23–32. doi: 10.1007/978-3-662-45526-5_3. [ CrossRef ] [ Google Scholar ]
• Glänzel W, Schubert A. Analysing scientific networks through co-authorship. Handb Quant Sci Technol Res. 2006 doi: 10.1007/1-4020-2755-9_12. [ CrossRef ] [ Google Scholar ]
• Gogolin G. The digital crime tsunami. Digit Investig. 2010; 7 (1–2):3–8. doi: 10.1016/j.diin.2010.07.001. [ CrossRef ] [ Google Scholar ]
• Holt TJ, Bossler AM. Examining the applicability of lifestyle-routine activities theory for cybercrime victimization. Deviant Behav. 2009; 30 (1):1–25. doi: 10.1080/01639620701876577. [ CrossRef ] [ Google Scholar ]
• Holt TJ, Bossler AM. An assessment of the current state of cybercrime scholarship. Deviant Behav. 2014; 35 (1):20–40. doi: 10.1080/01639625.2013.822209. [ CrossRef ] [ Google Scholar ]
• Ilievski A. An explanation of the cybercrime victimisation: self-control and lifestile/routine activity theory. Innov Issues Approaches Soc Sci. 2016; 9 (1):30–47. doi: 10.12959/issn.1855-0541.iiass-2016-no1-art02. [ CrossRef ] [ Google Scholar ]
• Insa F. The Admissibility of Electronic Evidence in Court (A.E.E.C.): Fighting against high-tech crime—results of a European study. J Digital Forensic Pract. 2007; 1 (4):285–289. doi: 10.1080/15567280701418049. [ CrossRef ] [ Google Scholar ]
• Jahankhani H. Developing a model to reduce and/or prevent cybercrime victimization among the user individuals. Strategic Intell Manag. 2013 doi: 10.1016/b978-0-12-407191-9.00021-1. [ CrossRef ] [ Google Scholar ]
• Jamshed J, Naeem S, Ahmad K (2020) Analysis of Criminal Law Literature: a bibliometric study from 2010–2019. Library Philos Pract
• Kim J, Kang S, Lee KH (2019) Evolution of digital marketing communication: Bibliometric analysis and networs visualization from key articles. J Bus Res
• Kirwan GH, Fullwood C, Rooney B. Risk factors for social networking site scam victimization among Malaysian students. Cyberpsychol Behav Soc Netw. 2018; 21 (2):123–128. doi: 10.1089/cyber.2016.0714. [ PubMed ] [ CrossRef ] [ Google Scholar ]
• Lee S-S, Choi KS, Choi S, Englander E. A test of structural model for fear of crime in social networking sites A test of structural model for fear of crime in social networking sites. Int J Cybersecur Intell Cybercrime. 2019; 2 (2):5–22. doi: 10.52306/02020219SVZL9707. [ CrossRef ] [ Google Scholar ]
• Leukfeldt R, Holt T, editors. The human factor of cybercrime. New York: Routledge; 2020. [ Google Scholar ]
• Leukfeldt ER, Yar M. Applying routine activity theory to cybercrime: a theoretical and empirical analysis. Deviant Behav. 2016; 37 (3):263–280. doi: 10.1080/01639625.2015.1012409. [ CrossRef ] [ Google Scholar ]
• Leung XY, Sun J, Bai B. Bibliometrics of social media research: a co-citation and co-word analysis. Int J Hosp Manag. 2017; 66 :35–45. doi: 10.1016/j.ijhm.2017.06.012. [ CrossRef ] [ Google Scholar ]
• Li Q, Wei W, Xiong N, Feng D, Ye X, Jiang Y. Social media research, human behavior, and sustainable society. Sustainability. 2017; 9 (3):384. doi: 10.3390/su9030384. [ CrossRef ] [ Google Scholar ]
• Lin T, Capecci DE, Ellis DM, Rocha HA, Dommaraju S, Oliveira DS, Ebner NC. Susceptibility to spear-phishing emails: effects of internet user demographics and email content. ACM Trans Comput-Hum Interact. 2019; 26 (5):1–28. doi: 10.1145/3336141. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
• Luong TH. Prevent and combat sexual assault and exploitation of children on cyberspace in Vietnam: situations, challenges, and responses. In: Elshenraki H, editor. Combating the exploitation of children in cyberspace: emerging research and opportunities. Hershey: IGI Global; 2021. pp. 68–94. [ Google Scholar ]
• Luong HT, Phan HD, Van Chu D, Nguyen VQ, Le KT, Hoang LT. Understanding cybercrimes in Vietnam: from leading-point provisions to legislative system and law enforcement. Int J Cyber Criminol. 2019; 13 (2):290–308. doi: 10.5281/zenodo.3700724. [ CrossRef ] [ Google Scholar ]
• Lusthaus J (2020a) Cybercrime in Southeast Asia: Combating a Global Threat Locally. Retrieved from Canberra, Australia: https://s3-ap-southeast-2.amazonaws.com/ad-aspi/202005/Cybercrime%20in%20Southeast%20Asia.pdf?naTsKQp2jtSPYsWpSo4YmE1sVBNv_exJ
• Lusthaus J. Modelling cybercrime development: the case of Vietnam. In: Leukfeldt R, Holt T, editors. The human factor of cybercrime. New York: Routledge; 2020. pp. 240–257. [ Google Scholar ]
• Marsh I, Melville G. Crime justice and the media. Crime Justice Med. 2008 doi: 10.4324/9780203894781. [ CrossRef ] [ Google Scholar ]
• Martí-Parreño J, Méndez-Ibáñezt E, Alonso-Arroyo A (2016) The use of gamification in education: a bibliometric and text mining analysis. J Comput Assist Learn
• McLuhan M. The Global Village: Transformations in World Life and Media in the 21st Century (Communication and Society) Oxford: Oxford University Press; 1992. [ Google Scholar ]
• Näsi M, Oksanen A, Keipi T, Räsänen P. Cybercrime victimization among young people: a multi-nation study. J Scand Stud Criminol Crime Prev. 2015 doi: 10.1080/14043858.2015.1046640. [ CrossRef ] [ Google Scholar ]
• Ngo F, Jaishankar K. Commemorating a decade in existence of the international journal of cyber criminology: a research agenda to advance the scholarship on cyber crime. Int J Cyber Criminol. 2017; 11 (1):1–9. [ Google Scholar ]
• Ngo F, Paternoster R. Cybercrime victimization: an examination of individual and situational level factors. Int J Cyber Criminol. 2011; 5 (1):773. [ Google Scholar ]
• Nguyen VT, Luong TH. The structure of cybercrime networks: transnational computer fraud in Vietnam. J Crime Justice. 2020 doi: 10.1080/0735648X.2020.1818605. [ CrossRef ] [ Google Scholar ]
• Oksanen A, Keipi T. Young people as victims of crime on the internet: a population-based study in Finland. Vulnerable Child Youth Stud. 2013; 8 (4):298–309. doi: 10.1080/17450128.2012.752119. [ CrossRef ] [ Google Scholar ]
• Oliveira D, Rocha H, Yang H, Ellis D, Dommaraju S, Muradoglu M, Weir D, Soliman A, Lin T, Ebner N (2017) Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In: Conference on Human Factors in Computing Systems—Proceedings, 2017-May, 6412–6424. 10.1145/3025453.3025831
• Orchard LJ, Fullwood C, Galbraith N, Morris N. Individual differences as predictors of social networking. J Comput-Mediat Commun. 2014; 19 (3):388–402. doi: 10.1111/jcc4.12068. [ CrossRef ] [ Google Scholar ]
• Parrish JL, Jr, Bailey JL, Courtney JF. A personality based model for determining susceptibility to phishing attacks. Little Rock: University of Arkansas; 2009. pp. 285–296. [ Google Scholar ]
• Pasadeos Y. A bibliometric study of advertising citations. J Advert. 1985; 14 (4):52–59. doi: 10.1080/00913367.1985.10672971. [ CrossRef ] [ Google Scholar ]
• Pickering C, Byrne J. The benefits of publishing systematic quantitative literature reviews for PhD candidates and other early-career researchers. Higher Educ Res Devel ISSN. 2014; 33 (3):534–548. doi: 10.1080/07294360.2013.841651. [ CrossRef ] [ Google Scholar ]
• Reyns BW, Fisher BS, Bossler AM, Holt TJ. Opportunity and Self-control: do they predict multiple forms of online victimization? Am J Crim Justice. 2019; 44 (1):63–82. doi: 10.1007/s12103-018-9447-5. [ CrossRef ] [ Google Scholar ]
• Romero L, Portillo-Salido E. Trends in sigma-1 receptor research: a 25-year bibliometric analysis. Front Pharmacol. 2019 doi: 10.3389/fphar.2019.00564. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
• Saad ME, Huda Sheikh Abdullah SN, Murah MZ. Cyber romance scam victimization analysis using Routine Activity Theory versus apriori algorithm. Int J Adv Comput Sci Appl. 2018; 9 (12):479–485. doi: 10.14569/IJACSA.2018.091267. [ CrossRef ] [ Google Scholar ]
• Saridakis G, Benson V, Ezingeard JN, Tennakoon H. Individual information security, user behaviour and cyber victimisation: an empirical study of social networking users. Technol Forecast Soc Change. 2016; 102 :320–330. doi: 10.1016/j.techfore.2015.08.012. [ CrossRef ] [ Google Scholar ]
• Seng S, Wright M, Al-Ameen MN (2018) Understanding users’ decision of clicking on posts in facebook with implications for phishing. Workshop on Technology and Consumer Protection (ConPro 18), May, 1–6
• Serafin MJ, Garcia-Vargas GR, García-Chivita MDP, Caicedo MI, Correra JC. Cyberbehavior: a bibliometric analysis. Annu Rev Cyber Ther Telemed. 2019; 17 :17–24. doi: 10.31234/osf.io/prfcw. [ CrossRef ] [ Google Scholar ]
• Skinner WF, Fream AM. A social learning theory analysis of computer crime among college students. J Res Crime Delinq. 1997; 34 (4):495–518. doi: 10.1177/0022427897034004005. [ CrossRef ] [ Google Scholar ]
• Tsai H, Yi S, Shillair R, Cotten SR, Winstead V, Yost E. Getting grandma online: are tablets the answer for increasing digital inclusion for older adults in the US? Educ Gerontol. 2015; 41 (10):695–709. doi: 10.1080/03601277.2015.1048165. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]
• van Eck NJ, Waltman L (2020) Manual for VOSviewer version 1.6.16
• Van Wilsem J. “Bought it, but never got it” assessing risk factors for online consumer fraud victimization. Eur Sociol Rev. 2013; 29 (2):168–178. doi: 10.1093/esr/jcr053. [ CrossRef ] [ Google Scholar ]
• van der Wagen W, Pieters W. The hybrid victim: re-conceptualizing high-tech cyber victimization through actor-network theory. Eur J Criminol. 2020; 17 (4):480–497. doi: 10.1177/1477370818812016. [ CrossRef ] [ Google Scholar ]
• Vishwanath A. Habitual Facebook use and its impact on getting deceived on social media. J Comput-Mediat Commun. 2015; 20 (1):83–98. doi: 10.1111/jcc4.12100. [ CrossRef ] [ Google Scholar ]
• Wall D. Crime and the Internet: Cybercrime and cyberfears. 1. London: Routledge; 2001. [ Google Scholar ]
• Wall D. What are cybercrimes? Crim Justice Matters. 2004; 58 (1):20–21. doi: 10.1080/09627250408553239. [ CrossRef ] [ Google Scholar ]
• Whitty MT, Buchanan T. The online romance scam: a serious cybercrime. Cyberpsychol Behav Soc Netw. 2012; 15 (3):181–183. doi: 10.1089/cyber.2011.0352. [ PubMed ] [ CrossRef ] [ Google Scholar ]
• You GR, Sun X, Sun M, Wang JM, Chen YW (2014) Bibliometric and social network analysis of the SoS field. In: Proceedings of the 9th International Conference on System of Systems Engineering: The Socio-Technical Perspective, SoSE 2014, 13–18. 10.1109/SYSOSE.2014.6892456
• Zyoud SH, Sweileh WM, Awang R, Al-Jabi SW. Global trends in research related to social media in psychology: Mapping and bibliometric analysis. Int J Ment Health Syst. 2018; 12 (1):1–8. doi: 10.1186/s13033-018-0182-6. [ PMC free article ] [ PubMed ] [ CrossRef ] [ Google Scholar ]

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

• View all journals
• My Account Login
• Explore content
• About the journal
• Publish with us
• Sign up for alerts
• Open access
• Published: 23 February 2023

Exploring the global geography of cybercrime and its driving forces

• Shuai Chen   ORCID: orcid.org/0000-0003-3623-1532 1 , 2 ,
• Mengmeng Hao   ORCID: orcid.org/0000-0001-5086-6441 1 , 2 ,
• Fangyu Ding   ORCID: orcid.org/0000-0003-1821-531X 1 , 2 ,
• Dong Jiang 1 , 2 ,
• Jiping Dong 1 , 2 ,
• Shize Zhang 3 ,
• Qiquan Guo 1 &
• Chundong Gao 4  

Humanities and Social Sciences Communications volume  10 , Article number:  71 ( 2023 ) Cite this article

12k Accesses

11 Citations

1 Altmetric

Metrics details

• Criminology
• Science, technology and society

Cybercrime is wreaking havoc on the global economy, national security, social stability, and individual interests. The current efforts to mitigate cybercrime threats are primarily focused on technical measures. This study considers cybercrime as a social phenomenon and constructs a theoretical framework that integrates the social, economic, political, technological, and cybersecurity factors that influence cybercrime. The FireHOL IP blocklist, a novel cybersecurity data set, is used to map worldwide subnational cybercrimes. Generalised linear models (GLMs) are used to identify the primary factors influencing cybercrime, whereas structural equation modelling (SEM) is used to estimate the direct and indirect effects of various factors on cybercrime. The GLM results suggest that the inclusion of a broad set of socioeconomic factors can significantly improve the model’s explanatory power, and cybercrime is closely associated with socioeconomic development, while their effects on cybercrime differ by income level. Additionally, results from SEM further reveals the causal relationships between cybercrime and numerous contextual factors, demonstrating that technological factors serve as a mediator between socioeconomic conditions and cybercrime.

Similar content being viewed by others

Rethinking the environmental Kuznets curve hypothesis across 214 countries: the impacts of 12 economic, institutional, technological, resource, and social factors

Exposure to untrustworthy websites in the 2020 US election

A systematic review of worldwide causal and correlational evidence on digital media and democracy

Introduction.

Cybercrime is a broad term used by government, businesses, and the general public to account for a variety of criminal activities and harmful behaviours involving the adoption of computers, the internet, or other forms of information communications technologies (ICTs) (Wall, 2007 ). As an emerging social phenomenon in the information age, cybercrime has aroused growing concern around the world due to its high destructiveness and widespread influence. In 2017, the WannaCry ransomware attack affected more than 230,000 computers across 150 countries, resulting in economic losses of more than 4 billion dollars and posing a serious danger to the global education, government, finance, and healthcare sectors (Ghafur et al., 2019 ; Castillo and Falzon, 2018 ; Mohurle and Patil, 2017 ). Although there is currently no precise and universally accepted definition of cybercrime (Phillips et al., 2022 ; Holt and Bossler, 2014 ), it is generally acknowledged that the term covers both traditional crimes that are facilitated or amplified by utilising ICTs as well as new types of crimes that emerged with the advent of ICTs (Ho and Luong, 2022 ). Based on the role of technology in the commission of the crime, the most widely utilised typology divides cybercrime into cyber-dependent crime (such as hacking, distributed denial of service, and malware) and cyber-enabled crime (online fraud, digital piracy, cyberbullying) (Brenner, 2013 ; Sarre et al., 2018 ; McGuire and Dowling, 2013 ). Along with the rapid development of ICTs and the increasing prevalence of the internet, these criminal activities are significantly disrupting the global economy, national security, social stability, and individual interests. Although it is difficult to estimate the precise financial cost of cybercrime (Anderson et al., 2013 ; Anderson et al., 2019 ), statistical evidence from governments and industries indicates that the economic losses caused by cybercrime are extremely enormous and are still rising rapidly (McAfee, 2021 ).

Cybercrime is complicated in nature and involves many disciplines, including criminology, computer science, psychology, sociology, economics, geography, political science, and law, among others (Holt, 2017 ; Dupont and Holt, 2022 ; Payne, 2020 ). Computer science and cybersecurity efforts are primarily focused on applying technical approaches such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewalls, and anti-virus software to mitigate cyberattack threats (Kumar and Carley, 2016 ; Walters, 2015 ). These methods may help to some extent lessen the adverse impacts of cybercrime on both organisations and individuals. However, these technical solutions are largely unaware of the human and contextual factors that contribute to the issues, providing only reactive solutions, and are unable to keep up with the rapidly evolving modus operandi and emerging technologies (Clough, 2015 ; Neal, 2014 ). It is suggested that cybercrime is a complex social phenomenon driven by the compound interactions of underlying socioeconomic factors. Human and social factors play a substantial role in the formation of cybercrime agglomerations (Waldrop, 2016 ; Watters et al., 2012 ; Leukfeldt and Holt, 2019 ). They are also important aspects of cybercrime prevention and control (Dupont and Holt, 2022 ). The human factors influencing cybercrime have been the subject of an expanding body of sociological and psychological study in recent years. These studies, which covered cyberbullying, online harassment, identity theft, online fraud, malware infection, phishing, and other types of cybercrime, generally applied traditional criminological and psychological theories, such as routine activities theory, lifestyle-routine activities theory, self-control theory, and general strain theory, to explain the victimisation and offending of various cybercrimes (Bergmann et al., 2018 ; Mikkola et al., 2020 ; Ngo and Paternoster, 2011 ; Pratt et al., 2010 ; Williams, 2016 ). Results from these studies suggested that by altering criminal motivations and opportunity structures, individual factors (i.e., age, gender, ethnicity, education, socioeconomic status, and self-control) and situational factors (online activities, time spent online, risk exposure, deviant behaviours) may have an impact on cybercrime offence and victimisation. These findings advanced our knowledge in understanding the impact of technology on criminal behaviours, factors affecting the risk of cyber victimisation, and the applicability of traditional criminological theories to cybercrime (Holt and Bossler, 2014 ).

Cybercrime is a highly geographical phenomenon on a macro-level scale, with some countries accounting for a disproportionate amount of cybercrimes (Kigerl, 2012 ; Kigerl, 2016 ). This spatial heterogeneity is closely related to specific socioeconomic contexts (Kshetri, 2010 ). Academic efforts have been made to identify the clusters of high cybercrime countries and to explain the potential socioeconomic factors that led to the formation of these clusters. For example, Mezzour, Carley, and Carley ( 2014 ) found that Eastern European countries hosted a greater number of attacking computers due to their superior computing infrastructure and high levels of corruption. Similarly, Kumar and Carley ( 2016 ) found that higher levels of corruption and large internet bandwidth would favour attack origination. They also noted that countries with the greater gross domestic product (GDP) per capita and better ICT infrastructure were targeted more frequently. Meanwhile, Srivastava et al. ( 2020 ) pointed out that countries with better technology and economic capital were more likely to become the origins of cybercrime, but countries with better cybersecurity preparedness may reduce the frequency of the cybercrime originating within them. Moreover, Holt, Burruss, and Bossler ( 2018 ) suggested that nations with better technological infrastructure, greater political freedom, and fewer organised crime were more likely to report malware infections, while Overvest and Straathof ( 2015 ) suggested that the number of internet users, bandwidth, and economic ties were significantly related to cyberattack origin. Kigerl ( 2012 ) found that a higher unemployment rate and more internet users were linked to an increase in spam activities. However, these studies have tended to utilise a restricted range of predictor variables and only included certain aspects of cybercrime. Besides, most of the studies have been conducted at the national level, which could potentially hide many disparities within countries.

In this work, we construct a conceptual model to better represent the context from which cybercrime emerges, which is applied as a framework to analyse the underlying socioeconomic driving forces. A novel cybersecurity data set, the FireHOL IP blocklist, is adopted as a proxy to reflect the levels of cybercriminal activities within different areas. A set of social, economic, political, technological, and cybersecurity indicators is used as explanatory variables. Generalised linear models (GLMs) are used to quantify the effect of each factor on cybercrime, while structural equation modelling (SEM) is used to estimate the complex interactions among various factors and their direct and indirect effects on cybercrime.

Conceptual framework

We propose a conceptual framework for examining the driving forces of cybercrime by reviewing existing empirical literature and integrating different criminological theories. The conceptual framework includes five interrelated components: the social, economic, political, technological, and cybersecurity factors. The potential pathways by which each component may directly or indirectly influence cybercrime are illustrated in Fig. 1 .

The solid line indicates a direct effect, and a dashed line indicates indirect effect. H1–H5 refer to the five hypotheses, “+” indicates a positive effect, and “−” indicates a negative effect.

The social and economic factors depict the level of regional development, serving as the fundamental context in which cybercrime emerges. Given the intrinsic technological nature of cybercrime, global urbanisation, and the information technology revolution have promoted global connectivity and created unprecedented conditions and opportunities for cybercrime (UNODC, 2013 ). From the perspective of general strain theory, poverty, unemployment, income inequality, and other social disorders that are accompanied by social transformations could lead to cultures of materialism and stimulate motivations of cybercrime for illegal gains (Meke, 2012 ; Onuora et al., 2017 ). On the other hand, economically developed regions generally have superior ICT infrastructure, which can provide convenient and low-cost conditions for cybercriminals to commit crimes. High educational attainment is also likely to be associated with cybercrime, given that cybercrime usually requires some level of computer skills and IT knowledge (Holt and Schell, 2011 ; Asal et al., 2016 ). In general, better socioeconomic conditions are associated with more cybercriminal activities, which leads us to develop the first two hypotheses:

H1: Social factor is positively associated with cybercrime .

H2: Economic factor is positively associated with cybercrime .

The influence of political factors on cybercrime is mainly reflected in the regulation and intervention measures of governments in preventing and controlling cybercrime, such as legal system construction, government efficiency, control of corruption, and political stability. The offender’s decision to engage in illegal activity is a function of the expected probability of being arrested and convicted and the expected penalty if convicted (Ehrlich, 1996 ). As with traditional crimes, the lack of efficient social control and punishment mechanism will breed criminal behaviours. The deterrent effect of the legislation makes cybercriminals have to consider the consequences they need to bear. While the virtual and transnational nature of cyberspace makes it easier for perpetrators to avoid punishment, cybercrime can be deterred to some extent by increasing the severity of punishment and international law enforcement cooperation (Hall et al., 2020 ). On the other side, cybercriminals could seek protection through corrupt connections with the local institutional environment, which would weaken law enforcement operations and encourage cybercriminal activities (Hall et al., 2020 ; Lusthaus and Varese, 2021 ; Sutanrikulu et al., 2020 ). For instance, corruption in law enforcement authorities makes it hard for cybercriminals to be punished, while corruption in network operators or internet service providers (ISPs) makes it easier for cybercriminals to apply for malicious domain names or register fake websites. Some studies have shown that areas with high levels of corruption usually have more cybercriminal activities (Mezzour et al., 2014 ; Watters et al., 2012 ). Cybercrimes are typically attributed to political corruption, ineffective governance, institutional weakness, and weak rule of law across West Africa and East Europe (Asal et al., 2016 ). Therefore, we propose that:

H3: Political factor is negatively associated with cybercrime .

The technological environment, which is composed of communication conditions and underlying physical ICT infrastructure, serves as an essential medium through which cybercrime is committed. According to the rational choice theory, crime is the result of an individual’s rational consideration of the expected costs and benefits attached to their criminal activity (Mandelcorn et al., 2013 ; Brewer et al., 2019 ). Better internet infrastructure, greater internet penetration, and faster connection could facilitate cybercrimes by reducing crime costs, expanding opportunities, and increasing potential benefits. For example, in a majority of spam and DDoS attacks, cybercriminals often carry out large-scale coordinated attacks by sending remote commands to a set of compromised computers (also known as botnets). High-performance computers and high-bandwidth connectivity such as university, corporate, and government servers allow for more efficient attacks and could expand the scope of cybercrime, making them preferred by cybercriminals (Hoque et al., 2015 ; Van Eeten et al., 2010 ; Eslahi et al., 2012 ). We thus hypothesise that:

H4: Technological factor is positively related to cybercrime .

Cybersecurity preparedness reflects the capabilities and commitment of a country to prevent and combat cybercrime. According to the International Telecommunication Union (ITU), cybersecurity preparedness involves the legal, technical, organisation, capacity, and cooperation aspects (Bruggemann et al., 2022 ). Legal measures such as laws and regulations define what constitutes cybercrime and specify necessary procedures in the investigation, prosecution, and sanction of cybercrime, providing a basis for other measures. Technical measures refer to the technical capabilities to cope with cybersecurity risks and build cybersecurity resilience through national institutions and frameworks such as the Computer Incident Response Teams (CIRTs) or Computer Emergency Response Teams (CERTs). Organisation measures refer to the comprehensive strategies, policies, organisations, and coordination mechanisms for cybersecurity development. Capacity development reflects the research and development, awareness campaigns, training and education, and certified professionals and public agencies for cybersecurity capacity building. Cooperation measures refer to the collaboration and information sharing at the national, regional, and international levels, which is essential in addressing cybersecurity issues given the transnational nature of cybercrime. According to the general deterrence theory and routine activity theory of criminology (Leukfeldt and Holt, 2019 ; Hutchings and Hayes, 2009 ; Lianos and McGrath, 2018 ), cybersecurity preparedness serves as a deterrent or a guardianship of cybercrime. It is crucial in defending a country from external cybercrime as well as reducing cybercrime originating from within. Therefore, we hypothesise that:

H5: Cybersecurity preparedness is negatively associated with cybercrime .

The five hypotheses proposed in the conceptual model (Fig. 1 ) outline the direct effects of various contextual drivers on cybercrime. The social, economic, political, technological, and cybersecurity factors may interact in other ways, which could also have an indirect impact on cybercrime. Then, using a combination of two statistical methods and a set of explanatory covariates, we test the hypothesised pathways.

Cybercrime data

It is commonly acknowledged among cybercrime scholars that the lack of standardised legal definitions of cybercrime and valid, reliable official statistics makes it difficult to estimate the prevalence or incidence of cybercrime around the world (Holt and Bossler, 2015 ). Although in some countries, law enforcement agencies do collect data on cybercrime (e.g., police data and court judgement), there are inevitable under-reporting and under-recording issues with these official data (Holt and Bossler, 2015 ; Howell and Burruss, 2020 ). This has prompted some researchers to use alternative data sources to measure cybercrime, including social media, online forums, emails, and cybersecurity companies (Holt and Bossler, 2015 ). Among these data sources, technical data such as spam emails, honeypots, IDS/IPS or firewall logs, malicious domains/URLs, and IP addresses are often used as proxies for different aspects of cybercrime (Amin et al., 2021 ; Garg et al., 2013 ; Kigerl, 2012 ; Kigerl, 2016 ; Kigerl, 2021 ; Mezzour et al., 2014 ; Srivastava et al., 2020 ; Kshetri, 2010 ), accounting for a large proportion in the literature of macro-level cybercrime research. However, due to the anonymity and virtuality of cyberspace, cybercriminals are not restrained by national boundaries and could utilise compromised computers distributed around the world as a platform to commit cybercrime. Meanwhile, IP addresses can be faked or spoofed by using technologies such as proxy servers, anonymity networks, and virtual private networks (VPNs) to hide the true identity and location of cybercriminals (Holt and Bossler, 2015 ; Leukfeldt and Holt, 2019 ). As a result, the attribution of cybercriminal becomes extremely challenging and requires a high level of expertise and coordination from law enforcement agencies and cybersecurity teams (Lusthaus et al., 2020 ). Therefore, instead of capturing where cybercriminals reside in physical space, most studies using these technical data are measuring the possible locations where the cyberattacks or cybercrimes originate, even if part of them could be locations where cybercriminals choose to host their botnets or spam servers. Though there is partial support that certain types of cyberattacks originate from physically proximate IP addresses (Maimon et al., 2015 ), more elaborate and comprehensive research is lacking.

In this study, we used a novel cybersecurity data set, the IP addresses from FireHOL blocklist (FireHOL, 2021 ), as a proxy to measure cybercrime. The FireHOL IP blocklist is a composition of multiple sources of illegitimate or malicious IP addresses, which can be used on computer systems (i.e., servers, routers, and firewalls) to block access from and to these IPs. These IPs are related to certain types of cybercrime activities, including abuse, attacks, botnets, malware, command and control, and spam. We adopt FireHOL level 1 blocklist, which consists of ~2900 subnets and over 600 million unique IPs, with a minimum of false positives. The anonymous IPs, which are used by other parties to hide their true identities, such as open proxies, VPN providers, etc., were excluded from the analysis. Next, we applied an open-source IP geolocation database, IP2Location™ Lite, to map these unique IP addresses in specific geographic locations in the form of country/region/city and longitude/altitude pair. The location accuracy of the IP geolocation is high at the national and regional levels, with ~98% accuracy at the country level and 60% at the city level. In order to reduce uncertainty, we focused on the analysis at the state/region level. At last, we calculated the counts of unique IPs located within each subnational area to measure the global distribution of cybercrimes.

Although FireHOL IP blocklist has the same restrictions as other technical data, it was used in this study for several reasons. The basic function of IP addresses in the modern internet makes it an indispensable element in different phases of cybercrime, it is also the key ingredient of cybercrime attribution and digital evidence collection. As a result, an IP-based firewall is one of the most effective and commonly used preventive measures for cybersecurity defence. FireHOL IP blocklist has the advantage of global coverage and includes different cybercrime types. It dynamically collects cybercrime IPs from multiple sources around the world. Although it is difficult to determine whether the IPs in the blocklist are the real sources of cybercrime or come from infected machines, it does reflect the geographical distribution of the malicious IPs that are related to certain cybercrime activities. Besides, it provides a more fine-grained estimate of the subnational cybercrime geography than country-level statistics.

Explanatory variables

We adopted a broad set of explanatory variables to characterise the social, economic, political, technological, and cybersecurity conditions based on the conceptual model presented above (Fig. 1 ). The social environment is represented by population, the population aged 15–64, education index, nighttime light index, and human development index (HDI); The economic condition is measured by income index, GDP growth, Gini index, unemployment (% of the total labour force) and poverty rate; The political environment is measure by 5 dimensions of the World Governance Indicators (WGI), including control of corruption, government effectiveness, rule of law, political stability and absence of violence/terrorism, voice and accountability. The technological environment is reflected by the internet infrastructure (the number of internet data centres and internet exchange centres), internet users (% of the population), international bandwidth (per internet user), secure internet server (per 1 million people), and fixed broadband subscriptions (per 100 people). Moreover, we applied the five dimensions of the Global Cybersecurity Index (GCI) to assess the level of commitment among various nations to cybersecurity, including legal measures, technical measures, organisational measures, capacity development measures, cooperation measures, and one overall cybersecurity index (the sum of the 5 measures above). Population, income index, education index, HDI, nighttime light, and infrastructure data are collected at the subnational administrative level, while other variables are derived at the country level. Log transformations (base 10) were used to improve normality for variables with skewed distributions, including population, nighttime light, infrastructure, fixed broadband, secure internet server, and bandwidth. All variables were normalised for further analysis.

Generalised linear models (GLMs)

In this study, GLMs were used to assess the potential influence of various explanatory variables on cybercrime and to identify the most important factors. A GLM is an extension of a regular regression model that includes nonnormal response distributions and modelling functions (Faraway, 2016 ). GLM analyses were conducted at two scales: the global scale and the income group scale. All GLMs were built in R version 4.1.2 using the “glm” function of the “stats” package (R, Core Team, 2013 ), and a gaussian distribution is used as the link function. The Akaike information criterion (AIC), the determination coefficient ( R 2 ), and the significance level of the predictors ( p -value) are used to evaluate GLMs. The model with the lowest AIC and highest R 2 value is chosen as the optimal model. Variance inflation factors (VIFs) were calculated using the “car” package (Fox et al., 2012 ) to test for collinearity between quantitative explanatory variables prior to the GLM analysis. Variables with a VIF value greater than 10 (VIF > 10) were regarded as collinearity generators and were therefore excluded from further analysis. The relative contribution and coefficients of each GLM were plotted using the “GGally” package.

Structural equation modelling (SEM)

SEM was used to examine the causal relationships within the networks of interacting factors, thereby distinguishing the direct from indirect drivers of cybercrime. SEM is a powerful, multivariate technique found increasingly in scientific investigations to test and evaluate multivariate causal relationships (Fan et al., 2016 ). SEM differs from other modelling approaches in that it tests both the direct and indirect effects on pre-assumed causal relationships. The following fit indices were considered to evaluate model adequacy: (a) root mean square error of approximation (RMSEA), which is a “badness of fit” index in which 0 indicates a perfect fit while higher values indicate a lack of fit; (b) standardised root mean square residual (SRMR), which is similar to RMSEA and should be less than 0.09 for good model fit; (c) comparative fit index (CFI), which represents the amount of variance that has been accounted for in a covariance matrix ranging from 0.0 to 1.0, with a higher CFI value indicating better model fit; (d) Tucker–Lewis index (TLI), which is a non-normed fit index (NNFI) that proposes a fit index independent of sample size. In this study, SEM analysis was conducted using AMOS (Arbuckle, 2011 ).

Spatial distribution of cybercrime IPs

We mapped the subnational distribution of cybercrime IPs globally, which reveals significant spatial variability (see Fig. 2 ). On a global scale, most cybercrime IPs were located in North America, Central and Eastern Europe, East Asia, India, and eastern Australia. Meanwhile, areas with low numbers of cybercrime IPs were primarily found in large parts of Africa except for South Africa, western and northern parts of South America, Central America, some regions of the Middle East, southern parts of Central Asia, and some regions of Southeast Asia. On a continental scale, we found that the number of cybercrime IPs increased gradually from Africa to Europe. The two continents with the most cybercrime IPs were North America and Europe, with North America showing more variations. This trend seems to be closely associated with the regional socioeconomic development level. To further investigate this relationship, we grouped the subnational regions by income level according to the World Bank classification rules. We found a more evident pattern, with high-income regions hosting the majority of cybercrime IPs and lower-middle-income regions hosting the least.

a Number of cybercrime IPs at the subnational level. b Log-transformed cybercrime IP count by continent: Africa (AF), Asia/Oceania (AS/OC), South America (SA), North America (NA) and Europe (EU). c Log-transformed cybercrime IP count by income group: low-income (LI), lower-middle-income (LMI), upper-middle-income (UMI) and high-income (HI) groups. The centre line, boxes, and whiskers show the means, 1 standard error (SE), and 95% confidence interval (CI), respectively.

Major factors influencing cybercrime

GLMs were built based on the 5 categories of 26 representative influential variables identified in the conceptual framework. After excluding 8 collinear variables (i.e., government effectiveness, rule of law, HDI, and 5 cybersecurity measures) and 7 nonsignificant variables (GDP growth, unemployment, poverty, political stability, voice and accountability, bandwidth, and internet users), the global scale GLM model includes 11 variables with an R 2 value of 0.82. Figure 3 shows the relative contribution of each predictor variable to the model. Globally, the social and technological factors contribute most to the model, with relative contribution rates of 53.4% and 30.1%, respectively. Infrastructure alone explains up to 18.1% of the model variance in cybercrimes ( R 2 to 0.504). However, the inclusion of the population and education index improves the explanation of model variance by 18.3% and 28.5%, respectively ( R 2 to 0.596 and 0.766). This is also the case with GLMs of different income groups, indicating that despite the main effects of technological factors, the inclusion of a broad set of socioeconomic factors significantly improves the accuracy of models that attempt to quantify the driving forces of cybercrime.

Relative contribution of predictor variables to cybercrime.

When assessed by income group, we noted that although the social and technological factors were the most important factors in explaining cybercrime, the contribution of each variable varies by income group. For example, the contribution of the income index decreases gradually from low-income regions to wealthier regions, while the Gini index is more significant in upper-middle regions and high-income regions than in low-income regions and lower-middle-income regions. Fixed broadband subscriptions contributed the most in low-income regions and the least in high-income regions. Additionally, cybersecurity preparedness has a greater influence on low-income and lower-middle-income regions.

Estimated effect of factors on cybercrime

The coefficient values in Fig. 4 represent effect sizes from the GLMs for the relationship between cybercrime and the five categories of contextual factors. At the global scale, cybercrime is positively correlated with social, economic, and technological factors, suggesting that most cybercrimes are launched in regions with a higher population, higher urbanisation, better educational and economic conditions, and, most importantly, improved internet infrastructure and communication conditions. By contrast, cybercrime is negatively related to political and cybersecurity factors, indicating that the control of corruption and the commitment to cybersecurity show certain inhibitory effects on cybercrime.

The coefficient values are represented as dots, significant variables are represented as filled dots, nonsignificant variables are represented as hollow dots, and bars represent 95% CIs.

From the perspective of income groups, the ways contextual factors affect cybercrime remain basically consistent with the global results, but subtle differences are observed. In low-income countries, the influence of the income index on cybercrime is the strongest, and cybercrime is significantly associated with a higher income index, higher education index, better infrastructure, and higher fixed broadband subscriptions. This pattern may indicate that in low-income countries, wealthier areas tend to have more cybercrimes due to the existence of better communication conditions in these areas. However, in high-income countries, where the internet is universally available, the roles of income index and fixed broadband subscriptions gradually weaken. In contrast, the effects of the Gini index and education are stronger in wealthier countries, indicating that economic inequality and education in these countries can be important drivers of cybercrime. Moreover, the control of corruption is negatively related to cybercrime in lower-middle, upper-middle, and high-income regions.

Pathways of factors for cybercrime

To understand the intricate interactions among different predictors, we perform SEM based on the conceptual model. The SEM model is composed of five latent variables, representing the social, economic, political, technological, and cybersecurity context, and each latent variable has five components reflected by the explanatory variables. Overall SEM fit is assessed, showing a good fit (CFI = 0.917, TLI = 0.899, SRMR = 0.058). SEM confirms many of the hypotheses in the conceptual model, and all relationships are statistically significant. Fig. 5 shows the results of SEM.

Black arrows indicate a positive effect, red arrows indicate a negative effect, and values on the straight arrows between variables represent the standardised path coefficients.

According to the SEM, all the hypotheses are tested and supported. Specifically, social, economic, and technological factors have direct positive effects on cybercrime (standardised path coefficients of direct effect are 0.03, 0.10, and 0.61, respectively), indicating that when social, economic, and technological factors go up by 1 standard deviation, cybercrime goes up by 0.03, 0.10, and 0.61 standard deviations, respectively. By contrast, the political and cybersecurity factors have direct negative effects on cybercrime (standardised path coefficients of direct effect are −0.22 and −0.07, respectively), indicating that 1 standard deviation rise in political and cybersecurity factors are associated with 0.22 and 0.07 standard deviations decrease of cybercrime, respectively. It is worth noting that although the direct effects of social and economic factors on cybercrimes are relatively small, their indirect effects on cybercrime through the mediation of technological and political factors are non-negligible.

In sum, SEM quantifies the direct and indirect effects of social, economic, political, technological, and cybersecurity factors on cybercrime, consistent with the hypotheses outlined in the conceptual model. More importantly, the results suggest that even though cybercrimes are primarily determined by technological factors, the direct and indirect effects of underlying social, economic, political, and cybersecurity also play significant roles. This suggests that the technological factor is a necessary but not sufficient condition for the occurrence of cybercrime.

In the current study, we mapped the global subnational distribution of cybercrimes based on a novel cybersecurity data set, the FireHOL IP blocklist. Given the widespread difficulty in obtaining cybercrime data, the data sources used in this study could provide an alternative measure of the subnational cybercrime level on a global scale. Compared to country-level studies (Amin et al., 2021 ; Garg et al., 2013 ; Goel and Nelson, 2009 ; Solano and Peinado, 2017 ; Sutanrikulu et al., 2020 ), the results present a more fine-grained view of the spatial distribution of cybercrime. The map reveals high spatial variability of cybercrime between and within countries, which appears to be closely related to local socioeconomic development status.

To recognise the driving forces behind cybercrime, we proposed a theoretical framework that encompasses the social, economic, political, technological, and cybersecurity factors influencing cybercrime, drawing on existing theoretical and empirical research. On this basis, we used GLMs to identify the major factors and their contributions to cybercrime and SEM to quantify the direct and indirect effects of these driving forces. The GLM results show that using technological factors alone as explanatory variables is insufficient to account for cybercrime, and the inclusion of a broad suite of social, economic, political, technological, and cybersecurity factors can remarkably improve model performance. Global scale modelling indicates that cybercrime is closely associated with socioeconomic and internet development, as developed regions have more available computers and better communication conditions that facilitate the implementation of cybercrime. Some studies have argued that wealthier areas might have fewer incentives for cybercrime, while poorer areas could benefit more from cybercrime activities (Ki et al., 2006 ; Kigerl, 2012 ; Kshetri, 2010 ). However, our study shows that the technological factors constituted by the internet infrastructure and communication conditions are necessary for the production of cybercrime, rendering wealthier areas more convenient for committing cybercrime.

Meanwhile, the GLMs of the 4 income groups demonstrate important differential impacts of the explanatory variables on cybercrime. For example, in low-income countries, where the overall internet penetration rate is low, cybercrime originates mainly in more developed areas with better internet infrastructure, higher internet penetration, and higher education levels. A typical example is the “Yahoo Boys” in Nigeria, referring to young Nigerians engaged in cyber fraud through Yahoo mail, mostly well-educated undergraduates with digital skills (Lazarus and Okolorie, 2019 ). A range of factors, such as a high rate of unemployment, a lack of legitimate economic opportunities, a prevalence of cybercrime subculture, a lack of strong cybercrime laws, and a high level of corruption, have motivated them to obtain illegal wealth through cybercrime. In contrast, cybercrime in high-income regions originates in areas with a high Gini index and a high education level. One possible explanation for this finding may be that well-educated individuals who live in countries with a high Gini index are paid less for their skills than their counterparts, which motivates them to engage in cybercrimes to improve their lives.

Encouragingly, both the GLM and SEM results suggest that political factors and cybersecurity preparedness can mitigate the incidence of cybercrime to some extent, in agreement with the hypotheses. Though previous country-level studies suggest that countries facing more cybersecurity threats tend to have a high level of cybersecurity preparedness (Makridis and Smeets, 2019 ; Calderaro and Craig, 2020 ), our results indicate that cybersecurity preparedness could in turn reduce cybercrimes that originate from a country. This emphasises the importance of government intervention and cybersecurity capacity building. The necessary intervening measures may include the enactment and enforcement of laws, regulation of telecommunication operators and internet service providers (ISPs), strengthening of strike force by security and judicial departments, and improvement of cybersecurity capacity. Given the interconnectedness of cyberspace and the borderless nature of cybercrime, it must be recognised that cybersecurity is not a problem that can be solved by any single country. Thus, enhancing international cooperation in legal, technical, organisational, and capacity aspects of cybersecurity becomes an essential way to tackle cybersecurity challenges.

As presented through SEM, technological factors are closely associated with the development of socioeconomic development and serve as a mediator between socio-economic conditions and cybercrime. In the past decades, ICTs have developed unevenly across different parts of the world due to a range of geographic, socioeconomic, and demographic factors, which has led to the global digital divide (Pick and Azari, 2008 ). The disparities in internet access in different regions have largely determined the spatial patterns of cybercrime. Currently, developing countries (especially those within Asia, Africa, and Latin America) are the fastest-growing regions in terms of ICT infrastructure and internet penetration (Pandita, 2017 ). However, even in developed countries, the progress of technological innovation has outpaced the establishment of legal regulations, national institutions and frameworks, policies and strategies, and other mechanisms that could help manage the new challenges (Bastion and Mukku, 2020 ). Many developing countries are facing difficulties in combating cybercrime due to a lack of adequate financial and human resources, legal and regulatory frameworks, and technical and institutional capacities, providing a fertile ground for cybercrime activities. In this vein, it is extremely urgent and necessary to enhance the cybersecurity capacities of developing countries and engage them in the international cooperation of cybersecurity, ensuring that they can maximize the socio-economic benefits of technological development instead of being harmed by it.

Cybercrime is a sophisticated social phenomenon rooted in deep and comprehensive geographical and socioeconomic causes. This study offers an alternative perspective in solving cybersecurity problems instead of pure technical measures. We believe that improvements in cybersecurity require not only technological, legal, regulatory, and policing measures but also broader approaches that address the underlying social, economic, and political issues that influence cybercrime. While the results presented in this study are preliminary, we hope that this work will provide an extensible framework that can be expanded for future studies to investigate the driving forces of cybercrime.

However, our study has several limitations due to the disadvantages of data. First and foremost, the geo-localisation of cybercrimes or cybercriminals remains a major challenge for cybercrime research. Although the FireHOL IP blocklist has the potential to measure global cybercrime at a high spatial resolution, IP-based measures may not accurately capture the true locations of cybercriminals, as they may simply exploit places with better ICT infrastructure. Therefore, caution should be exercised in interpreting the associations between cybercrime and socioeconomic factors. Future studies combining survey data, police and court judgement data, and cybercrime attribution techniques are needed to further validate the accuracy and validity of IP-based technical data in measuring the geography of cybercrime and gain a deeper understanding of the driving forces of cybercrime. Besides, COVID-19 has greatly changed the way we live and work, and many studies have suggested that the pandemic has increased the frequency of cybercrimes within the context of economic recession, high unemployment, accelerated digital transformation, and unprecedented uncertainty (Lallie et al., 2021 ; Eian et al., 2020 ; Pranggono and Arabo, 2021 ). Unfortunately, the blocklist data cannot well capture this dynamic due to a lack of temporal attributes. Furthermore, different types of cybercrime can be influenced by different mechanisms. We use the total amount of all types of cybercrime IPs instead of looking into a specific type of cybercrime, given that such segmentation may result in data sparsity for some groups. Future studies are needed to determine how different categories of cybercrimes are affected by socioeconomic factors. At last, micro-level individual and behaviour characteristics and more fine-grained explanatory variables should be included to better understand cybercrime.

Data availability

The FireHOL IP lists data are publicly available at the FireHOL website ( https://iplists.firehol.org/ and https://github.com/firehol/blocklist-ipsets ); population, education index, income index, HDI, and subnational regions data are available from Global Data Lab ( https://globaldatalab.org ); nighttime light data are available from the Earth Observation Group ( https://eogdata.mines.edu/download_dnb_composites.html ); Population aged 15–64, Gini index, GDP growth, unemployment, poverty rate, control of corruption, government effectiveness, rule of law, political stability and absence of violence/terrorism, and voice and accountability, are obtained from World Bank ( https://databank.worldbank.org/home.aspx ), the internet users, international bandwidth, secure internet server, and fixed broadband subscriptions are available from International Telecommunication Union (ITU) ( https://www.itu.int/itu-d/sites/statistics ); the internet infrastructure are collected from TeleGeography ( https://www.internetexchangemap.com ) and the World Data Centers Database ( https://datacente.rs ); the legal measures, technical measures, organisational measures, capacity development, cooperation measures and overall cybersecurity index were obtained from the Global Cybersecurity Index (GCI) of the ITU ( https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx ).

Amin RW, Sevil HE, Kocak S, Francia G, Hoover P (2021) The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information 12(1):2

Article   Google Scholar  

Anderson R, Barton C, Böhme R, Clayton R, Van Eeten MJ, Levi M, Moore T, Savage S (2013) Measuring the cost of cybercrime. In: The economics of information security and privacy. Springer, pp. 265–300

Anderson R, Barton C, Bölme R, Clayton R, Ganán C, Grasso T, Levi M, Moore T, Vasek M (2019) Measuring the changing cost of cybercrime. The 18th Annual Workshop on the Economics of Information Security. https://doi.org/10.17863/CAM.41598

Arbuckle JL (2011) IBM SPSS Amos 20 user’s guide. Amos Development Corporation, SPSS Inc. pp. 226–229

Asal V, Mauslein J, Murdie A, Young J, Cousins K, Bronk C (2016) Repression, education, and politically motivated cyberattacks. J Glob Secur Stud 1(3):235–247

Bastion G, Mukku S (2020) Data and the global south: key issues for inclusive digital development. https://doi.org/10.13140/RG.2.2.35091.50724

Bergmann MC, Dreißigacker A, von Skarczinski B, Wollinger GR (2018) Cyber-dependent crime victimization: the same risk for everyone? Cyberpsychol Behav Soc Network 21(2):84–90

Brenner SW (2013) Cybercrime: re-thinking crime control strategies. Crime online: Willan. pp. 12–28

Brewer R, de Vel-Palumbo M, Hutchings A, Holt T, Goldsmith A, Maimon D (2019) Cybercrime prevention: theory and applications. Springer

Bruggemann R, Koppatz P, Scholl M, Schuktomow R (2022) Global cybersecurity index (GCI) and the role of its 5 pillars. Soc Indic Res 159(1):125–143

Calderaro A, Craig AJ (2020) Transnational governance of cybersecurity: policy challenges and global inequalities in cyber capacity building. Third World Q 41(6):917–938

Castillo D, Falzon J (2018) An analysis of the impact of Wannacry cyberattack on cybersecurity stock returns. Rev Econ Financ 13:93–100

Google Scholar  

Clough J (2015) Principles of cybercrime. Cambridge University Press

Dupont B, Holt T (2022) The human factor of cybercrime. Soc Sci Comput Rev 40(4):860–864

Ehrlich I (1996) Crime, punishment, and the market for offenses. J Econ Perspect 10(1):43–67

Eian IC, Yong LK, Li MYX, Qi YH, Fatima Z (2020) Cyber attacks in the era of covid-19 and possible solution domains. Preprints 2020, 2020090630

Eslahi M, Salleh R, Anuar NB (2012) ‘Bots and botnets: an overview of characteristics, detection and challenges’. 2012 IEEE International Conference on Control System, Computing and Engineering. IEEE, pp. 349–354

Fan Y, Chen J, Shirkey G, John R, Wu SR, Park H, Shao C (2016) Applications of structural equation modeling (SEM) in ecological studies: an updated review. Ecol Process 5(1):1–12

Faraway JJ (2016) Extending the linear model with R: generalized linear, mixed effects and nonparametric regression models. Chapman and Hall/CRC

FireHOL (2021) FireHOL. FireHOL IP lists. https://iplists.firehol.org [Accessed on Aug 21, 2021]

Fox J, Weisberg S, Adler D, Bates D, Baud-Bovy G, Ellison S, Firth D, Friendly M, Gorjanc G, Graves,S (2012) Package ‘car’, Vienna: R Foundation for Statistical Computing, 16

Garg V, Koster T, Camp LJ (2013) Cross-country analysis of spambots. EURASIP J Inform Secur 2013(1):1–13

Ghafur S, Kristensen S, Honeyford K, Martin G, Darzi A, Aylin P (2019) A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ Digit Med 2(1):1–7

Goel RK, Nelson MA (2009) Determinants of software piracy: economics, institutions, and technology. J Technol Transfer 34(6):637–658

Hall T, Sanders B, Bah M, King O, Wigley E (2020) Economic geographies of the illegal: the multiscalar production of cybercrime. Trend OrganCrime 24:282–307

Ho HTN, Luong HT (2022) Research trends in cybercrime victimization during 2010–2020: a bibliometric analysis. SN Soc Sci 2(1):1–32

Holt T, Bossler A (2015) Cybercrime in progress: Theory and prevention of technology-enabled offenses. Routledge

Holt TJ (2017) Cybercrime through an interdisciplinary lens. Routledge

Holt TJ, Bossler AM (2014) An assessment of the current state of cybercrime scholarship. Deviant Behav 35(1):20–40

Holt TJ, Burruss GW, Bossler AM (2018) Assessing the macro-level correlates of malware infections using a routine activities framework. Int J Offender Ther Comp Criminol 62(6):1720–1741

Article   PubMed   Google Scholar  

Holt TJ, Schell BH (2011) Corporate hacking and technology-driven crime. Igi Global

Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17(4):2242–2270

Howell CJ, Burruss GW (2020) Datasets for analysis of cybercrime. In: The Palgrave handbook of international cybercrime and cyberdeviance. Palgrave Macmillan. pp. 207–219

Hutchings A, Hayes H (2009) Routine activity theory and phishing victimisation: who gets caught in the ‘net’? Curr Issues Crim Justice 20(3):433–452

Ki E-J, Chang B-H, Khang H (2006) Exploring influential factors on music piracy across countries. J Commun 56(2):406–426

Kigerl A (2012) Routine activity theory and the determinants of high cybercrime countries. Soc Sci Comput Rev 30(4):470–486

Kigerl A (2016) Cyber crime nation typologies: K-means clustering of countries based on cyber crime rates. Int J Cyber Criminol10(2): 147–169

Kigerl A (2021) Routine activity theory and malware, fraud, and spam at the national level, Crime Law Soc Chang 76:109–130

Kshetri N (2010) Diffusion and effects of cyber-crime in developing economies. Third World Q 31(7):1057–1079

Kumar S, Carley KM (2016) ‘Approaches to understanding the motivations behind cyber attacks’. 2016 IEEE Conference on Intelligence and Security Informatics (ISI). IEEE, pp. 307–309

Lallie HS, Shepherd LA, Nurse JR, Erola A, Epiphaniou G, Maple C, Bellekens X (2021) Cyber security in the age of covid-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput Secur 105:102248

Article   PubMed   PubMed Central   Google Scholar  

Lazarus S, Okolorie GU (2019) The bifurcation of the Nigerian cybercriminals: Narratives of the Economic and Financial Crimes Commission (EFCC) agents. Telemat Informat 40:14–26

Leukfeldt R, Holt TJ (2019) The human factor of cybercrime. Routledge

Lianos H, McGrath A (2018) Can the general theory of crime and general strain theory explain cyberbullying perpetration? Crime Delinq 64(5):674–700

Lusthaus J, Bruce M, Phair N (2020) ‘Mapping the geography of cybercrime: a review of indices of digital offending by country’. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): IEEE, pp. 448–453

Lusthaus J, Varese F (2021) Offline and local: the hidden face of cybercrime. Policing J Policy Pract 15(1):4–14

Maimon D, Wilson T, Ren W, Berenblum T (2015) On the relevance of spatial and temporal dimensions in assessing computer susceptibility to system trespassing incidents. Br J Criminol 55(3):615–634

Makridis CA, Smeets M (2019) Determinants of cyber readiness. J Cyber Policy 4(1):72–89

Mandelcorn S, Modarres M, Mosleh A (2013) An explanatory model of cyberattacks drawn from rational choice theory. Trans Am Nuclear Soc 109(1):1869–1871

McAfee (2021) McAfee and the Center for Strategic and International Studies (CSIS). The Hidden Costs of Cybercrime. https://www.csis.org/analysis/hidden-costs-cybercrime [Accessed on Aug 21, 2021]

McGuire M, Dowling S (2013) Cyber-crime: a review of the evidence summary of key findings and implications Home Office Research Report 75, Home Office, United Kingdom, Oct. 30p

Meke E (2012) Urbanization and cyber Crime in Nigeria: causes and consequences. Eur J Comput Sci Inform Technol 3(9):1–11

Mezzour G, Carley L, Carley KM (2014) Global mapping of cyber attacks. Available at SSRN 2729302

Mikkola M, Oksanen A, Kaakinen M, Miller BL, Savolainen I, Sirola A, Zych I, Paek H-J (2020) Situational and individual risk factors for cybercrime victimization in a cross-national context. Int J Offender Ther Comparat Criminol https://doi.org/10.1177/0306624X20981041

Mohurle S, Patil M (2017) A brief study of wannacry threat: ransomware attack 2017. Int J Adv Res Comput Sci 8(5):1938–1940

Neal S (2014) Cybercrime, transgression and virtual environments. Crime: Willan, pp. 71–104

Ngo FT, Paternoster R (2011) Cybercrime victimization: an examination of individual and situational level factors. Int J Cyber Criminol 5(1):773

Onuora A, Uche D, Ogbunude F, Uwazuruike F (2017) The challenges of cybercrime in Nigeria: an overview. AIPFU J School Sci 1(2):6–11

Overvest B, Straathof B (2015) What drives cybercrime? Empirical evidence from DDoS attacks. CPB Netherlands Bureau for Economic Policy Analysis

Pandita R (2017) Internet: a change agent an overview of internet penetration & growth across the world. Int J Inform Dissemination Technol 7(2):83

Payne BK (2020) Defining cybercrime. The Palgrave handbook of international cybercrime and cyberdeviance. Palgrave Macmillan. pp. 3–25

Phillips K, Davidson JC, Farr RR, Burkhardt C, Caneppele S, Aiken MP (2022) Conceptualizing cybercrime: definitions, typologies and taxonomies. Forensic Sci 2(2):379–398

Pick JB, Azari R (2008) Global digital divide: Influence of socioeconomic, governmental, and accessibility factors on information technology. Inform Technol Dev 14(2):91–115

Pranggono B, Arabo A (2021) COVID‐19 pandemic cybersecurity issues. Internet Technol Lett 4(2):e247

Pratt TC, Holtfreter K, Reisig MD (2010) Routine online activity and internet fraud targeting: extending the generality of routine activity theory. J Res Crime Delinquency 47(3):267–296

R (Core Team, 2013) R: A language and environment for statistical computing. R Core Team

Sarre R, Lau LY-C, Chang LY (2018) Responding to cybercrime: current trends. Taylor & Francis

Solano PC, Peinado AJR (2017) ‘Socio-economic factors in cybercrime: Statistical study of the relation between socio-economic factors and cybercrime’. 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA): IEEE, pp. 1–4

Srivastava SK, Das S, Udo GJ, Bagchi K (2020) Determinants of cybercrime originating within a nation: a cross-country study. J Glob Inf Technol Manag 23(2):112–137

Sutanrikulu A, Czajkowska S, Grossklags J (2020) ‘Analysis of darknet market activity as a country-specific, socio-economic and technological phenomenon’. 2020 APWG Symposium on Electronic Crime Research (eCrime): IEEE, pp. 1–10

UNODC (2013) Comprehensive study on cybercrime. United Nations, New York

Van Eeten M, Bauer JM, Asghari H, Tabatabaie S (2010) The role of internet service providers in botnet mitigation an empirical analysis based on spam data. TPRC

Waldrop MM (2016) How to hack the hackers: The human side of cybercrime. Nature 533: 164–167

Wall D (2007) Cybercrime: the transformation of crime in the information age. Polity

Walters GD (2015) Proactive criminal thinking and the transmission of differential association: a cross-lagged multi-wave path analysis. Crim Just Behav 42(11):1128–1144

Watters, PA, McCombie, S, Layton, R and Pieprzyk, J (2012) Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP). J Money Laund Control . ISSN: 1368-5201

Williams ML (2016) Guardians upon high: an application of routine activities theory to online identity theft in Europe at the country and individual level. Br J Criminol 56(1):21–48

Download references

Acknowledgements

This research was funded by the National Key Research and Development Project of China, grant number 2020YFB1806500 and the Key Research Program of the Chinese Academy of Sciences, grant number ZDRW-XH-2021-3. We thank Yushu Qian, Ying Liu, Qinghua Tan for providing valuable suggestions.

Author information

Authors and affiliations.

Institute of Geographic Sciences and Nature Resources Research, Chinese Academy of Sciences, Beijing, China

Shuai Chen, Mengmeng Hao, Fangyu Ding, Dong Jiang, Jiping Dong & Qiquan Guo

College of Resources and Environment, University of Chinese Academy of Sciences, Beijing, China

Shuai Chen, Mengmeng Hao, Fangyu Ding, Dong Jiang & Jiping Dong

Big Data Center of State Grid Corporation of China, Beijing, China

Shize Zhang

The Administrative Bureau of Chinese Academy of Sciences, Beijing, China

Chundong Gao

You can also search for this author in PubMed   Google Scholar

Contributions

DJ, QQG and CDG designed the research; SC, FYD, DJ, SZZ and MMH performed the research; SC, FYD and JPD analysed the data; SC, FYD, DJ and MMH wrote the first draft of the paper; JPD, SZZ, QQG, CDG and DJ gave useful edits, comments and suggestions to this work.

Corresponding author

Correspondence to Dong Jiang .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.

Informed consent

Additional information.

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Chen, S., Hao, M., Ding, F. et al. Exploring the global geography of cybercrime and its driving forces. Humanit Soc Sci Commun 10 , 71 (2023). https://doi.org/10.1057/s41599-023-01560-x

Download citation

Received : 19 May 2022

Accepted : 14 February 2023

Published : 23 February 2023

DOI : https://doi.org/10.1057/s41599-023-01560-x

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quick links

• Explore articles by subject
• Guide to authors
• Editorial policies

New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers

As the digital economy grows, digital crime grows with it. Soaring numbers of online and mobile interactions are creating millions of attack oppor­tunities. Many lead to data breaches that threaten both people and businesses. At the current rate of growth, damage from cyberattacks will amount to about $10.5 trillion annually by 2025—a 300 percent increase from 2015 levels. 1 Steve Morgan, “2022 Cybersecurity Almanac: 100 facts, figures, predictions, and statistics,” Cybercrime Magazine , January 19, 2022.

In the face of this cyber onslaught, organizations around the world spent around $150 billion in 2021 on cybersecurity , growing by 12.4 percent annually. 2 Growth is compounded. However, set against the scale of the problem, even this “security awakening” is probably insufficient. A survey of 4,000 midsized companies suggests that threat volumes will almost double from 2021 to 2022. 3 The biggest cyber security threats coming in 2022 , Coro. According to the survey, nearly 80 percent of the observed threat groups operating in 2021, and more than 40 percent of the observed malware, had never been seen previously. These dynamics point to significant potential in an evolving market. Currently available commercial solutions do not fully meet customer demands in terms of automation, pricing, services, and other capabilities—which this article will explore in further detail. As a result, the gap today between the $150 billion vended market and a fully addressable market is huge. At approximately 10 percent penetration of security solutions today, the total opportunity amounts to a staggering $1.5 trillion to $2.0 trillion addressable market (Exhibit 1). This does not imply the market will reach such a size anytime soon (current growth rate is 12.4 percent annually off a base of approximately $150 billion in 2021), but rather that such a massive delta requires providers and investors to “unlock” more impact with customers by better meeting the needs of underserved segments, continuously improving technology, and reducing complexity—and the current buyer climate may pose a unique moment in time for innovation in the cybersecurity industry.

The underpenetration of cybersecurity products and services is, on the face of it, the result of the below-target adoption of cybersecurity products and services by organizations—which suggests that the budgets of many if not most chief information security officers (CISOs) are underfunded. Cyber­security providers must meet the challenge by modernizing their capabilities and rethinking their go-to-market strategies.

To maximize the opportunity, providers must get a grip on the factors shaping the market, the segments most likely to grow, and the services customers need. Here we set out four areas likely to be the focus of such discussions: cloud technologies, pricing mechanisms, artificial intelligence, and (particularly in the midmarket) managed services. With strategic planning in these areas, and a robust approach to implementation, cybersecurity providers can make themselves more competitive and get a slice of the $2 trillion pie.

Growing cybermarket potential

Why does the cybermarket offer such significant potential right now? We see five key drivers.

More attacks targeting smaller companies

From a demand perspective, fast-growing smaller organizations are exposed to proliferating digital touchpoints and ecosystem relationships. In addition, malware such as ransomware can pose an existential threat to small and midsize businesses (SMBs) and midmarket companies in a way it often doesn’t to large enterprises. What might remain a silent breach at a larger organization is often a significant, overt disruption at a smaller one. For example, a Texas-based midsize steel structure manufacturer was forced into bankruptcy in May 2019 when ransom­ware permanently encrypted both its tooling and financial accounting software. Ransoms can be out of reach, while information retrieval and recovery services are timely and difficult. Moreover, the trust of customers can prove difficult to recover once a company has been breached. In fact, according to previous McKinsey research on the importance of digital trust, in the past 12 months nearly 10 percent of respondents reported stopping business with a supplier after learning of a data breach.

Midmarket entities are often targeted by criminals looking to exploit unsophisticated security tooling. These companies, for example, may miss threats such as EternalBlue, an exploit developed by the US National Security Agency and later used by Wannacry ransomware. Many smaller entities use a single-backup strategy, which can leave them susceptible to attacks from ransomware such as PureLocker.

The proliferation of ransomware attacks targeting SMBs and midmarket companies means that even those that don’t currently employ or engage a security team have a responsibility to act. Fortunately, the SMB segment is becoming truly addressable by cybersecurity products and services for the first time, thanks to emerging economies of scale.

The impetus from regulation

At least 45 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity. 4 Cybersecurity Legislation 2021, National Conference of State Legislatures, July 1, 2022. Federal initiatives include the US National Defense Authorization Act, Executive Order 14028, 5 Improving the Nation’s Cybersecurity: NIST’s Responsibilities, May 2021. and the extension of the False Claims Act to include the misrepresentation of an organization’s cybersecurity program and qualifications.

Based upon McKinsey’s client conversations, federal cybersecurity contracting requirements are trickling down to thousands of SMB and midmarket contractors. The US Securities and Exchange Commission (SEC) is discussing new rules on breach notifications. Compliance challenges grow more onerous as ecosystems proliferate. The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), for example, underscores the critical importance of holistic cybersecurity, much of it beyond the reach of SMBs and the mid­market unless they get help from vendors.

Rules around the world are equally stringent. The European Union’s General Data Protection Regulation, for example, may levy fines of up to 4 percent of global turnover against companies that fail to protect their customers. 6 An earlier version of this article incorrectly stated that the European Union's General Data Protection Regulation may levy fines of up to 2 percent of global turnover, when 2 percent only represents the possible fine for “less severe” violations. The “most severe” violations may fine up to 4 percent of revenue.

CISOs are as serious as ever about closing the (log) visibility gap

Moves to ramp up log processing are critical because just three years ago the average enterprise saw only 30 percent of what was happening. Finding more needles in the haystack will probably require more commitment—in particular, in areas such as AI, which can spot cyberthreats and malicious activities. For providers, AI will force a rethinking of technology and how they bring it to market.

Over the past three years, companies have boosted their share of total log volume visibility from about 30 percent to about 50 percent on average and are pushing toward 65 to 80 percent over the next three years (Exhibit 2). 7 McKinsey Cyber Market Map Survey. SMBs and the midmarket have been slightly more active than larger enterprises, and future growth in visibility use cases is predicted to be stronger among these smaller companies. SMBs expect to widen their deployment of end point detection and response (EDR) tooling, to use single panes of glass that ingest and monitor their cloud environments, and to rely on managed-service partners (such as providers of managed detection and response services) for more sophisticated activities.

A surprising aspect of the current market landscape is the significant extent to which the slowest-moving enterprises are trailing their faster-moving peers. Bottom-quartile enterprises report lifting their log volume visibility by just 6 percent over the past three years and forecast a meager 5 percent rise in the next three. By comparison, the best performers, particularly in the SMB segment, increased their log coverage by between 25 and 35 percent in the past three years and plan to accelerate those efforts over the next three.

Talent shortages and service offerings

An existing global cyber-talent shortage, com­pounded by the intensification of digital threats like ransomware during the COVID-19 pandemic, has created further growth opportunities for service providers as CISOs and talent partners struggle to fully staff their organizations. Structural dynamics are also boosting demand for vended solutions. As companies build out their protections, buyers increasingly expect products to come bundled with offerings that ensure both short-term services (for instance, implemen­tation) and long-term ones (ongoing security).

A global cybersecurity talent shortage means that IT leaders often have little choice but to do business with third-party service partners.

The bottom line? Across all segments, forecasted changes in allocated security spending is increasing as a percentage of services between internal and third-party services. So long as talent remains a problem, outsourced services will be essential for companies that need to support strong security outcomes.

Higher levels of customer engagement

Until recently, many organizations that required cyber protection were not fully engaged with the challenges they faced. Often, they saw the cost and complexity of action as greater than the need for it. Now, with attacks becoming more frequent, the risk–benefit equation has changed. With security and privacy concerns being elevated to the C-suite across industries, geographies, and enterprises whatever their size, both providers and investors have opportunities. We see potential for innovation in prices and bundles, geographic coverage, target customer groups, integration, and off-the-shelf analytics.

Providers can excel on four fronts

To gauge the market opportunity, McKinsey used a bottom-up model: an assessment of key players and validation against industry logic and our conversations with clients. We also surveyed 500 cybersecurity buyers and interviewed 50 market-leading vendors. The combined insights, tracked in McKinsey’s Cyber Market Map, show that spending on products and services from vendors is set to rise 13 percent annually up to 2025—a significant uptick from 10 percent growth over the past three to five years. Key changes to previous market forecasts include not only faster growth, with services increasing much faster than products, but also a significant opportunity in the SMB segment.

For providers, the message is clear. Current market dynamics give them a chance to boost their penetration of both existing accounts and the unvended space. This growth will be spurred by an evolving threat landscape and talent shortages—a gap of at least 600,000 in the United States alone. 8 Olivia Rockeman, “Hackers’ path eased as 600,000 US cybersecurity jobs sit empty,” Bloomberg, March 30, 2022. To maximize the opportunity, we see potential for action on four fronts.

Ride the coattails of the cloud transformation

Public-cloud migrations will continue to define enterprise technology strategies for the next several years (Exhibit 3). Providers (especially product providers) should thus consider not only accommo­dating but also specializing in hybrid and multicloud architectures.

Where cloud providers offer cybersecurity solutions, the tooling on offer in many cases is not a compre­hensive substitute to the capabilities of cybersecurity specialists—at least in the enterprise segment. Organizations that adopt multicloud strategies or maintain critical on-prem workloads will in all likelihood persistently need best-of-breed solutions. The challenges that vendors are expected to help resolve include ease of implementation, day-to-day ease of use, integration and coverage across environments, and agility and flexibility in attack environments. If information about an attack detected in one cloud provider environment is not conveyed immediately to other cloud environments, for example, that lapse would amount to a tooling failure.

Organizations that adopt multicloud strategies or maintain critical on-prem workloads will in all likelihood persistently need best-of-breed solutions.

In many security-related markets, characterized by large numbers of tools, entire categories of orchestration players (such as those that orchestrate security and the identity of users) have been created to simplify the combination of parallel processes. Antifraud programs, for instance, require so many different sets of tooling to manage different geographies that a new category has emerged to manage workflows. In another example, in the cloud, orchestration coordinates workflows and the deployment and management of data across multiple public and private clouds, software-as-a-service (SaaS) providers, managed data centers, and on-prem infrastructure enterprises. All of these demands for increased visibility are potential entry points for providers.

Finally, regulation also creates a cloud-related opportunity for providers. Highly regulated verticals are migrating to the cloud about four times more quickly than low-regulated verticals are. This could help unlock new markets, particularly in highly regulated Europe, and be a key differentiator for multinationals that must navigate complex cross-border data flows, local regulations and data sovereignty, and geopolitical issues that spike cyber and data risk.

Create a pricing model for the midmarket

Many cyber solutions are mispriced for SMBs. Larger organizations can pre-pay or buy in bulk to obtain volume discounts, but many SMBs and midmarket companies are less able to negotiate hard for these services. Large enterprises have an abundance of metrics, historical data, and reference points. SMBs and midmarkets, however, often lack information on how much they and others have spent. Consumption-based pricing models (for example, per gigabyte) can add flexibility but also risk: if an organization doesn’t know what good security looks like, will it burn through its budget just looking for needles in haystacks? Instead, customers increasingly reward vendors that use outcome-based or more “plannable” pricing models, such as per workload.

One cause of the pricing mismatch is simple economies of scale. SMBs and midmarket companies have a smaller base of employees over which to spread cyber-tooling costs, so they face a decision: either pay a disproportionate price per employee—by a factor of three to five or more than larger companies do, depending on the tooling category—or forego some security controls entirely.

Better automation, AI, and machine learning

The steepest innovation curve is for developing the brains of next-gen products and managed security services. Fully autonomous intelligent cyber-defense platforms (for example, end-to-end automated SIEM/SOAR 9 Security orchestration, automation, and response (SOAR) and security, information, and event management (SIEM). detection and response pipelines) are challenging to engineer and validate to the point where they are fully trusted by operators. Providers should therefore strive to enable high-fidelity assisted intelligence that makes human analysts more efficient be it through leveraging advanced analytics or building tight integrations with other security platforms (Exhibit 4).

Many next-gen algorithms for AI and machine learning (ML), while not yet ready for autonomy, are getting close. Rule libraries are increasingly refreshed from open sources and built on common standards, such as Yara. Eventually, one human being, operating as a remote or virtual resource to serve multiple companies, will reduce the cost of MDR solutions and boost the margins of providers.

To reach this target state of optimized low-cost services, managed-service providers can focus on the brains of next-generation security products by concentrating innovation in areas such as data source integration and neural/logic engines. Enhancing and building data source integrations could yield indirect revenue opportunities and widen access to larger ecosystems—for example, as part of an open extended detection and response (XDR) concept. Spreading investment in neural/logic engines across both cutting-edge AI and static rules libraries will ensure that R&D efforts are measurably productive.

Expand managed services and create a midmarket-friendly solution

Demand for full-service offerings is set to rise by as much as 10 percent annually over the next three years. Providers should thus seek to develop bundled offerings that take advantage of hot-button use cases. And they ought to focus on outcomes, not technology.

A potentially rewarding approach would be to adopt co-creative models with managed-service providers (MSPs) to build workbench solutions. This would require investments in R&D and development tooling (for example, APIs) that allow MSPs to connect your platform to theirs rather than the other way around. Partnering will make it possible to create centers of excellence, which will lead to faster implementation and more efficient operations. The resulting improvement in customer outcomes will feed into the performance metrics of providers, and a more robust service layer will create a runway to master product market fit.

Rather than the common laundry list approach, vendors should adopt a clear MSP partnership strategy. Where necessary, they should invest in building collaborative sales capabilities with their partners. (In several cyber-partner programs, 20 percent of the partnerships generate 80 percent of the partners’ revenues.) Finally, vendors must articulate industry-specific use cases with tweaks to their products’ user interfaces and user experi­ences, as well as potential MSP and partner channel sales and marketing.

Winning companies will work with SMB-focused channel partners and optimize their marketing. That approach could involve partnerships with small-business software providers (such as tax prep software and cloud email and storage) and with vertical SaaS providers (such as payroll management and point-of-sales services). In some cases, it will make sense to replatform offerings as lighter-weight SaaS-first solutions, catering to buyers already deep in the trenches of SaaS transformations in other enterprise applications and platform realms.

The continuing digitization of the global economy, ever-increasing numbers of cyberattacks, and regulatory pressure on companies to protect their data present cybersecurity providers with a compelling opportunity. Amid talent deficits and the desire to boost log visibility, SMBs and midmarket players in particular are focused on implementing more advanced solutions.

With billions of dollars of revenues set to flow into the market in the next three years, providers should seize the moment. That means optimizing engage­ment with the cloud, developing a pricing model for the midmarket, embracing innovation, and expanding managed-service offerings to create midmarket-friendly solutions. In short, it means finding productive combinations of product, price, and services that vendors can tailor to target segments and are flexible enough to scale. If the industry can meet these priorities, it can start to create the momentum that will increase its penetration across segments and put the $2 trillion prize in play.

Bharath Aiyer is an associate partner in McKinsey’s Southern California office; Jeffrey Caso is an associate partner in the Washington, DC, office; Peter Russell is a consultant in the New York office; and Marc Sorel is a partner in the Boston office.

The authors wish to thank Hannah Chen, Bartlomiej Kazimierski, and Kevin Telford for their contributions to this article.

Explore a career with us

Related articles.

Building a cybersecurity culture from within: An interview with MongoDB

Perspectives on model risk management of cybersecurity solutions in banking

The unsolved opportunities for cybersecurity providers

TechRepublic

8 Best Data Science Tools and Software

Apache Spark and Hadoop, Microsoft Power BI, Jupyter Notebook and Alteryx are among the top data science tools for finding business insights. Compare their features, pros and cons.

EU’s AI Act: Europe’s New Rules for Artificial Intelligence

Europe's AI legislation, adopted March 13, attempts to strike a tricky balance between promoting innovation and protecting citizens' rights.

10 Best Predictive Analytics Tools and Software for 2024

Tableau, TIBCO Data Science, IBM and Sisense are among the best software for predictive analytics. Explore their features, pricing, pros and cons to find the best option for your organization.

Tableau Review: Features, Pricing, Pros and Cons

Tableau has three pricing tiers that cater to all kinds of data teams, with capabilities like accelerators and real-time analytics. And if Tableau doesn’t meet your needs, it has a few alternatives worth noting.

Top 6 Enterprise Data Storage Solutions for 2024

Amazon, IDrive, IBM, Google, NetApp and Wasabi offer some of the top enterprise data storage solutions. Explore their features and benefits, and find the right solution for your organization's needs.

Latest Articles

Some Generative AI Company Employees Pen Letter Wanting ‘Right to Warn’ About Risks

Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?

Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

Find out how the cyberespionage threat actor LilacSquid operates, and then learn how to protect your business from this security risk.

IBM’s Think 2024 News That Should Help Skills & Productivity Issues in Australia

TechRepublic interviewed IBM’s managing director for Australia about how announcements from the recent Think event could impact the tech industry in particular.

Cisco Live 2024: New Unified Observability Experience Packages Cisco & Splunk Insight Tools

The observability suite is the first major overhaul for Splunk products since the Cisco acquisition. Plus, Mistral AI makes a deal with Cisco’s incubator.

Top Tech Conferences & Events to Add to Your Calendar in 2024

A great way to stay current with the latest technology trends and innovations is by attending conferences. Read and bookmark our 2024 tech events guide.

Intel Lunar Lake NPU Brings 48 TOPS of AI Acceleration

Competition for AI speed heats up. Plus, the first of the two new Xeon 6 processors is now available, and Gaudi 3 deals have been cinched with manufacturers.

Cisco Live 2024: Cisco Unveils AI Deployment Solution With NVIDIA

A $1 billion commitment will send Cisco money to Cohere, Mistral AI and Scale AI.

The 5 Best Udemy Courses That Are Worth Taking in 2024

Udemy is an online platform for learning at your own pace. Boost your career with our picks for the best Udemy courses for learning tech skills online in 2024.

What Is Data Quality? Definition and Best Practices

Data quality refers to the degree to which data is accurate, complete, reliable and relevant for its intended use.

TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

What is the EU’s AI Office? New Body Formed to Oversee the Rollout of General Purpose Models and AI Act

The AI Office will be responsible for enforcing the rules of the AI Act, ensuring its implementation across Member States, funding AI and robotics innovation and more.

What is Data Science? Benefits, Techniques and Use Cases

Data science involves extracting valuable insights from complex datasets. While this process can be technically challenging and time-consuming, it can lead to better business decision-making.

Gartner’s 7 Predictions for the Future of Australian & Global Cloud Computing

An explosion in AI computing, a big shift in workloads to the cloud, and difficulties in gaining value from hybrid cloud strategies are among the trends Australian cloud professionals will see to 2028.

OpenAI Adds PwC as Its First Resale Partner for the ChatGPT Enterprise Tier

PwC employees have 100,000 ChatGPT Enterprise seats. Plus, OpenAI forms a new safety and security committee in their quest for more powerful AI, and seals media deals.

What Is Contact Management? Importance, Benefits and Tools

Contact management ensures accurate, organized and accessible information for effective communication and relationship building.

Create a TechRepublic Account

Get the web's best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let's start with the basics.

* - indicates required fields

Sign in to TechRepublic

Lost your password? Request a new password

Reset Password

Please enter your email adress. You will receive an email message with instructions on how to reset your password.

Check your email for a password reset link. If you didn't receive an email don't forgot to check your spam folder, otherwise contact support .

Welcome. Tell us a little bit about you.

This will help us provide you with customized content.

Want to receive more TechRepublic news?

You're all set.

Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add [email protected] to your contacts list.

Special Features

Vendor voice.

Cyber-crime

Multi-day DDoS storm batters Internet Archive

Think this is bad see what big media wants to do to us, warns founder.

Updated The Internet Archive has been under a distributed-denial-of-service (DDoS) attack since Sunday, and is trying to keep services going.

While the San Francisco institution has assured users that its collections and web archives are safe — that's the good news — it warns service remains spotty for the online library and its Wayback Machine.

Since the flood of phony network traffic began, attackers have launched "tens of thousands of fake information requests per second," according to Chris Freeland, director of library services at Archive.

Inside Internet Archive: 10PB+ of storage in a church

Whoever is doing the DDoSing remains unknown, Freeland added , and investigations are continuing.

And while the traffic tsunami has been "sustained, impactful, targeted, adaptive, and importantly, mean," it's not the biggest threat to the site, according to Brewster Kahle, founder and digital librarian of the Archive.

Specifically, he's talking about David-versus-Goliath-style lawsuits seeking to shut down the nonprofit internet library.

Kahle founded the nonprofit service – which provides free access to tons of digitized materials, from software and music to scans of print books — in 1996. It also hosts the Wayback Machine, which archives huge numbers of web pages, and is especially useful when pages mysteriously vanish or change significantly without any indication that editing has gone on. 

The Internet Archive is right now fighting legal battles against major US book publishing companies and record labels, which have charged the site with copyright infringement and are seeking hundreds of millions of dollars in damages.

"If our patrons around the globe think this latest situation is upsetting, then they should be very worried about what the publishing and recording industries have in mind," Kahle said, according to Freeland's blog. 

• Internet Archive sued by record labels as battle with book publishers intensifies
• How the Internet Archive faces potential destruction at the hands of Big Four publishers
• Archive.org's Wayback Machine is legit legal evidence, US appeals court judges rule
• Pew: Quarter of web pages vanished in past decade

Last August, UMG Recordings, Capitol Records, Concord Bicycle Assets, CMGI Recorded Music Assets, Sony Music, and Arista Music filed a lawsuit against the nonprofit. 

This followed an earlier 2020 lawsuit filed by dead-tree publishers including the Hachette Book Group, HarperCollins Publishers, John Wiley & Sons and Penguin Random House. In March 2023, a federal judge rejected the Internet Archive's claim that it has a fair use right to lend digital copies of each printed book that it has purchased.

This decision opens the digital archive up to potentially paying huge damages to the publishers and almost certainly shuttering the hard-up non-profit.

Last month, the Internet Archive took what is described as a "decisive final step" in the publishers' lawsuit  and submitted its final appellate reply brief. 

Kahle described the lawsuits as an attempt "to destroy this library entirely and hobble all libraries everywhere."

"But just as we're resisting the DDoS attack, we appreciate all the support in pushing back on this unjust litigation against our library and others," he added. ®

Updated to add

An anonymous gang calling itself SN_Blackmeta, which seems to be against US and Israeli interests and writes in English, Russian, and Arabic, has claimed responsibility for the DDoS attacks for reasons unknown. We'll take it with a grain of salt, and have put it to the Internet Archive for comment.

Narrower topics

• Advanced persistent threat
• Application Delivery Controller
• Authentication
• Common Vulnerability Scoring System
• Cybersecurity
• Cybersecurity and Infrastructure Security Agency
• Cybersecurity Information Sharing Act
• Data Breach
• Data Protection
• Digital certificate
• Identity Theft
• Incident response
• Kenna Security
• Palo Alto Networks
• Quantum key distribution
• Remote Access Trojan
• RSA Conference
• Surveillance
• Trusted Platform Module
• Vulnerability

Send us news

Other stories you might like

Tiktok confirms cnn, other high-profile accounts hijacked via zero-day vulnerability, 2.8m us folks learn their personal info was swiped months ago in sav-rx it heist, bayer and 12 other major drug companies caught up in cencora data loss, building cheaper, greener 5g networks.

Miscreants claim they've snatched 560M people's info from Ticketmaster

What is ransomhub looks like a knight ransomware reboot, hudson rock yanks report fingering snowflake employee creds snafu for mega-leak, flyingyeti phishing crew grounded after abominable ukraine attacks, mystery miscreant remotely bricked 600,000 soho routers with malicious firmware update, crooks threaten to leak 3b personal records 'stolen from background check firm', breachforums returns just weeks after fbi-led takedown, here's yet more ransomware using bitlocker against microsoft's own users.

• Advertise with us

Our Websites

• The Next Platform
• Blocks and Files

Your Privacy

• Cookies Policy
• Privacy Policy
• Ts & Cs

Copyright. All rights reserved © 1998–2024

RCMP cybercrime teams massively understaffed, says auditor general

The AG's office estimated that almost one-third of positions across the government were vacant

You can save this article by registering for free here . Or sign-in if you have an account.

Article content

OTTAWA — Canada’s auditor general has found the RCMP and other agencies tasked with dealing with cybercrime are under equipped and under-resourced to deal with crimes that are generating millions in profits to criminal gangs.

“We found breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations responsible for protecting Canadians from cybercrime,” reads Auditor General Karen Hogan’s report tabled in Parliament Tuesday morning.

Enjoy the latest local, national and international news.

• Exclusive articles by Conrad Black, Barbara Kay and others. Plus, special edition NP Platformed and First Reading newsletters and virtual events.
• Unlimited online access to National Post and 15 news sites with one account.
• National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
• Daily puzzles including the New York Times Crossword.
• Support local journalism.

Create an account or sign in to continue with your reading experience.

• Access articles from across Canada with one account.
• Share your thoughts and join the conversation in the comments.
• Enjoy additional articles per month.
• Get email updates from your favourite authors.

Don't have an account? Create Account

The auditor looked closely at the RCMP, Communications Security Establishment Canada, CRTC and Public Safety to see how they were handling the issue.

It found the RCMP were significantly understaffed and that there were issues of communication between all these different agencies.

“We estimated that almost one third of positions across all teams were vacant. In our view, having a plan to reduce human resource gaps across all responsible organizations is an important component of an updated National Cyber Security Strategy,” reads the report.

Hogan said the RCMP isn’t doing enough to figure out why people are leaving and why they are failing to attract new talent, though money does seem to be a central issue.

“RCMP officials told us that compensation was the main reason for these staffing challenges. The officials also told us that individuals doing the same cybercrime technical work in the private sector were typically paid more.”

Public Safety Minister Dominic Leblanc said the government knows the issue is only growing and the RCMP will have the resources they need.

Your guide to the world of Canadian politics. (Subscriber exclusive on Saturdays)

• There was an error, please provide a valid email address.

By signing up you consent to receive the above newsletter from Postmedia Network Inc.

A welcome email is on its way. If you don't see it, please check your junk folder.

The next issue of First Reading will soon be in your inbox.

We encountered an issue signing you up. Please try again

“Their work will only grow in importance over the coming years and that’s why we intend to ensure they have the resources they need to prevent cyber attacks and dismantle cyber criminal networks,” he said. 

Leblanc said the government will have a comprehensive approach to the problem to release soon.

“Our new National Cyber Security Strategy will outline a strengthened approach to protecting Canada’s economic interests and critical infrastructure from cyber threats and I look forward to releasing that very soon.”

Hogan took data from the Canadian Anti-Fraud Centre, a joint project of the RCMP, Competition Bureau and Ontario Provincial Police, which received reports of more than $500 million in fraud last year, a number that is only predicted to grow. She said it’s likely only about five to 10 per cent of crime is actually reported.

Hogan described a complex process where cybercrimes are currently reported to multiple different departments that often don’t communicate well together. She pointed to the Communications Security Establishment Canada (CSEC), which took in about 10,000 reports last year.

CSEC, Canada’s digital spy agency, is tasked with securing the networks of large federal government departments, critical infrastructure and can help private firms with cyber attacks, but they are not meant to investigate Canadians’ personal cyber crime issues.

She said roughly half of those 10,000 cases were found not to be within CSEC’s mandate, but the department didn’t follow up with many of those reports and redirect them to the right agency.

“We would have expected that they would have told those folks, you need to report this to a different place or pass it along to the organization that could have helped deal with their issue, but what we found is in 2,000 cases an individual never heard back,” Hogan said to MPs after the report was released.

She said that silence is unfair to Canadians who just want their issues properly addressed.

“Canadians are going to find it confusing and probably frustrating that they don’t know what’s happened to a report that they’ve made,” she said.

Hogan found that the CRTC also seemed to lack a good system for dealing with criminal cases that might come through their anti-spam line.

The agency has had the responsibility of dealing with spam calls and complaints about them since 2014. The auditor general found in rare cases this has led to the agency coming across cybercrime cases that it has not always handed off to the proper authorities.

“We found that most of the cybercrime-linked reports were not investigated by the CRTC. We found that during the three years in our audit period, the CRTC conducted only six investigations into anti-spam violations with links to cybercrime-linked incidents.”

It also found that in one case the CRTC essentially interfered in another investigation after failing to hold on to information that a police agency wanted.

“In one instance, to avoid being served with a search warrant by a law enforcement agency, the CRTC deleted evidence and returned electronic devices on an accelerated time frame to a person being investigated for violating the anti-spam legislation,” reads the report.

Hogan said there needs to be a one-stop shop for Canadians looking to report cybercrime.

“It shouldn’t be this confusing. Canadians should report (to) their federal government, and then the government should figure out who should get the report and act on it promptly.”

National Post [email protected]

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our daily newsletter, Posted, here .

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Elon Musk questions UBC's job posting: 'Is this even legal in Canada?'

Prime minister justin trudeau should 'repent,' half-brother says, video of joe biden at d-day ceremony sparks more questions about his health.

LeBlanc says it would be 'irresponsible' to release names of MPs who aided foreign meddling

Subscriber only. john ivison: behold the shattered wasteland of liberal government credibility.

Review: Silk & Snow’s Rattan Bed Frame is sturdy and stylish

A sustainable solid rubberwood bed frame with a handwoven rattan headboard

The best online deals in the Canadian retail space right now

Kilne, YETI, The Dad Hoodie and ILIA, to name a few

Advertisement 2 Story continues below This advertisement has not loaded yet, but your article continues below.

Kit + Ace review: Ranking my favourite pieces

First time trying clothes from the technical fashion Canadian retailer

Here’s where to buy glasses online in Canada

Plus, what you need to know before you start shopping

Our favourite bed sheets to make a dreamy bedroom oasis

We tried the best sheets for all kinds of sleepers — many Canadian-made using sustainable methods and materials

This website uses cookies to personalize your content (including ads), and allows us to analyze our traffic. Read more about cookies here . By continuing to use our site, you agree to our Terms of Service and Privacy Policy .

You've reached the 20 article limit.

You can manage saved articles in your account.

and save up to 100 articles!

Looks like you've reached your saved article limit!

You can manage your saved articles in your account and clicking the X located at the bottom right of the article.

Advertisement

Cybercrime, Differential Association, and Self-Control: Knowledge Transmission Through Online Social Learning

• Published: 08 November 2021
• Volume 46 , pages 935–955, ( 2021 )

Cite this article

• Thomas E. Dearden   ORCID: orcid.org/0000-0003-0549-927X 1 &
• Katalin Parti   ORCID: orcid.org/0000-0002-8484-3237 1  

2400 Accesses

8 Citations

1 Altmetric

Explore all metrics

In an increasingly digital world, our social interactions are increasingly moving online. Differential association and social learning theories suggest that we learn both moral definitions and the how-to of crime from those we associate with. In this paper we examine whether online or offline social learning leads to more self-disclosed forms of cyber-offending. Using a national online sample of 1,109 participants, we find both online and offline social learning are important correlates to cyber-offending. In addition, we predict that lower self-control will interact with social learning to further increase the likelihood of cyber-offending. Overall, we find that both social learning and self-control, individually and as an interaction, have a large effect-size in predicting cyber-offending.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Similar content being viewed by others

Social Media and Youth Mental Health

Uses and gratifications of problematic social media use among university students: a simultaneous examination of the big five of personality traits, social media platforms, and social media use motives.

The Misinformation Susceptibility Test (MIST): A psychometrically validated measure of news veracity discernment

Acar, A. (2008). Antecedents and consequences of online social networking behavior: The case of Facebook. Journal of Website Promotion, 3 (1-2), 62–83. https://doi.org/10.1080/15533610802052654

Article   Google Scholar  

Akers, R. L. (2009). Social learning and social structure: A general theory of crime and deviance. New Brunswick, NJ: Transaction.

Akers, R.L. (1998). Social learning and social structure: A general theory of crime and deviance. Boston, MA: Northeastern University Press.

Baek, H. (2018). Computer-specific parental management and online deviance across gender in South Korea: A test of self-control theory. International Journal of Cyber Criminology, 12 (1), 68–83. https://doi.org/10.5281/zenodo.1467844

Bettencourt, A. (2014). Empirical Assessment of Risk Factors: How Online and Offline Lifestyle, Social Learning, And Social Networking Sites Influence Crime Victimization. In BSU Master’s Theses and Projects. Item 10. Available at http://vc.bridgew.edu/theses/10 . Accessed 13 November 2020.

Brinker, D. L., Gastil, J., & Richards, R. C. (2015). Inspiring and informing citizens online: A media richness analysis of varied civic education modalities. Journal of Computer-Mediated Communication, 20 (5), 504–519. https://doi.org/10.1111/jcc4.12128

Boeringer, S., Shehan, C. L., & Akers, R. L. (1991). Social contexts and social learning in sexual coercion and aggression: Assessing the contribution of fraternity membership. Family Relations, 40 (1), 558–564.

Buker, H. (2011). Formation of self-control: Gottfredson and Hirschi's general theory of crime and beyond. Aggression and Violent Behavior, 16 (3), 265–276. https://doi.org/10.1016/j.avb.2011.03.005

Burgess, R. L., & Akers, R. L. (1966). A differential association reinforcement theory of criminal behavior. Social Problems, 14 (2), 128–147. https://doi.org/10.1525/sp.1966.14.2.03a00020

Burt, C. H., Simons, R. L., & Simons, L. G. (2006). A longitudinal test of the effects of parenting and the stability of self-control: Negative evidence for the general theory of crime. Criminology, 44 (2), 353–396. https://doi.org/10.1111/j.1745-9125.2006.00052.x

Burton Jr., V. S., Cullen, F. T., Evans, D. T., & Dunaway, R. G. (1994). Reconsidering strain theory: Operationalization, rival theories, and adult criminality. Journal of Quantitative Criminology, 10 (3), 213–239.

Burruss, G. W., Bossler, A. M., & Holt, T. J. (2012). Assessing the mediation of a fuller social learning model on low self-control’s influence on software piracy. Crime and Delinquency, 59 (8), 1157–1184. https://doi.org/10.1177/0011128712437915

Clevenger, S. L., Navarro, J. N., & Jasinski, J. L. (2014). A matter of low self-control? Exploring differences between child pornography possessors and child pornography producers/distributers using self-control theory. Sexual Abuse, 28 (6), 555–571. https://doi.org/10.1177/1079063214557173

Cohran, J. K., Sellers, C. S., Wiesbrock, V., & Palacios, W. R. (2011). Repetitive intimate partner victimization: An exploratory application of social learning theory. Deviant Behavior, 32 (9), 790–817. https://doi.org/10.1080/01639625.2010.538342

Daft, R. L., & Lengel, R. H. (1986). Organizational information requirements, media richness and structural design. Management Science, 32 (5), 554–571. https://doi.org/10.1287/mnsc.32.5.554

Daft, R. L., Lengel, R. H., & Trevino, L. K. (1987). Message equivocality, media selection and manager performance: Implications for information systems. Management Information Systems Quarterly, 11 , 355–366. https://doi.org/10.2307/248682

Davenport, T.H., & Beck, J.C. (2002). The Attention Economy. Understanding the New Currency of Business. United Kingdom: Harvard Business School Press

Donner, C. M., Marcum, C. D., Jennings, W. G., Higgins, G. E., & Banfield, J. (2014). Low Self-Control and Cybercrime: Exploring the Utility of the General Theory of Crime beyond Digital Piracy. Computers in Human Behavior, 34 , 165–172. https://doi.org/10.1016/j.chb.2014.01.040

Duckworth, A. L., Gendler, T. S., & Gross, J. J. (2016). Situational strategies for self-control. Perspectives on Psychological Science, 11 (1), 35–55. https://doi.org/10.1177/1745691615623247

Duckworth, A. L., Gendler, T. S., & Gross, J. J. (2014). Self-control in school-age children. Educational Psychologist, 49 , 199–217. https://doi.org/10.1080/00461520.2014.926225

Evans, J., & Mathur, A. (2005). The value of online surveys. Internet Research, 15 (2), 195–219.

Fox, K. A., Nobles, M. R., & Akers, R. L. (2011). Is stalking a learned phenomenon? An empirical test of social learning theory. Journal of Criminal Justice, 39 (1), 39–47. https://doi.org/10.1016/j.jcrimjus.2010.10.002

Gagnon, A. (2018). Extending Social Learning Theory to Explain Victimization Among Gang and Ex-Gang Offenders. International Journal of Offender Therapy and Comparative Criminology, 62 (13), 4124–4141. https://doi.org/10.1177/0306624X18763761

GlobalWebIndex (2020). Social. GlobalWebIndex’s Flagship Report on the Latest Trends in Social Media. Globalwebindex.com, https://www.globalwebindex.com/reports/social. Accessed November 13, 2020.

Gottfredson, M., & Hirschi, T. (1990). A General Theory of Crime. Stanford, CA: Stanford University Press.

Hay, C., & Forrest, W. (2006). The development of self-control: Examining self-control theory’s stability thesis. Criminology, 44 (4), 739–774. https://doi.org/10.1111/j.1745-9125.2006.00062.x

Hawdon, J. (2012). Applying differential association theory to online hate groups: A theoretical statement. Research on Finnish Society, 5 , 39–47.

Higgins, G. E., Fell, B. D., & Wilson, A. L. (2007). Low self-control and social learning in understanding students’ intentions to pirate movies in the United States. Social Science Computer Review, 25 (3), 339–357. https://doi.org/10.1177/0894439307299934

Higgins, G. E., Fell, B. D., & Wilson, A. L. (2006). Digital piracy: Assessing the contributions of an integrated self-control theory and social learning theory using structural equation modeling. Criminal Justice Studies, 19 (1), 3–22. https://doi.org/10.1080/14786010600615934

Higgins, G. E., & Makin, D. A. (2004a). Does social learning theory condition the effects of low self-control on college students’ software piracy? Journal of Economic Crime Management, 2 (2), 1–22.

Google Scholar  

Higgins, G. E., & Makin, D. A. (2004b). Self-control, deviant peers, and software piracy. Psychological Reports, 95 (3), 921–931. https://doi.org/10.2466/pr0.95.3.921-931

Higgins, G. E., & Wilson, A. L. (2006). Low self-control, moral beliefs, and social learning theory in university students’ intentions to pirate software. Security Journal, 19 (2), 75–92. https://doi.org/10.1057/palgrave.sj.8350002

Higgins, G. E., Wolfe, S. E., & Ricketts, M. L. (2009). Digital piracy: A latent class analysis. Social Science Computer Review, 27 (1), 24–40. https://doi.org/10.1177/0894439308321350

Hinduja, S., & Ingram, J. (2009). Social learning theory and music piracy: the differential role of online and offline peer influences. Criminal Justice Studies, 22 (4), 405–420. https://doi.org/10.1080/14786010903358125

Hinduja, S., & Ingram, J. (2008). Self-control and ethical beliefs on the social learning of intellectual property theft. Western Criminological Review, 9 (2), 52–72.

Hollinger, R. C. (1993). Crime by computer: Correlates of software piracy and unauthorized account access. Security Journal, 4 (1), 2–12.

Holt, T. J., Burruss, G. W., & Bossler, A. M. (2010). Social learning and cyber- deviance: Examining the importance of a full social learning model in the virtual world. Journal of Crime and Justice, 33 (2), 31–61. https://doi.org/10.1080/0735648X.2010.9721287

Hope, T. L., Grasmick, H. G., & Pointon, L. J. (2012). The family in Gottfredson and Hirschi's General Theory of Crime: Structure, parenting, and self-control. Sociological Focus, 36 (4), 291–311. https://doi.org/10.1080/00380237.2003.10571226

Hutchings, A., & Clayton, R. (2016). Exploring the Provision of Online Booter Services. Deviant Behavior, 37 (10), 1163–1178. https://doi.org/10.1080/01639625.2016.1169829

Ingram, J. R., & Hinduja, S. (2008). Neutralizing music piracy: An empirical examination. Deviant Behavior, 29 (4), 334–366. https://doi.org/10.1080/01639620701588131

Internetworldstats (2020). Internet usage statistics: The internet big picture, https://www.internetworldstats.com/stats.htm . Accessed April 20, 2021.

Ishii, K., Lyons, M. M., & Carr, S. A. (2019). Revisiting media richness theory for today and future. Human Behavior and Emerging Technologies, 1 , 124–131. https://doi.org/10.1002/hbe2.138

Kemp, S. (2020). Digital 2020. Global Digital Overview. We Are Social, Hootsuite, January 30, 2020, https://datareportal.com/reports/digital-2020-global-digital-overview . Accessed November 13, 2020.

Lanza-Kaduce, L., & Klug, M. (1986). Learning to cheat: The interaction of moral development and social learning theories. Deviant Behavior, 7 (3), 243–259. https://doi.org/10.1080/01639625.1986.9967710

Laub, J. H. & Sampson, R.J. (2003). Shared Beginnings, Divergent Lives: Delinquent Boys at Age 70. Boston, MA: Harvard University Press.

Lehdonvirta, V., Oksanen, A., Räsänen, P., & Blank, G. (2020). Social media, web, and panel surveys: using non-probability samples in social and policy research. Policy & Internet. https://doi.org/10.1002/poi3.238

Lehdonvirta, V., & Räsänen, P. (2011). How do young people identify with online and offline peer groups? A comparison between UK, Spain and Japan. Journal of Youth Studies, 14 (1), 91–108. https://doi.org/10.1080/13676261.2010.506530

Li, C. K., Holt, T. J., Bossler, A. M., & May, D. C. (2016). Examining the mediating effects of social learning on the low self-control—Cyber bullying relationship in a youth sample. Deviant Behavior, 37 (2), 126–138. https://doi.org/10.1080/01639625.2014.1004023

Lodge, J. M., & Harrison, W. J. (2019). The role of attention in learning in the digital age. Yale Journal of Biological Medicine, 92 (1), 21–28.

MacInnis, B., Krosnick, J. A., Ho, A. S., & Cho, M. J. (2018). The accuracy of measurements with probability and nonprobability survey samples: Replication and extension. Public Opinion Quarterly, 82 (4), 707–744. https://doi.org/10.1093/poq/nfy038

Malin, J., & Fowers, B. J. (2009). Adolescent self-control and music and movie piracy. Computers in Human Behavior, 25 (3), 718–722. https://doi.org/10.1016/j.chb.2008.12.029

Marcum, C. D., Higgins, G. E., Ricketts, M. L., & Wolfe, S. E. (2014). Hacking in high school: Cybercrime perpetration by juveniles. Deviant Behavior, 35 (7), 581–591. https://doi.org/10.1080/01639625.2013.867721

McCuddy, T., & Vogel, M. (2014). More than just friends: Online social networks and offending. Criminal Justice Review, 40 (2), 169–189. https://doi.org/10.1177/0734016814557010

McGloin, J. M., & O'Neill Shermer, L. (2009). Self-control and deviant peer network structure. Journal of Research in Crime and Delinquency, 46 (1), 35–72. https://doi.org/10.1177/0022427808326585

Meldrum, R. & Clark, J. (2013). Adolescent virtual time spent socializing with peers, substance use, and delinquency. Crime & Delinquency, 61 (8), 1104–1126., https://doi.org/10.1177/0011128713492499

Meldrum, R. C., Young, J. T., & Weerman, F. M. (2009). Reconsidering the effect of self-control and delinquent peers: Implications of measurement for theoretical significance. Journal of Research in Crime and Delinquency, 46 (3), 353–376. https://doi.org/10.1177/0022427809335171

Merkovity, N., Imre, R., & Owen, S. (2015). Homogenizing social media: Affect/effect and globalization of media and the public sphere. In Media and Globalization: Different Cultures, Societies, Political Systems (pp. 59-71) New York: Marie Curie-Sklodowska University Press (under Columbia University Press)

Miller, B., & Morris, R. G. (2016). Virtual peer effects in social learning theory. Crime and Delinquency, 62 (12), 1543–1569. https://doi.org/10.1177/0011128714526499

Moon, B., McCluskey, J. D., & McCluskey, C. P. (2010). A General Theory of Crime and computer crime: An empirical test. Journal of Criminal Justice, 38 (4), 767–772. https://doi.org/10.1016/j.jcrimjus.2010.05.003

Morris, R., & Blackburn, A. (2009). Cracking the code: An empirical exploration of social learning theory and computer crime. Journal of Crime and Justice, 32 (1), 2–32. https://doi.org/10.1080/0735648X.2009.9721260

Morris, R. G., & Higgins, G. E. (2010). Criminological theory in the digital age: The case of social learning theory and digital piracy. Journal of Criminal Justice, 38 (4), 470–480. https://doi.org/10.1016/j.jcrimjus.2010.04.016

Morris, R. G., & Higgins, G. E. (2009). Neutralizing potential and self-reported digital piracy: A multitheoretical exploration among college undergraduates. Criminal Justice Review, 34 (2), 173–195. https://doi.org/10.1177/0734016808325034

Na, C., & Paternoster, R. (2012). Can self-control change substantially over time? Rethinking the relationship between self- and social control. Criminology, 50 (2), 427–462. https://doi.org/10.1111/j.1745-9125.2011.00269.x

Nicolaides, A. (2012). Globalisation and Americanisation – The hijacking of indigenous African culture. Global Advanced Research Journal of History, Political Science and International Relations, 1 (6), 118–131.

Nodeland, B., & Morris, R. (2020). A test of social learning theory and self-control on cyber offending. Deviant Behavior, 41 (1), 41–56. https://doi.org/10.1080/01639625.2018.1519135

Osgood, D., & Anderson, A. (2004). Unstructured socialization and rates of delinquency. Criminology, 42 (3), 519–550. https://doi.org/10.1111/j.1745-9125.2004.tb00528.x

Osgood, D., Wilson, J., O’Malley, P., Bachman, J., & Johnston, L. (1996). Routine activities and individual deviant behavior. American Sociological Review, 61 (4), 635–655. https://doi.org/10.2307/2096397

Pempek, T., Yermolayeva, Y., & Calvert, S. (2009). College students’ social networking experiences on Facebook. Journal of Applied Developmental Psychology, 30 (3), 227–238. https://doi.org/10.1016/j.appdev.2008.12.010

Peng, M., Chen, X., Zhao, Q., & Zhou, Z. (2018). Attentional scope is reduced by Internet use: A behavior and ERP study. PLoS ONE, 13 (6), e0198543. https://doi.org/10.1371/journal.pone.0198543

Pratt, T. C., Cullen, F. T., Sellers, C. S., Winfree Jr., L. T., Madensen, T. D., Daigle, L. E., et al. (2010). The empirical status of social learning theory: A meta-analysis. Justice Quarterly, 27 (6), 765–802. https://doi.org/10.1080/07418820903379610

Restubog, S. L. D., Garcia, P. R. J. M., Toledano, L. S., Amarnani, R. K., Tolentino, L. R., & Tang, R. L. (2011). Yielding to (cyber)-temptation: Exploring the buffering role of selfcontrol in the relationship between organizational justice and cyberloafing behavior in the workplace. Journal of Research in Personality, 45 (2), 247–251. https://doi.org/10.1016/j.jrp.2011.01.006

Rogers, M.K. (2001). A Social Learning Theory and Moral Disengagement Analysis of Criminal Computer Behavior: An Exploratory Study. Unpublished doctoral dissertation, University of Manitoba, Winnipeg.

Schroeder, R. D., & Ford, J. A. (2012). Prescription drug misuse: A test of three competing criminological theories. Journal of Drug Issues, 42 (1), 11–27. https://doi.org/10.1177/0022042612436654

Sellers, C. S., Cochran, J. K., & Branch, K. A. (2005). Social learning theory and partner violence: A research note. Deviant Behavior, 26 (4), 379–395. https://doi.org/10.1080/016396290931669

Sellers, C. S., Cochran, J. K., & Winfree, L. T., Jr. (2003). Social learning theory and courtship violence: An empirical test. In R. L. Akers & G. F. Jensen (Eds.), Advances In Criminological Theory: Vol. 11. Social Learning Theory And The Explanation of Crime: A Guide For The New Century (pp. 109-128). New Brunswick, NJ: Transaction.

Shadmanfaat, S. M., Howell, C. J., Muniz, C. N., Cochran, J. K., & Kabiri, S. (2018). The predictive ability of self-control and differential association on sports fans’ decision to engage in cyber bullying perpetration against rivals. International Journal of Cyber Criminology, 12 (2), 362–375. https://doi.org/10.5281/zenodo.3365618

Simmons, A. D., & Bobo, L. D. (2015). Can non-full-probability internet surveys yield useful data? A comparison with full-probability face-to-face surveys in the domain of race and social inequality attitudes. Sociological Methodology, 45 (1), 357–387. https://doi.org/10.1177/0081175015570096

Skinner, W. F., & Fream, A. M. (1997). A social learning theory analysis of computer crime among college students. Journal of Research in Crime and Delinquency, 34 (4), 495–518. https://doi.org/10.1177/0022427897034004005

Steger, M. (2013). Globalization: A Very Short Introduction (3 rd ed.). Oxford (UK): Oxford University Press.

Sutherland, E. H. (1947). Principles of Criminology (4th ed.). Philadelphia, PA: Lippincott.

Sutherland, E.H., Cressey, D.R., & Luckenbill, D. (1995). The theory of differential association. In N.J. Herman (ed.) Deviance. A Symbolic Interactionist Approach. (pp. 64—71). Lanham, MD: General Hall

Tasheuras, O. N. (2019). Fostering resiliency and preventing re-victimization: A proposed social learning theory intervention for adult survivors of childhood sexual abuse. Crisis, Stress and Human Resilience: An International Journal, 1 (1), 22–27.

U.S. Census Bureau (2019). https://www.census.gov/quickfacts/fact/table/US/RHI125218#RHI125218 . Accessed November 13, 2020.

Van Ouytsel, J., Ponnet, K., & Walrave, M. (2017). Cyber dating abuse: Investigating digital monitoring behaviors among adolescents from a social learning perspective. Journal of Interpersonal Violence, 37 (23-24), 5157–5178. https://doi.org/10.1177/0886260517719538

Van Zoonen, L. (2013). From identity to identification: fixating the fragmented self. Media, Culture and Society, 35 (1), 44–51. https://doi.org/10.1177/0163443712464557

Vazsonyi, A. T., Machackova, H., Sevcikova, A., Smahel, D., & Cerna, A. (2012). Cyber bullying in context: Direct and indirect effects by low self-control across 25 European countries. European Journal of Developmental Psychology, 9 (2), 210–227. https://doi.org/10.1080/17405629.2011.644919

Walters, G. (2020). Explaining the drug-crime connection with peers, proactive criminal thinking, and victimization: Systemic, cognitive social learning, and person proximity mechanisms. Psychology of Addictive Behaviors. https://doi.org/10.1037/adb0000606

Wansink, B. (2001). Editorial: The Power of Panels. Journal of Database Marketing & Customer Strategy Management, 8 (3), 190–194.

Warr, M. (2002). Companions in Crime: The Social Aspects of Criminal Conduct . Cambridge University Press.

Book   Google Scholar  

Weerman, F., Bernasco, W., Bruinsma, G., & Pauwels, L. (2013). When is spending time with peers related to delinquency? The importance of where, what, and with whom. Crime & Delinquency, 61 (10), 1–28. https://doi.org/10.1177/0011128713478129

Weinberg, J. D., Freese, J., & McElhattan, D. (2014). Comparing data characteristics and results of an online factorial survey between a population-based and a crowdsource-recruited sample. Sociological Science , 1 , 292—310. DOI 10.15195/v1.a19

White, H. R., Pandina, R. J., & LaGrange, R. L. (1987). Longitudinal predictors of serious substance use and delinquency. Criminology, 25 (3), 715–740. https://doi.org/10.1111/j.1745-9125.1987.tb00816.x

Winfree Jr., L. T., Mays, G. L., & Vigil-Backstrom, T. (1994). Youth gangs and incarcerated delinquents: Exploring the ties between gang membership, delinquency, and social learning. Justice Quarterly, 11 (2), 229–256.

Download references

This research was funded by the Center for Peace Studies and Violence Prevention at Virginia Tech. Grant number 105-19.

Author information

Authors and affiliations.

Virginia Tech, Blacksburg, VA, USA

Thomas E. Dearden & Katalin Parti

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Thomas E. Dearden .

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Dearden, T.E., Parti, K. Cybercrime, Differential Association, and Self-Control: Knowledge Transmission Through Online Social Learning. Am J Crim Just 46 , 935–955 (2021). https://doi.org/10.1007/s12103-021-09655-4

Download citation

Received : 14 December 2020

Accepted : 22 June 2021

Published : 08 November 2021

Issue Date : December 2021

DOI : https://doi.org/10.1007/s12103-021-09655-4

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Social Learning
• Differential Association
• Online Crime
• Find a journal
• Publish with us
• Track your research