The SACC framework is based on a cybercrime-response life cycle developed by the team and has five sequential stages. This life cycle shows the multifaceted nature of addressing cybercrime, and the complex interplay between policy, technology and the evolving landscape of online criminal activity.
The five stages of the framework are:
- Stage 1: Strategy development. At the outset of developing a strategy to tackle cybercrime, it is critical to understand the context and risk, establish how tackling cybercrime supports the country’s broader political, economic and social objectives, and translate this insight into a set of strategic interventions that suit the country’s specific circumstances and needs.
- Stage 2: Establishing the enablers. Subsequently, government bodies must put in place the legislation, operational mandates and collaborative frameworks needed to counter cybercrime.
- Stage 3: Establishing operational capability. Capacity-building is critical through the development of technical capabilities and the provision of operational resources for criminal justice authorities, law enforcement and other entities mandated to counter cybercrime. These efforts need to achieve the right balance between disruptive measures to pursue and deter cybercriminals and preventative measures to reduce the susceptibility of potential victims.
- Stage 4: Tasking and prioritization. Governments must establish processes to apply resources in a way that ensures optimal impact, and which retains and develops public confidence and trust in the country’s ability to respond effectively.
- Stage 5: Evaluation. Finally, authorities must develop mechanisms and procedures to evaluate the outcome of individual actions to counter cybercrime, alongside the overall effectiveness of their approach.
The consequences of cybercrime can vary significantly based on who the victims are. For instance, online harassment and stalking, unauthorized sharing of intimate content and identity theft are all examples of online crimes that disproportionately affect women and marginalized groups. Recognizing such differentiated impacts is crucial for the development of effective cybercrime policies that address the unique vulnerabilities of diverse groups and ensure comprehensive protection for all victims.
The consequences of cybercrime can vary significantly based on who the victims are. Recognizing such differentiated impacts is crucial for the development of effective cybercrime policies.
Each stage of the framework includes questions relating to equality, diversity and inclusion (EDI) aimed at assisting policymakers in embedding EDI practices into their strategic processes. The questions in the framework have been devised with groups in mind, and can be amended as appropriate to focus on groups specific to a country’s context. For example, if a country requires a gender-based analysis of the impact of cybercrime, the framework’s questions §can be amended to refer more specifically to gender (rather than race, religion or other protected characteristics).
The following section elaborates on the relevance to practitioners of each of the five stages, followed by the questions to be asked during each stage.
Stage 1: Strategy development
Stage 1 enables practitioners to explore how cybercrime risks and priorities are perceived, identified and assessed at the national level – particularly with regard to their impact. In addition, this stage can be used to examine whether strategic assessment is reflected in an existing formal or informal cybercrime strategy (or other documents), and, if so, how this strategy was developed, how it is implemented, and the extent to which it has political support and commitment from national leaders.
The questions included in this stage explore how cybercrime is defined, how different stakeholders are engaged in the development and implementation process, what authority they have over other stakeholders responsible for delivering aspects of the strategy, and what the existing mechanisms are for accountability. Stakeholder engagement is an ongoing process. This stage therefore also includes questions on how the strategy and progress is communicated. In addition, it covers the existing budgetary models and how they are applied. Finally, Stage 1 includes questions on EDI, to ensure interventions do not reinforce traditional or outdated perceptions of crime and crime prevention measures.
Stage 2: Establishing the enablers
While measures aimed at countering cybercrime can fall within existing statutes, most countries have found that new substantive and procedural legislation is required to effectively investigate cybercrimes, particularly those taking place across jurisdictions, and to protect victims. Stage 2 explores the enablers – such as legislation and funding – needed to support the delivery of effective cybercrime interventions. This stage also examines the agencies involved in tackling cybercrime, their mandates, and the existing checks, balances and safeguards in place.
Furthermore, Stage 2 includes questions regarding the budgetary arrangements necessary to align resource allocation with the actual demands on both policymaking and operational agencies. The establishment of processes is crucial for resolving trade-offs in the realm of cybercrime, and those between cybercrime and other urgent public safety concerns.
The set of questions at Stage 2 also interrogates how legislation, operational mandates and collaborative frameworks acknowledge the EDI implications of justice processes. This involves assessing legislative frameworks for any aspects that may reinforce marginalization; improving access to justice for marginalized individuals; and ensuring that legislative drafting is inclusive and representative.
Stage 3: Establishing operational capability
Combating cybercrime is intensive in terms of technology and resources. Each country must identify its own capability, priorities and gaps, and allocate adequate resources. The questions at Stage 3 seek to examine the basis on which budgeting decisions are made. The rolling or incremental budgeting practices that are common in the public sector across the world tend not to be suited to dealing with the dynamic nature of the cybercrime threat. It may therefore be necessary to conduct regular reviews of the overall level of priority accorded to cybercrime relative to other types of crime, rather than simply assuming that historic priorities reflect the current level of harm. The set of questions also seeks to explore the balance between disruptive measures to pursue and deter cybercriminals, and preventative measures to reduce potential victims’ exposure to risk. Scalable cybercrime prevention measures can provide a much greater return on investment than reactive investigation, although both are important deterrents.
These efforts should also consider mechanisms, means and opportunities to enable individuals, institutions, groups and organizations to foster advocates, perform functions, solve problems, and set and achieve EDI objectives, in ways that are both sustainable and transformative.
Stage 4: Tasking and prioritization
To meaningfully reduce the harm caused by cybercrime, high-level objectives need to be translated into operational actions. Given the range of potential interventions available, decision-makers – in consultation with other stakeholders – need to decide which combination will be most effective.
Stage 4 can be used to assess how operational decisions on resource allocation are made, and how the balance between pursuing strategic outcomes and responding to more immediate threats is struck. The questions focus on which cybercrimes are prioritized in terms of response, investigation and prevention. They also cover the sources, use and application of intelligence to inform priorities, and the operating procedures in place to support anti-cybercrime activities like crime reporting and victim support.
Those responsible for making and delivering operational decisions and processes should understand the causes of vulnerability. Teams that are equipped to understand how EDI interacts with their area of work, and which include diverse voices in their governance, will be able to develop processes that better reflect the needs of victims and reduce the targeting of specific vulnerable groups.
Stage 5: Evaluation
The ultimate measure of a strategy’s success is the extent to which the damage caused by cybercrime is reduced and the country’s overall economic and social goals remain unaffected. As the cybercrime landscape is constantly evolving, it is important to have mechanisms in place to measure the effectiveness of an approach in order to readjust it as necessary.
Stage 5 of the framework can be used to examine how a country evaluates its activities at the operational, tactical and strategic levels, and how this information is used to improve that country’s strategic response to cybercrime risks. This includes (but is not limited to): evaluating the efficacy of operations, investigations and the overall strategy; monitoring; and addressing budgetary considerations. This stage also looks at the exercises already in place to prepare key stakeholders for major cybercrime incidents, and how lessons are learned for future activities to improve the country’s resilience.
From an EDI perspective, Stage 5 also involves ensuring and actively seeking meaningful multi-stakeholder interventions, reassessing EDI considerations, and committing to evaluate anti-cybercrime actions through an EDI lens.