Cybercrime-impact in Australian-economy: Policy-design for Marginalizing the Problem
Rahman AM and Islam S
Published on: 2023-05-08
Abstract
Today’s technology-driven human society(s) country-wise are counted more than ever before, and Australia's society is no exception. Tech-users here compete for comparative time-saving options for marginalising operating costs. It has resulted in huge data usage and a high number of users and devices, which has attracted criminals to take advantage, which is called cybercrime. In addressing cybercrime, Australia, like other countries, is not out of control of laws. However, laws like cybercrime in our society are not always for absolutely cutting the crime. Thus, besides having a cybercrime law in place, Australia needs a piecemeal approach in practise where a department may vary from the approaches of other departments. With awareness about risky online behaviours and options, tech users as defenders are needed to invest their own efforts. Voluntary Insurance (VI) is proposed as a new product in the network-service market. This study has laid out the foundation of the VI proposal underpinning Akim’s model using the Theory of Consumer Choice and Behaviours and Welfare Analysis. The presence of VI as a new product in the network-service market can ensure the tech-user’s own efforts to be on the safe side, where approaches to having VI vary from department to department. Having access to the VI and the network service market’s efforts on promoting awareness, the tech user’s actual utility received is the sum of utility received from awareness and own effort and utility received from cybercrime law. Any changes to services received from the joint efforts may make tech users vulnerable. Welfare analysis shows tech-users' actions—awareness and own effort—besides cybercrime law can create net social gain, which largely depends on tech-users' own actions. The tech user’s economic surplus is greater than government expenses for the implementation of cybercrime law in Australia. Net loss to Australia is the sum of deadweight loss and net loss to technology producers for underutilised resources.
Keywords
Cybercrime; Sense of responsibility; Awareness & own-effort; Perceived-risks; Theory of Consumer Choice & BehaviorsIntroduction
Today’s humankind lives in a world of business mentality with technology-driven lifestyles where services are conducted in a multi-faucet, competitive, and rational manner [1]. In this technology-driven world, time values are counted more than ever before around the globe, and Australian society is no different. Over the last decade, like people in many developed countries, most Australians have embraced intensive ICT utilisation in their daily activities [2]. As a result of meeting society’s needs, other sectors, including the service sector like the banking system, are modernised [3]. Here, tech users compete for comparative time-saving options, marginalising their operating costs. This continued development of ICT utilisation in other areas, namely social media facilitation, internet shopping, and reservation, has created a powerful economy while enabling borderless exchange of information. The Internet, computers, cell phones, and other forms of technology have revolutionised every aspect of human life over the past few years [4]. On top of this, the ongoing COVID-19 brings blessings globally for service providers who supply services meeting the high-rising market demands for electronic communications in multiple faucets, including working from home, banking, shopping, obtaining news, and entertaining ourselves. [3].
However, these advancements have created huge opportunities for committing various forms of crime. These online crimes are commonly known as cybercrime [5]. Thus, cybercrime can be viewed as a large umbrella term that encompasses computer-assisted crime, in which computers and technology are used in a supporting role, including the use of computers to send harassing messages.
With global cybercrime damages predicted to cost up to $10.5 trillion annually by 2025, not getting caught in the landslide is a matter of taking in the right information and acting on it quickly [6]. As of 2020 data statistics, Iceland stands first when it comes to cybercrime risk, while Australia positions third on the globe [7]. As reported by the Australian Institute of Criminology, based on a survey conducted in 2019, 34 percent of respondents had experienced some pure cybercrime, and 14 percent were victimised in 2019 in Australia [8]. In other words, nearly 6.7 million Australian adults were victims of pure cybercrime, and 2.8 million Australians were victimised in 2019.
Drawing on these population estimates, the total estimated economic impact of pure cybercrime was $3.5 billion in 2019. In this estimated cost, 1.9 billion dollars were directly lost by the victims, $597 million was spent dealing with the consequences of victimisation, and $1.4 billion was spent on prevention costs, where victims recovered $389 million [8]. Furthermore, on cost aspects, the Australian Cyber Security Centre reported that it had received 144 reports of cybercrime relating to small businesses per day in 2019, costing small businesses an estimated $300 million per day [9]. These are the common scenarios of risk factors and costs associated with today’s technology-facilitated usages around the globe without boundaries.
In addressing the issues in the digital arena, the Australian Government is not out of control by laws. But it needs a framework that can ensure effective communications on cyber-security defence within and outside its agencies. Particularly, it needs a piecemeal approach in practise, where the approach for one department may vary from the approach for another department. Along with raising customers' awareness about risky online behaviours, tech-users are needed to put their own efforts underpinning the awareness.
Thus, besides having a cybercrime law in place, this study takes on the challenges of effective policy design underpinning Akim’s Model [1&10] for marginalising the magnitudes of the cybercrime problem in the Australian economy. In other words, this study advances with the application of Akim’s Model [1&10] as a policy proposal for the Australian economy, where welfare analysis aims to attract Australians’ lawmakers’ attention by addressing the problem sooner rather than later.
Literature Review
Cybercrime is not new in today’s technology-driven world. Like in many countries, the national security awareness campaign was launched in Australia first in November 2007 [11]. In a study based on survey data statistics, it was reported that in 2010, several users lost their Australian bank savings through internet fraud [12]. Over the years, hackers stole data relating to ATMs and credit cards from processing companies and adjusted available balances on these accounts [11&12]. Later, these cards were distributed to other hackers who targeted countries to withdraw large volumes of cash [11].
Digital banking's perceived risk or threat has further increased globally during COVID-19. On marginalising the dilemma of perceived risk in bank-led digital banking services, a distinctive policy proposal, also known as Akim’s model, was made in the literature [1&10]. Based on the model, it is expected that voluntary insurance (VI) will be a new product in the network-service market. Thus, the proposed VI in the network-service market in Australia can be instrumental in addressing the perceived risk or possibilities of fraud in the digital arena, where approaches may vary from department to department or sector to sector.
The UNDP Report of 2012 reveals that there is enormous potential in the Middle East to build strong e-government portals that can enhance digital communication and reduce operational costs by up to 95 percent [13]. This transformation into technology-driven smart cities or nations requires the cooperation, coordination, and commitment of all stakeholders and the deployment of the right set of skills and infrastructure. Otherwise, it can open paths for criminals. Thus, it causes cyber-threats, which are already at an exponential rate in Australia.
All this creates a demand among rational policymakers for a cost-perspective analysis of online and electronic crime and abuse, which was missing until now. So, it creates a gap in relevant literature. This study therefore sets out to use the Welfare Analysis Technique for assessing the probable costs of cybercrime in a country-wise economy such as Australia's, which can fill the gap in the literature. It further proposes a policy model, which is called the "Akim Model-2021," underpinning the Theory of Consumer Choices and Behaviours, besides having a cybercrime law in place.
Why Australian economy?
There has been a rapid escalation and intensification of cybercrime activities originating in and targeting Australia, which is the largest Oceania country, and Middle East countries. On the cyber-risk aspect, in Figure 1, Australia places the 3rd position in the world, even though it is not absolutely prepared, but it is well prepared to meet the crisis (Table 1).
Such activities are financially as well as politically and ideologically motivated [14]. Australia, officially known as the Commonwealth of Australia, is a sovereign country. It forms the mainland of the Australian continent, the island of Tasmania, and numerous other smaller islands. Australia is the largest country by area in Oceania and the world's sixth-largest country.
Australia is an advanced country with a mixed economy. As of 2023, Australia was the 13th-largest national economy by nominal GDP (gross domestic product), the 19th-largest by PPP-adjusted GDP and was the 22nd-largest goods exporter and 24th-largest goods importer [15,16&28]. Australia took the record for the longest run of uninterrupted GDP growth in the developed world with the March 2017 financial quarter. It was the 103rd quarter and the 26th year since the country had a technical recession (two consecutive quarters of negative growth). As of June 2021, the country's GDP was estimated at $1.98 trillion. The Australian economy is dominated by its service sector, which in 2017 comprised 62.7% of the GDP and employed 78.8% of the labor force. At the height of the mining boom in 2009–10, the total value-added of the mining industry was 8.4% of GDP [16]. Despite the recent decline in the mining sector, the Australian economy had remained resilient and stable and did not experience a recession from 1991 until 2019 [15].
Since the formation of the Federation, Australia has developed rapidly and is now noted for its modern infrastructure, international events, and status as a trade and transport hub [17]. Thus, Australia’s prospects appear to be like those of Dubai, which has also diversified into exhibitions, events, ICT, re-export, and financial sectors. Taking advantage of its location and position, Australia has over the years built its National Innovation Strategy to become the leading innovation nation. It has begun its journey by defining the word "innovation" in multi-faucets. They are: a) the desire of individuals, private institutions, and the government to
generate creative ideas b) innovative products and services that improve quality of life; and c) promote economic growth and increase competitiveness [18]. These strategies have mainly focused on the development of smart cities, updating software and applications, and using disruptive methodologies such as nanotechnology, artificial intelligence, etc. to ensure the swift implementation of technology across various industries [18].
Transformation into a smart nation requires the cooperation, coordination, and commitment of all stakeholders, as well as the deployment of the right set of skills and infrastructure. These can help ensure security no matter what country or society we talk about. It would not be overstated to say that possible "glitches" seem to be minimised but not eliminated. Thus, authorities should consider possible security risks at hand in the form of smart security and cyber-security policies for cities like Canberra and Sydney and the grid infrastructure. So, an e-security policy needs to be adopted for the protection of a truly modern and technologically advanced city.
All these progressions in multi-faucets and the continuation of high-rise economic growth in Australia, particularly in cities like Canberra and Sydney, will create global villages where social engagement will boom further over the Internet. All these make Australia more vulnerable to cybercrime or cyber-attacks than any other smart city on the globe.
With these technological and economic progressions in multi-faucets, Australia has been suffering from the issue of cybercrime, even though Australia has a cybercrime law in place [19&20]. Direct and indirect impacts and costs evolved from cybercrime in Australia are shown in Figure 2, where reputational cost is the highest and cost from customer behavioural changes is the least. Despite these social costs, besides the cybercrime law in place, Figure 3 shows that 52 suffering from the issue of cybercrime, even though Australia has a cybercrime law in place [19&20]. Direct and indirect impacts and costs evolved from cybercrime in Australia are shown in Figure 2, where reputational cost is the highest and cost from customer behavioural changes is the least. Despite these social costs, besides the cybercrime law in place, Figure 3 shows that 52% of business firms in Australia do not have cybercrime insurance. In order to effectively face the perceived risk factors, the government may consider a voluntary insurance approach underpinning Akim’s model [1&10].
In 2017, through debit and credit card fraud, the accumulated amount of monetary loss was 1554 Australian dollars, which was the highest among seven categories of financial fraud in Australia (Figure 4), where online purchase fraud was the lowest. On the type of cybercrime, Figure 3 shows that 53% of electronic devices were infected by malware in 2017. Figure 5 further shows that nearly 23% of technical support was defrauded in the same year that 31.5% of businesses were disrupted. Since Australia has the highest number of internet users and since cities like Canberra and Sydney are the world’s business hubs [21], this will require the highest technological usage in the years ahead.
A prompt and broader involvement of stakeholders within and beyond is needed to ensure the effectiveness and efficiency of cyber-security defence efforts. However, due to independent efforts, most authorities’ country-wise now have their own cybercrime prevention acts, which has caused inefficiency in the law in practise. In the absence of a broader involvement of parties domestically and globally, the cybercrime impact is getting worse in terms of financial and social costs [21].
Types of Cybercrime: What is it, and how does it happen in reality?
Cybercrime is criminal activity that either targets or uses a computer, a computer network, or a network device. Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money from the costs or damages of someone else. Cybercrime is conducted by individuals or organisations. Cybercriminals are organised, use advanced techniques, and are highly technically skilled. Others are novice hackers. Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal, as we see in today’s technological world.
Categories and types of cybercrime
Cybercrimes can be classified into distinct categories including
- Cyber-trespass (e.g., unauthorized system access)
- Cyber-deception / theft (e.g., identity theft, online fraud, digital piracy)
- Cyber-porn/obscenity (e.g., child sexual exploitation materials) and
- Cyber-violence (e.g., cyber stalking; cyber terrorism) (Holt, Bossler, and Seigfried-Spellar 2018; Wall 2001).
Several types of cybercrime
- Email and internet fraud
- Identity fraud (where personal information is stolen and used)
- Theft of financial or card payment data
- Theft and sale of corporate data
- Cyber extortion (demanding money to prevent a threatened attack)
- Ransom ware attacks (a type of cyber extortion)
- Crypto jacking (where hackers mine crypto currency using resources they do not own)
- Cyber espionage (where hackers access government or company data)
The US Department of Justice recognizes a third category of cybercrime, which is where a computer is used as an accessory to commit the crime. An example of this is using a computer to store stolen data. So, the US has signed the European Convention on Cybercrime. It casts a wide net, and there are malicious computer-related crimes that it considers cybercrime. For example
- Illegally intercepting or stealing data
- Interfering with systems in a way that compromises a network.
- Infringing copyright
- Illegal gambling
- Selling illegal items online
- Soliciting, producing, or having child pornography
Cybercriminals may infect computers with viruses and malware to damage devices or stop them from working. They may also use malware to steal data. Cybercrime that stops users from using a machine or network or prevents a business from supplying a software service to its customers is called a denial-of-service (DoS) attack [22].
Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread malware, illegal information, or illegal images. Sometimes cybercriminals conduct both categories of cybercrime at once. They may target computers with viruses first. Then, use them to spread malware to other machines or throughout a network. Cybercriminals may also conduct what is known as a distributed denial-of-service (DDoS) attack. This is like a DoS attack, but cybercriminals use compromised computers to carry it out.
How does it happen?
In this subsection, we look at famous examples of several types of cybercrime attacks used by cybercriminals. It can be helpful to understand what counts as cybercrime.
Malware Attacks
A malware attack is when a computer system or network is infected with a computer virus or other type of malware. A computer compromised by malware could be used by cybercriminals for several purposes. These include stealing confidential data, using the computer to conduct other criminal acts, or causing damage to data.
A famous example of a malware attack is the WannaCry ransomware attack, a global cybercrime committed in May 2017 [23]. Ransomware is a type of malware used to extort money by holding the victim’s data or device to ransom. WannaCry is a type of ransomware that targets vulnerabilities in computers running Microsoft Windows. When the WannaCry ransomware attack hit, 230,000 computers were affected across 150 countries. Here, users were locked out of their files. Then they sent a message demanding that they pay a bitcoin ransom to regain access. Worldwide, the WannaCry cybercrime is estimated to have caused $4 billion in financial losses.
Phishing
A phishing campaign occurs when spam emails or other forms of communication are sent en masse with the intention of tricking recipients into doing something that undermines their security or the security of the organisation they work for. Phishing campaign messages may have infected attachments or links to malicious sites. Alternatively, they may ask the receiver to respond with confidential information.
A famous example of phishing fraud from 2018 was one that took place during the World Cup. According to reports by Inc., the World Cup phishing fraud involved emails that were sent to football fans. These emails tried to entice fans with fake free trips to Moscow, where the World Cup was being hosted. People who opened and clicked on the links contained in these emails had their personal data stolen.
Another type of phishing campaign is known as spear-phishing. It is targeted phishing, which tries to trick specific individuals into jeopardising the security of the organisation they work for. Unlike mass phishing campaigns, which are very general in style, spear-phishing messages are typically crafted to look like messages from a trusted source. For example, they are made to look like they have come from the CEO or the IT manager. They may not have any visual clues that they are fakes.
Distributed DoS attacks
Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a system or network. Sometimes connected Internet of things (IoT) devices are used to launch DDoS attacks. A DDoS attack overwhelms a system by using one of the standard communication protocols it uses to spam the system with connection requests.
Cybercriminals who are conducting cyber extortion may use the threat of a DDoS attack to demand money. Alternatively, a DDoS may be used as a distraction tactic while other types of cybercrime take place.
An example of this type of attack is the 2017 DDoS attack on the UK National Lottery website. It has brought the lottery’s website and mobile app offline, preventing UK citizens from playing.
Hidden Costs of Cybercrime
Besides intellectual property damage and monetary assets, the most overlooked costs of cybercrime come from damage to company performance. This cost can be in multi-faucets, particularly financial costs and work hours lost after a cyber-incident. The report explored the hidden costs, and the lasting impact and damage cybercrime can have on an organization including [24]. Figure 2 clearly shows that Australia faces multi-faucets hidden cost of cybercrime. They are mainly reputation cost, management time, customer behavior changes etc. Besides these, the following are major components of hidden cost of cybercrime in Australia.
Cost-incurred from anticipation – Organizations or firm even individuals very often buy or subscribe software such as antivirus software, insurance, and compliance with agreement.
System Downtime – Downtime is a common experience of organizations or firms. The assessed cost of downtime varies from organization to organization corresponding to incidents.
Reduced Efficiency – As a result of system downtime, organizations of firm lose time, which can reduce efficiency.
Incidence Response Costs – In reality, most organizations require adequate time to move from discovery of an incident to remediation. Security incidents can be managed in-house. But major incidents can often require outside consultation, which can be expensive.
Brand and Reputation Damage – It can damage the external image of the brand of a firm or organization. It can cause a reduction of public sector revenue.
Policy-options: Ensuring Awareness & Own-effort of Tech-user Besides Government Efforts as Nation’s Cybercrime-law
Theoretical Background: Consumer choice and utility maximization
The progression of digital technologies has been changing economic activities in today’s world, where cybercrime should not be ignored. The digital progression has also attracted more criminals for monetary benefits. By-and-large, in this process, a cybercriminal or attacker extracts an economic payoff by hacking a system of value to a victim and then asking for a ransom to not undermine that value. If these crimes are not properly addressed, they could significantly reduce overall social welfare received from technological advancements or increase the social cost of human society in the 21st century.
Thus, studying cybercrimes from an economic perspective is important for two reasons (Becker, 1968). First, understanding the benefits and costs to the person committing the crime can help with the decision to commit the crime, which leads to an analysis of the best approach to limiting this crime given a certain number of resources. Secondly, understanding the social costs of a crime can help decide the socially efficient level of resources that should be deployed against it.
Since the 21st century, humans prefer democratic environments over dictatorships country-wise [25], and since society is a formation of all characteristics of people and their behaviours, the goal of policy-design for a society is not always to cut crime. Rather, it is for determining how much and which criminal behaviour should be tolerated. This is because reducing the amount of crime to zero is not necessarily aligned with social interests. This is because a) the probable economic cost of cutting the crime could be higher than its harm to society, and b) a preference based on this cost-benefit assessment can ease sharpening and ensure the individual’s own responsibility. Thus, the tech-user has own responsibilities for awareness and accordingly invests efforts to protect the tech-user-self from bad activities out there, such as rape crime or cybercrime.
Since cybercrime is multi-faceted and a complicated issue, we take freedom as a simple example for better understanding why a society decides "how much and which behaviour" should be tolerated (Rahman and Islam, 2021). Suppose Lavina, a female, wants to see a rape-free human society. To fulfil Lavina’s demand, authority needs to assign law enforcement wherever male and female are together. Meeting Lavina’s demand can be very expansive, and it can undermine Lavina’s own efforts to protect her. However, it is an essential part of a human's growing up for survival, no matter what culture or society we live in. It is obvious Lavina’s social background, education level, age, etc. can be instrumental in her awareness and own efforts for her own safety, besides having the nation’s Rape Law in place.
This scenario in cybercrime cases raises the question: how should other offences be allowed and how should other offenders go unpunished?
The method is used to formulate a measure of the social loss from offences and find those expenditures of resources and punishments that minimise this loss. The best amount of enforcement is shown to depend on, among other things, the cost of catching and convicting offenders, the nature of punishments-for example, whether they are fines or prison terms-and the responses of offenders to changes in enforcement.
So, this study proposes a piecemeal approach, or separately considering each issue of cybercrime under the general provision of cybercrime, where a proposal of a newly established agency or commission can be instrumental for an effective outcome. Under this administration, responsibilities can be broken down piecemeal based on the type of cybercrime. The outcome under this setup can be effective, where attackers will be punished and tech-users will be eased with training and guidance on awareness and protecting themselves. Otherwise, the current system may often fail unless it is broken into pieces. In this setup, besides having cybercrime laws in place, the tech-user’s approach to a task or situation will be the way the tech-user deals with it or thinks about it, where the tech-user’s awareness and self-effort can play a significant role.
Assumptions
In our model, four parties namely network-service provider, tech-user, attacker, and policymaker are involved. Besides benefit-cost assessment, an attacker learns about service-provider & tech-user’s level of defense, which serves as a sample for the attackers to learn about that of the entire tech-user-population. Therefore, if a tech-user is being attacked with lacks defense from network-service provider, the attacker will be encouraged to continue. On the other hand, if the service-provider & tech-user is well-defended, the attacker will be discouraged from continuing.
The attacker in some cases receives ransom from the tech-user or defender. Despite the fact, this study ignores attacker’s welfare including such redistributed wealth as part of social welfare.
Thus, in this study, the following specific assumptions are made.
- It is assumed that no relevant other factors, except risk-factor of cybercrime consequences, are changing.
- Here a rational service provider and tech-user’s preferences of self-defense depend on service-supply & tech-user’s understanding of severity of the risk-factor.
- These preferences are stable, total effort and transitive for maximizing utility of risk-protective choices.
Awareness & Own-efforts of Tech-users under Theory of Consumer Choices & Behaviors
It is now well recognized that perceived-risk factor plays an influential role in tech-user’s decision [1]. It is no different when it comes to awareness and self-efforts for being on safe-side in case of risk-factor such as cybercrime [25]. It is palatable to assume that from a rational perspective, the tech-user is risk-averse, i.e., the tech-user prefers certainty over uncertainty when it comes to saving tech-user from the danger out there. Figure-6 illustrates the risk preferences of a risk-averse person for a rational and conscious tech-user who is concerned cybercrime.
Tech-user’s actual benefit or utility that the tech-user receives from awareness & self-efforts will never fall on the TU (X) but rather on the chord (the bold line) as shown in Figure - 6. The point Xg, in Figure - 6 stands for probable outcomes of services (X). Here outcome = ƒ (cybercrime laws in place and tech-user’s awareness & own-preventive-effort). That ensures a necessity of joint-efforts rather individual from tech-user or government-cybercrime-law on effectively preventing crime. So, tech-users may use a certain level of X.
Here tech-user’s awareness & self-effort (AE) = ƒ (age, education level and experience). Thus, outcome of cybercrime prevention depends on strength of cybercrime laws and tech-user’s awareness & own preventive-effort. It means the outcome of service-on-security depends on full use of cybercrime law, tech-user’s own awareness & self-effort, which can ensure the highest level of security. Thus, it may cost more to ensure the highest level of security. Any changes to these services-on-security may risk tech-users to be a victim. It may cost less, but it can put tech-users at risk.
In this setup, Xg stands for services derived from supportive factors such as cybercrime law, the tech user’s awareness, and their own effort, which produce the highest outcome of being "secured from cybercrime". Xf stands for service-on-security, derived from cybercrime law, where Xg > Xf. In the case of Xf (where Xf indicates a cybercrime law in place), the tech user enjoys lower costs, which may produce the outcome of "getting attacked". If there is a level of consequence, a tech-user may give it a try to use Xg units of service-on-security X; the utility that this tech-user receives will lie somewhere on the chord (the bold line). The chord stands for the expected utility (EU) of using service-on-security X, which lies in the concavity of the curve. This is because it is the average probability that the defender will use service-on-security X or not, where X stands for the combination of cybercrime law and the tech user’s awareness and own effort. As a result, the tech user will never receive TU (Xa) but rather EU (Xa).
Australian Government efforts in multi-faucets under the proposed cybercrime law
In addition to the cybercrime law in place, just recently the government took various steps to strengthen its cyber-security network, particularly within government entities. The country formed a new council last year to develop a comprehensive cyber-security strategy and help create a safe and strong cyber infrastructure in Australia. It is expected that the council will help develop a legal and regulatory framework. So that it can cover all types of cybercrimes and emerging technologies and set up a robust national cyber incident response plan to enable a swift and coordinated response to cyber incidents in the country.
However, no effort has yet been made that can contribute significantly to enhancing awareness and the tech-user’s own efforts to protect the device. Furthermore, no effort has yet been seen to adopt a piecemeal approach to addressing the problem, even though it can play a significant role in addressing cybercrime issues country-wise, such as in Australia. Also, no effort has yet been made by the government to have a self-driven insurance policy such as voluntary insurance based on the theme of Akim’s Model [1], which can be instrumental in addressing the problem sooner rather than later. That raises the question: what is Akim’s model, and how can it be instrumental in designing cybercrime policy?
Akim’s Model: What is it? How can it be instrumental in preventing cybercrime?
In bank-led digital banking services country-wise, bank customers and likely customers face perceived risk, which has been undermining the growth trends of e-banking use. Dealing with this specific challenge country-wise, Akim Rahman proposed the adoption of voluntary insurance as a new product, which is known as Akim’s model in literature [1&10]. Underpinning the theme, a comprehensive cyber-security strategy is needed country-wise, and Australia is no exception. Protecting from cybercrime is besides the government’s responsibility; the networks or network tech-users have their own responsibility to be on the safe side. That requires them to invest their own efforts and time in raising awareness of ways to be protected. Thus, effective cybercrime laws should be designed in such a way that they ensure the presence of dual efforts—the tech network’s efforts and the government’s efforts to protect against cybercrime. Under the network’s efforts, the tech-user’s awareness and own efforts can be promoted in multiple ways, such as by promoting the tech-user’s precautionary measures, including protecting the device, careful activities, or buying voluntary insurance (VI) to be on the safe side. VI will serve as a new product in the network-services sector or insurance sector.
Speaking about the proposed VI, the insurance sector or network-service sector can introduce it and collect premiums from the user where the service provider or insurance sector ensures secured services. The way it can work is that the customer's or tech user’s participation will be voluntary. And the service provider will attach insurance to the customer’s account if and only if the customer wants the services to protect them from cybercrime. Since the programme will be designed as a way of transferring the risk away from its premium-payers, it will provide them with a sense of certainty. Here, premium receivers will take extra measures to ensure risk-free tech users' activities. This comprehensive cyber-security strategy and policy choice can ensure a safe and strong cyber infrastructure in countries such as Australia.
Policy adoption under Welfare Analysis: A comprehensive cybercrime law ensuring Tech-user’s Awareness & own-effort country-wise
In order to examine the benefits of investing a tech user’s time in awareness and self-efforts besides having a cybercrime law in place to protect them, this section is designed as follows:
It is important for tech-users as well as the government to get full information about the economic benefits of adopting cybercrime laws and encourage tech-users' awareness and own efforts for ensuing secure technology usage globally and country-wise.
Approaches Other than Cybercrime Law: Policy Guidance
Since cybercrime is a global problem country-wise, tech users’ behaviours are the key to reducing the perceived risk of cybercrime, besides having a cybercrime law in place country-wise. So, this section advances analysing probable approaches besides the cybercrime law in place, which can be instrumental in addressing today’s cybercrime effectively country-wise.
Evidence suggests that most governments country-wise have acknowledged the problem of cybercrime by having preventive laws, mostly known as the Cybercrime Law. However, Australia, like many countries, has done little to engage tech users for awareness and to protect tech usage. So that people in Australia can be familiar with cybercrime and its consequences and can recognise the importance of preventive measures from the tech user’s side. It can also provide cyber-security awareness training for employees and develop prevention and response plans.
Guiding tech-users on required behaviours facing the perceived risk of cybercrime
In today’s world, people are mostly driven by their own benefits in multiple aspects, such as financial, feeling good, self-recognition, self-pride, etc. In this decision-making process, an individual can be a risk-averse or a risk-taker. Thus, using technology facilitations, the proposed guidance should be in such a way that both groups can receive help in facing the perceived risk of cybercrime.
Risk-benefit analyses can be useful in delivering messages to convince tech users to avoid risk. Most humans make decisions subconsciously. So, by thinking about the risks and benefits of the tech user’s actions, the tech user can make better choices. On the own-efforts aspect, there are few options the tech user can choose from. They are as follows:
- Backing up data periodically
- Getting protection against malware
- Being smart with passwords and making changes periodically
- Review your own data before going for an IT security solution.
- Being aware of phishers
- Buying voluntary insurance, particularly for digital banking services
Emphasising factors that increase tech users' fondness for being safe
In human society globally and country-wise, it would not be overstated that using coercive measures such as threats, force, shouting, etc. can have a backfire effect rather than enhancing effective public engagement on common issues such as the current crisis. However, when authorities manage the procedure and explain the importance of following lockdown laws and have-on-mask, and when authorities supply regular updates about their actions, it increases feelings of legitimacy of the procedure among casualties.
Welfare analysis of the proposal underpinning the nation’s cybercrime law
Based on the proposal underpinning the cybercrime law in place, the tech-user’s decision on securing the tech-usage environment by setting MPC = MPB in Figure 7 [29]. Because of tech-users’ inspiration, the market level of tech-users' awareness and own effort is Q1, and the best level is Q*, which are generated underpinning a nation’s cybercrime law and the government’s promotional efforts. Area K is the net social gain that is generated by the joint efforts of the government and tech users.
In Figure 8, the area (A+B+C+D+E) is the tech-user's or defender’s surplus. Government spending for cybercrime law implementation is an area (E+B+C+D+F) that is collected from taxpayers. The net loss to Australia is (E + F). Area E reflects a net loss of producer (technology producers) surplus, underutilised resources, better business, or more selling opportunities. Area F is deadweight loss that is just lost.
Future Study
Since cybercrime is a vast and complicated arena that may get worse parallel to the trends of the growing number of tech users, it is better to take effective and protective measures now than later. Since the current study is a theoretical one, after data collection from tech users in different fields, empirical studies can be conducted for welfare analysis. Further studies can be conducted on the application of voluntary insurance in securing digital banking underpinning Akim’s model [1]. It can further contribute to the understanding, prevention, or correction of criminal behaviour in digital banking services. Lastly, an opinion survey study can be conducted on how the tech users feel about the proposal of "awareness and own efforts" besides having cybercrime laws in place country-wise, such as in Australia.
Conclusion
Today’s technology-driven world is more important than ever before, and Australian society is no different around the globe. Thus, here, decision-factors mainly convenience and cost-effectiveness have led individuals, organisations, agencies, or businesses to welcome ICT facilities for usage in many ways. As a result of meeting society’s needs, other sectors, including the service sector like the banking system, are modernised. Here, customers compete for comparative time-saving options, marginalising its operating costs. With the increase in data usage, the number of tech users, and devices, cybercrime has been on the rise and has been at an all-time high ever since. Only in recent times have we come across increased stories about data breaches and cybercriminal activities. Addressing the issue, like in many other countries, the Australian is not out of control by laws. Since human society is a formation of all characteristics of people and their behaviours, the law for its society is not always to punish a crime. This is because reducing the amount of crime to zero is not necessarily aligned with social interests. It can increase the probable economic cost of cutting crime, which could be higher than its harm to society.
But it needs a framework that can ensure effective communications on cyber-security defence within and outside its agencies. Particularly, it needs a piece-meal approach in practise, where the approach for one department may vary from the approach for another department. Raising tech-users' awareness about risky online behaviours is necessary, and so tech-users are needed to put their own efforts underpinning the awareness about the crime and probable options available to them. Thus, besides having a cybercrime law in place, this study takes on the challenges of laying the foundations, which can be called Akim’s Mode-2021, of a piecemeal approach along with tech users' awareness and own efforts for protection using the Behaviour Theory of Consumer Choices. It further carries out a welfare analysis of the costs country-wise, such as in Australia, with the aim of attracting leadership's attention for addressing cybercrime in a piecemeal approach.
Findings show that a tech user’s actual benefit or utility that a tech user receives from awareness and self-efforts, along with the cybercrime law in place, is not exactly equal to its total utility. Here, a certain part of the utility comes from service-on-security derived from cybercrime law, where the total utility is greater than the utility received from cybercrime law. Thus, the outcome of cybercrime prevention depends on the strength of cybercrime laws and the tech user’s awareness and own preventive efforts. It means the outcome of service-on-security depends on the full use of cybercrime law and the tech user’s own awareness and self-effort, which can ensure the highest level of security. Thus, it costs more to ensure the highest level of security. Any changes to these services on security may make you a victim. It may cost less, but it can put the tech user at risk.
From the welfare analysis perspective, the findings show that tech-users' actions, including awareness and own effort, besides government law, can create a net social gain, which significantly depends on tech-users' actions. In this case, the tech user’s calculated economic surplus is greater than the government’s expenses for implementation of the cybercrime law, which are collected from Australian taxpayers. The net loss to the government of Australia is the sum of deadweight loss plus the net loss to tech producers because of underutilised resources, better business, or more selling opportunities.
Since today people are mostly driven by their own benefits in multi-faucets such as financial, feeling good, self-recognition, self-pride, etc., the guidance of tech-users on required behaviours should be done in such a way that both the government and the tech-user can be helped in facing the perceived risk of cybercrime. Risk-benefit analyses can be useful in delivering messages through multiple faucets to convince tech-users to avoid risk through their own actions. Furthermore, it can ease sharpening and ensure individual responsibility, which can be the by-product of Akim’s Model-2021, no matter where tech-users live in the globe country-wise.
References
- Rahman AM. Voluntary insurance for ensuring risk-free on-the-go banking services in market competition: A proposal for Bangladesh. The Journal of Asian Finance, Economics and Business. 2018; 5: 17-27.
- Roberts LD. Cyber-victimization in Australia: Extent, Impact on Individuals and Responses. Tasmanian Institute of Law Enforcement Studies. TILES Briefing Paper. 2008.
- Rahman AM, Islam S. COVID-19 Brings Blessing for Digital-Banking in World-Economy Country-Wise: An Analysis Under Demand-Supply Model of Market Economics. Journal of Business and Economic Development. 2021; 6: 65-72.
- Holt TJ, Fitzgerald S, Bossler AM, Chee G, Ng E. Assessing the Risk Factors of Cyber and Mobile Phone Bullying Victimization in a Nationally Representative Sample of Singapore Youth. International Journal of Offender the Comp Criminology. 2014; 60: 598-615.
- Furnell S. Cybercrime: Vandalizing the information society. London. International conference on Web Engineering. 2003.
- Zaharia A. Looking for recent cybercrime statistics? 300+Terrifying Cybercrime and Cyber-security Statistics. 2021.
- 50 countries by vulnerability to cybercrime. Cyber Risk Index. Nord VPN. 2020.
- Teunissen C, Voce I, Smith R. Estimating the Costs of Pure Cybercrime to Australian Individuals. Statistical Bulletin 34. Australian Institute of Criminology. Australian Government. 2021.
- Australian Cyber Security Center. Cyber Security and Australian Small Businesses, Results from the Australian Cyber Security Center Small Business Survey, Canberra. 2020.
- Rahman AM, Islam S. Ensuring Risk-free Digital-banking in US-Economy: Application of Akim’s Model. International Business and Economics Studies. 2022; 4.
- Neaimi A. Tago Ranginya and Phillip Lutaaya. A framework for effectiveness of cyber security defense: A case of the United Arab Emirates (UAE). International journal of cyber security and digital forensics (IJCSDF). 2015; 4: 290-301.
- Hasbini MA, Eldabi T, Aldallal A. Investigating the information security management role in smart city organizations. World Journal of Entrepreneurship, Management and Sustainable Development. 2018; 14: 86-98.
- Framework for improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology (NIST). 2014.
- Alderwood H, Skinner G. Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal. International Journal of Security (IJS). 2019; 10: 1-15.
- World Bank. GDP ranking, PPP based. World Bank Open Data. World Bank. 25 April 2019. Retrieved 13 May 2019.
- Australia and Oceania: Australia. The World Factbook. CIA. 2023.
- Kshetri N. Cybercrime and Cyber-security in the Middle East and North African Economies. In: Cybercrime and Cyber-security in the Global South. International Political Economy. Palgrave Macmillan. London. 2013.
- Geetanjali RC, Bhupesh KS, and Iman AL. UAE’s Strategy towards Most Cyber Resilient Nation. International Journal of Innovative Technology and Exploring Engineering. 2019; 8.
- Hasbini MA, Eldabi T, Aldallal A. Investigating the information security management role in smart city organizations. World Journal of Entrepreneurship, Management and Sustainable Development. 2018; 14: 86-98.
- Creesey R, Hyfer M. Cyber Capability in the Middle East, Seizing Opportunity While Managing Risk in Digital Age. Booz Allen Hamilton. 2012.
- University of Birmingham Dubai. 2021.
- Understanding Denial-of-Service Attacks. Cyber-security & Infrastructure Security Agency. 2021.
- What was the WannaCry ransom-ware attack? Kaspersky. 2017.
- Lewis JA, Smith ZLM, Lostri E. The Hidden Costs of Cybercrime. Center for Strategic and International Studies (CSIS). 2020.
- Rahman AM, Islam S. COVID-19 Brings Blessing for Digital-Banking in World-Economy Country-Wise: An Analysis Under Demand-Supply Model of Market Economics. Journal of Business and Economic Development. 2021; 6: 65-72.
- http://itwire.com
- https://www.statibsta.com
- Gross Domestic Product. Wikipedia. 2023.
- Rahman AM. Microeconomics - Basics: New Way Learning Microeconomics in the 21st Century Era. 2019.