The importance of a context-specific approach
Although general guidance is available to help countries develop cybercrime strategies and responses, the specific needs and circumstances of individual countries will naturally vary. The impacts of cybercrime on individuals and businesses depend on economic and social factors, such as a country’s level of digitization. Furthermore, the transnational nature of cybercrime means that some countries suffer disproportionately from being targeted by cybercriminals from outside their jurisdictions, while others might be home to criminals whose victims are located elsewhere. The distinction may impact the level of priority that any one country might apply to countering cybercrime relative to other needs. The kinds of interventions that are viable also depend on the capabilities and resources available in the country. Likewise, a country’s ability to take effective action against perpetrators will depend on contextual factors, such as the technical maturity of its law enforcement agencies, and the availability of resources and specialist support in the wider economy.
The transnational nature of cybercrime means that some countries suffer disproportionately from being targeted by cybercriminals from outside their jurisdictions, while others might be home to criminals whose victims are located elsewhere.
Understanding a country’s context and risk landscape is therefore crucial when it comes to identifying its cybercrime priorities. These priorities will in turn determine the capabilities and resources that the country needs. Context and risk will define the extent of the authorities’ engagement with external stakeholders, including foreign partners and private sector entities. Those two factors will also define what is realistic in terms of public engagement, and the extent to which individuals and small businesses can be expected to protect themselves.
However, while acknowledging the differences between countries, several common enablers can be identified that are necessary to tackle cybercrime. These enablers include the right substantive and procedural legislation; agencies that are empowered and equipped to act; and mechanisms to facilitate collaboration with both domestic and international partners. There are also specific technical capabilities that most, if not all, countries need to investigate and prosecute cybercrimes, or other crimes with a digital component – such as an ability to preserve, collect and share digital evidence nationally and across borders.
Methodology
The project team adopted a comprehensive approach in developing the SACC framework, starting with a review of existing guidance on formulating cybercrime policies to identify areas where additional guidance could be beneficial. Following this review, the project team brought together a group of cybercrime experts to advise on methodology, and organized a workshop to gather perspectives on the strategic approaches to combating cybercrime. This workshop served as an interactive platform for cybercrime practitioners operating at both the national and international levels to share insights, and to help inform and validate the framework’s methodology.
(It is important to note that the framework also served as the basis for Chatham House’s 2023 toolkit on integrating gender in cybercrime capacity-building. This toolkit provides actionable strategies for integrating gender considerations into cybercrime capacity-building efforts.)
To test the SACC framework in a regional context and refine its approach, the project team conducted a series of interviews with ASEAN cybercrime practitioners, and organized a simulation exercise in Singapore in collaboration with INTERPOL. The latter used a real-life scenario and crisis timeline unfolding at both national and regional levels, placing emphasis on the different stages of the framework. The objective of this exercise was to initiate a structured discussion with ASEAN stakeholders about their cybercrime planning, and to collectively identify ways in which the framework could help strengthen national planning and regional collaboration.