Show Summary Details

Page of

Printed from Oxford Research Encyclopedias, Criminology and Criminal Justice. Under the terms of the licence agreement, an individual user may print out a single article for personal use (for details see Privacy Policy and Legal Notice).

date: 03 December 2022

# Cyberpolicing

• Jin R. LeeJin R. LeeDepartment of Criminology, Law and Society, George Mason University

### Summary

Cybercrime is generally understood as behaviors that involve the use of virtual environments and/or networked computer systems to generate harm. This broad definition of cybercrime captures a variety of different online behaviors, including interpersonal violence offenses such as cyberbullying and online harassment, as well as those involving the unauthorized use and access of computer systems such as malware dissemination, ransomware, and distributed denial of service attacks.

Cybercrimes are policed by both law enforcement (e.g., local, state or provincial, federal) and extralegal agencies. Local law enforcement agencies are composed of police officers, who are generally tasked with maintaining public order within a specific municipality or county, including investigating crimes, apprehending offenders, and implementing crime prevention mechanisms (e.g., educating the public on available resources; proactive neighborhood patrol) within their local jurisdiction. State and provincial law enforcement agencies are larger police forces that are generally responsible for conduct that occurs within their wider state and provincial borders, including conducting highway traffic control and providing forensic services to smaller local agencies residing within their state or province. State and provincial agencies often become involved only when local forces are limited in their resources to adequately respond to an incident or when local jurisdictional conflicts exist. Federal agencies operate at the highest level of law enforcement, because they deal with crimes that involve homeland security. In fact, federal agencies can obtain cooperation among several national jurisdictions depending on existing political ties and extradition agreements. Several extralegal agencies (e.g., Internet Crime Complaint Center; Computer Emergency Response Teams) are also active in responding to cybercrime incidents. These agencies, which may develop from either public or private sectors, generally perform acts that support law enforcement, including facilitating communication and information sharing between victims and law enforcement agencies.

Despite efforts to sanction online offenses, research suggests that cybercrimes present several challenges for law enforcement agencies across all levels of government. First, cybercrime offenders often anonymize their attacks and offline identities, making arrests and criminal prosecutions extremely challenging. Second, even if offenders and their actions are identified, agencies are limited by their geographic location and jurisdiction. Third, the technical nature of cybercrime means that victims may not be aware of their victimization until months after the attack, which may affect the identification of digital evidence necessary to prosecute an offender. Fourth, law enforcement officers may not possess the knowledge and expertise needed to secure and investigate a digital crime scene adequately.

One approach that could improve how cybercrimes are enforced and regulated is the paradigm of evidence-based policing (EBP). EBP is a collective effort involving law enforcement agencies, academic researchers, and industry personnel/practitioners, whose central focus is to develop a robust evidence base that can identify current and emerging problems in policing, examine possible solutions to these problems using rigorous scientific methods, and monitor these solutions over extended periods of time to ensure successful outcomes are maintained. Knowing which operational practices work best in different situations will not only lead to a more intentional use of officers’ time and agency resources but also strengthen public perceptions of law enforcement in responding to cybercrime calls for service.

### Subjects

• Criminal Behavior
• International Crime
• Policing

### Introduction

The growth and advancement of the Internet has introduced numerous improvements to society, including better information sharing and knowledge dissemination, greater overall convenience and accessibility (e.g., instant communications and financial transactions), and enhanced connectivity through a more globalized network community (Holt & Bossler, 2016; Newman & Clarke, 2003; Wall, 2001). The ubiquity of the Internet and the lower costs of operating an Internet-enabled device has made individuals more reliant on technology to accomplish both complicated and mundane tasks (Andress & Winterfeld, 2013; Holt & Bossler, 2016; Newman & Clarke, 2003). In fact, estimates suggest that more than half of the global population (59.5%) use the Internet (see Statista, 2021), with approximately 85% of American adults owning a smartphone, 77% owning a personal computer (e.g., desktop, laptop), and 53% owning a tablet computer (see Pew Research Center, 2021).

Although the benefits of technology are extensive, its developments have concurrently given rise to various forms of online crime and deviance (Holt & Bossler, 2016). In fact, digital technology has enhanced traditional offline crimes such as fraud (Cross, 2015; Holt & Lee, 2020; Wall, 2004), harassment (Bocij, 2004; Choi & Lee, 2017; Choi et al., 2017; Fissel et al., 2021), terrorism (Britz, 2010; Holt, Lee, et al., 2020; Shandler et al., 2021), and child sexual abuse offenses (Cale et al., 2021; Demetis & Kietzmann, 2021; Holt, Liggett, et al., 2020; Jenkins, 2001). Digital technology has also created unique forms of crimes such as computer hacking (Fox & Holt, 2021; Holt & Steinmetz, 2021; Lee & Holt, 2020; Maimon et al., 2021) and virus dissemination (Bossler & Holt, 2009; Gero et al., 2021).

Before personal computers were widely accessible, modern computers were mostly owned and operated by large universities and government agencies (Holt et al., 2017). Given the infancy of computer technology in the mid-20th century, computer crime investigations mostly comprised of computer theft or the stealing of computer parts (Holt et al., 2017). The definition of cybercrime and cybercrime policing began to shift as personal computers started to surface in the mid-1970s (Holt et al., 2017). Computers were being used to commit various forms of traditional crimes, such as fraud and embezzlement, which brought widespread attention to the serious consequences of computer crime (Clifford, 2006).

By the late 1970s, there was international recognition that computer crime was a growing concern (Holt et al., 2017). In fact, the Council of Europe Conference on Criminological Aspects of Economic Crime identified several categories of computer crime in 1976, including fraud (Schjolberg, 2004). Similarly, Interpol was the first international organization to address the growing concern of computer fraud in 1979 (Holt et al., 2017). Although federal cybercrime legislation was first introduced to U.S. lawmakers in 1977 (e.g., Federal Computer Systems Protection Act), it was not until 1986 that the United States passed its first federal law criminalizing the unauthorized access of a computer (i.e., Computer Fraud and Abuse Act; see Holt et al., 2017). By the late 1980s, various law enforcement agencies found themselves collecting digital evidence to prosecute cybercrime offenders.1

According to the Office for National Statistics (ONS), cybercrimes, which are generally defined as behaviors that use the Internet or Internet-enabled devices to inflict harm, occur more frequently than domestic burglary, car theft, vandalism, robbery, and violent crime combined (see McMurdie, 2016). The COVID-19 pandemic has further exacerbated the cybercrime problem; numerous online crimes have increased as a result of the global pandemic.2 Specifically, the ONS found that social media and email hacking behaviors increased by 23% in England and Wales and that computer virus offenses increased by 61% since the COVID-19 pandemic (Muncaster, 2020). Participation in online illicit markets (Vu, 2020) and denial of service attacks (Clayton, 2020) were also behaviors that increased since the beginning of the pandemic (Horgan et al., 2021). Although many factors may explain the rise of these cybercrimes, research suggests this increase may partially be a result of individuals being confined to stay-at-home orders and government lockdowns, as well as increased boredom and anxiety over loss of employment during the pandemic (Collier, 2020; Horgan et al., 2021; Maimon & Howell, 2020).

The overall growth of cybercrime behaviors has led various stakeholders to question which group of individuals or service providers is best equipped to apprehend online offenders, support cybercrime victims, and respond to cybercrime calls for service (Dodge & Burruss, 2019; Holt & Lee, 2019; Koziarski & Lee, 2020). To that end, some believe that contacting their ISP for assistance is their best option because that is where they get their Internet connection from, while others believe that reaching out to online platforms (e.g., social media platforms, online banking sites) is most effective (see Holt et al., 2017). Alternatively, other individuals may contact their local law enforcement agencies to report their cybercrime experiences because law enforcement is traditionally recognized as an all-purpose emergency service whose goal is to protect victims and hold offenders accountable for their actions (Holt et al., 2017; Wall, 2007b). Given that law enforcement is widely regarded as first responders to offline crime and civil unrest, it may seem reasonable for individuals to seek law enforcement assistance when they experience cybercrime victimization (Dodge & Burruss, 2019).

However, cybercrimes present several significant challenges for law enforcement agencies across all levels of government (e.g., local, state or provincial, and federal). First, cybercrime offenders often conceal their actions and offline identity through anonymous interactions with victims’ devices and accounts, making arrest and criminal prosecution extremely challenging (Dodge & Burruss, 2019; Hinduja, 2007; Wall, 2001). Second, even if offenders and their actions are identified by law enforcement, agencies are limited by their geographic location and jurisdiction. Whereas traditional offline crimes tend to be regional, cybercrimes often involve a complex transnational component, making it harder for law enforcement to both investigate and apprehend offenders who reside outside their jurisdictional boundaries (Brenner, 2008; Cross, 2015; Shearing & Johnston, 2013; Wall, 2007b). Third, the often complicated and technical nature of cybercrime means that victims may not be aware of their victimization until months after the attack, which may affect the identification of digital evidence necessary to prosecute an offender (Dodge & Burruss, 2019). Fourth, law enforcement officers may not possess the knowledge and expertise needed to adequately secure and investigate a digital crime scene, which may be attributed to a lack of resources and/or insufficient cybercrime training (Dodge & Burruss, 2019; Hinduja, 2004; Holt et al., 2015; Senjo, 2004; Stambaugh et al., 2001).

Despite the growth and prevalence of cybercrime behaviors, approximately 20% of countries do not have cybercrime legislation to regulate online crimes (United Nations Conference on Trade and Development [UNCTAD], 2020; Van Nguyen et al., 2021). The absence of a cybercrime legislation makes participating in international investigations difficult, especially if the victim and offender reside in countries that do not have cybercrime laws (Clough, 2014; Maillart, 2019; Singh & Singh, 2007; United Nations Office on Drugs and Crime [UNODC], 2013; Van Nguyen et al., 2021). Furthermore, countries without any sort of comprehensive cybercrime legislation risk becoming a harbor for motivated offenders who know they cannot be extradited or apprehended for their online conduct (Van Nguyenet al., 2021).

The complications involved in enforcing and responding to cybercrime behaviors have encouraged various stakeholders (e.g., scholars, police administrators, policymakers) to both obtain a more comprehensive understanding of the cybercrime problem and develop effective solutions to resolve the issue, including implementing changes to the ways these offenses are investigated and criminally processed by the justice system (Goodman, 1997; Holt & Lee, 2019; Holt et al., 2010; Koziarski & Lee, 2020; National Institute of Justice, 2008; Stambaugh et al., 2001). To that end, more tailored and intentional cybercrime training, as well as better resources for frontline officers who often operate as first responders to cybercrime calls for service, have been identified as two of the most important areas in need of attention and reform (Goodman, 1997; Holt & Bossler, 2012b; Holt & Lee, 2019; Stambaugh et al., 2001). Additionally, research has underscored the need for greater collaboration and relational ties between the public and private sector in investigating cybercrime behaviors writ large (Brenner, 2008; Holt & Bossler, 2016; Police Executive Research Forum [PERF], 2014; Stambaugh et al., 2001; Wall & Williams, 2013).

As cybercrimes become more prevalent in society, law enforcement will be increasingly tasked with developing effective solutions to remedy the cybercrime problem (Dodge & Burruss, 2019). Understanding the capabilities and limitations of policing cybercrime is essential for the development of best practices to improve law enforcement responses to online crime and deviance (Dodge & Burruss, 2019). A more effective solution to cybercrime policing may not only serve as a deterrent for future offenders but also improve how cybercrime victims are treated and supported, subsequently affecting perceptions of both law enforcement legitimacy and competency (Koziarski & Lee, 2020).

Given the dynamic landscape of cybercrime and law enforcement efforts to regulate online behavior, a comprehensive overview of law enforcement’s interaction with cybercrime is needed, including how different levels of government respond to cybercrime behaviors. To that end, a discussion on the definition and classification of cybercrime behaviors will be provided in the section on “Cybercrime Definition”, followed by an overview of the different types of law enforcement agencies (i.e., local, state or provincial, federal) and their varying capacities in combating cybercrime, including the role of extralegal agencies and NGOs. Next, the various challenges law enforcement encounter in investigating cybercrime behaviors, including why police agencies have issues responding to cybercrime across all levels of government, will be provided in the section on “Law Enforcement Challenges”. Finally, a discussion on best practices and policy implications for improving law enforcement responses to cybercrime will be provided in the section on “Evidence-Based Policing and Cybercrime”.

### Cybercrime Definition

Cybercrime is generally understood as behaviors that involve the use of virtual environments and/or networked computer systems to generate harm (Holt, 2012; Koziarski & Lee, 2020; Wall, 2007a). This broad definition of cybercrime involves a variety of different online behaviors, including interpersonal offenses such as cyberbullying, cyberstalking, and online harassment, as well as those involving the unauthorized use and access of computer systems such as malware dissemination, ransomware, and distributed denial of service (DDoS) attacks (Grabosky, 2001; Holt & Bossler, 2016; Holt, Brewer et al., 2019; Wall, 2001). Although most policymakers and law enforcement personnel acknowledge that cybercrimes exist, there is confusion and uncertainty as to the precise categories of cybercrime and the differential risks and consequences they pose to society (Brenner, 2001; Walden, 2003; Wall, 2005, 2007a.

Cybercrime can be divided into two general categories: computer-assisted crimes and computer-dependent crimes. Computer-assisted crimes are those that existed before the advancement of the Internet but have become more intricate and multi-faceted as a result of technological innovations. In essence, computer-assisted crimes constitute behaviors that have roots and origins in terrestrial spaces but have since expanded to the online realm given developments in technology. Examples of computer-assisted crimes include cyberbullying, cyberstalking, and online fraud. Given that offline versions of these behaviors predated the Internet, computer-assisted crimes are often regulated under their existing offline laws and legislation (Wall, 2007a).

Computer-dependent crimes, on the other hand, are behaviors that did not exist before the proliferation of the Internet. These behaviors are wholly dependent on the Internet and computer systems and cannot exist without them (Wall, 2007a). Examples of computer-dependent crimes include computer hacking, DDoS attacks, malware dissemination, and ransomware. These behaviors often pose the greatest threats and challenges to law enforcement, because they are more difficult to detect and regulate given their novelty, technological complexity, and constantly evolving dynamic (Wall, 2007b).

A distinct feature of cybercrime, regardless whether computer-assisted or computer-dependent, is that it does not require physical proximity between the victim and offender (Jones, 2006). In fact, offenders only need access to an Internet-enabled device (e.g., smartphone, computer, tablet) and know on how to use the Internet to orchestrate their attack (Jones, 2006). This means that victims never have to be in the same physical space or location from their offenders to be a target of cybercrime. This behavioral trait is in direct contrast to traditional offline crime, which require a physical convergence between the involved participants for victimization to occur. The ability to conduct an online attack without the spatiotemporal conditions commonly associated with traditional crime increases the pool of potential offenders and victims because the online crime scene is a globalized space open to the entire Internet-user population (Choi & Lee, 2017).

Another unique feature of cybercrime is that offenders are able to attack multiple targets at once and can do so without expending significant amounts of time and resources (Jones, 2006). Unlike traditional offline crime, cybercrime can be automated to repeat a series of critical attacks against individuals and their computer systems by using malware (i.e., malicious software) and botnets (i.e., network of computers controlled by the offender without the owner’s knowledge) to orchestrate the attack (Jones, 2006). The ability to automate an offense not only saves offenders’ time and energy but can also result in more consequential damage within a shorter time frame (Jones, 2006). These attacks have the ability to render entire servers and computer networks inoperable, leading to massive service disruptions and significant economic loss (Holt et al., 2017).

The economic costs of cybercrime vary depending on the attack, target, and reporting agency. However, the Internet Crime Complaint Center (IC3) of the FBI found that the United States incurred a loss of approximately $1.4 billion due to cybercrime victimization (Federal Bureau of Investigation [FBI], 2017), and the Symantec Corporation reported an international loss of$110 billion (Dodge & Burruss, 2019; Hyman, 2013).3 The discrepancy in figures is a result of multiple factors, including a collective failure to report victimization incidents (e.g., both individual and corporate victims), undetected losses, and self-selection bias (Dodge & Burruss, 2019; Florencio & Herley, 2013). In fact, research has found that organizations experiencing more economic loss are less likely to report their victimization to both law enforcement and private reporting agencies, whereas companies experiencing little loss are more likely to respond to surveys asking about cybercrime victimization levels (Florencio & Herley, 2013).

From a corporate standpoint, businesses may be hesitant to report their victimization because of financial concerns over their diminished reputation and trust as a reliable company. In particular, a negative public image may subsequently damage their corporate stock value and reputation (Dodge & Burruss, 2019). As a result, many companies may choose to conduct internal, private cybercrime investigations instead of informing law enforcement of their victimization (Dodge & Burruss, 2019). Although cases involving catastrophic monetary loss may invoke a law enforcement response, companies may elect to resolve smaller incidents on their own for any one of these reasons (Dodge & Burruss, 2019).

Low cybercrime reporting is also observed among computer-assisted behaviors that have no explicit ties to monetary loss or corporate value. In fact, the U.S. Attorney’s Office (2015) found that only 15% of fraud victims reported their victimization to law enforcement. Studies found that reporting cybercrime victimization to law enforcement may be difficult due to feelings of embarrassment, shame, betrayal, isolation, and loss of both privacy and security (Cross et al., 2016; Dodge & Burruss, 2019). This percentage is significantly lower for individuals who had experienced multiple victimizations, although reports suggest that they report their victimization experiences to other non–law enforcement organizations instead (Dodge & Burruss, 2019; van de Weijer et al., 2019).

It is important to note that cybercrimes can be committed by a variety of different offenders, including individual actors (e.g., lone wolf), a collection of individuals motivated by a mutually shared cause and objective (e.g., Anonymous, Lazarus Gang), or a government or nation-state actor (Chang, 2013). In fact, media reports suggest that several countries actively sponsor cybercrime networks; these countries hack other government systems to steal sensitive information as part of their cyberespionage campaign, including Taiwan, China, Russia, Iran, and the United States (Chang, 2013; Chao, 2010; Information Warfare Monitor, 2009; Mazanec, 2009; Schneier, 2008). The presence of different offender types suggests that cybercrime actors may be motivated by multiple factors, consequently shaping how deterrence tactics and investigation strategies are formulated and enacted in practice.

### Local Law Enforcement

Local law enforcement agencies are composed of police officers, who are generally tasked with maintaining public order within a specific municipality or county. Local law enforcement agencies tend to vary in size and capability depending on the size of the community they serve, with larger geographic and more heavily populated localities often having bigger local law enforcement agencies servicing the community (Holt et al., 2017). Regardless of their size, local law enforcement agencies are responsible for a variety of different policing tasks, including investigating crimes, apprehending offenders, and implementing crime prevention mechanisms within their local jurisdiction (Holt et al., 2017).

Individuals may consider local law enforcement officers as first responders to cybercrime incidents, especially given their visibility and responsibility within the local community, but many local law enforcement agencies play minimal roles in the fight against cybercrime and online victimization due to their jurisdictional limitations (Holt et al., 2017). In fact, because local law enforcement agencies are responsible for crimes that occur within their territorial boundaries, they are able to provide adequate assistance and support only if both the victim and offender reside within the same jurisdiction (Holt et al., 2017). To that end, the type of cybercrime most commonly addressed by local forces includes ones that are interpersonal (e.g., person-based) in nature such as online harassment and cyberstalking, as well as those involving the creation and consumption of online child sexual abuse material and online sexual solicitation or prostitution (Cunningham & Kendall, 2010; Holt et al., 2017; Jenkins, 2001).

In addition to jurisdictional limitations, researchers have noted several other challenges to the capability of local law enforcement agencies to regulate cybercrime behaviors, including low levels of community interest and concern for cybercrime behaviors, challenges in investigating various types of online crime, lack of necessary digital forensic tools and investigative technologies, low levels of managerial support for investigating cybercrime behaviors, and difficulties in adequately training and retaining officers qualified to investigate cybercrime inquiries (see Burns et al., 2004; Goodman, 1997; Holt & Lee, 2019; Holt et al., 2010, 2017; Koziarski & Lee, 2020; Senjo, 2004; Stambaugh et al., 2001). Despite these compounding limitations, various stakeholders argue that local law enforcement should play a larger role in combating cybercrime behaviors (Bossler & Holt, 2012; Goodman, 1997; Holt & Lee, 2019; Koziarski & Lee, 2020; Stambaugh et al., 2001).

In fact, supporters advocate for the creation of specialized cybercrime investigation units at the local level that can respond directly to cybercrime calls for service (Hinduja, 2007; Holt et al., 2017; Marcum et al., 2010). To that end, several studies have noted an increase in specialized cybercrime units at the local law enforcement level (Willits & Nowacki, 2016). Even if these units are unable to comprehensively investigate each cybercrime incident, they can initiate the process of collecting digital evidence that may be transferred to state (or provincial) or federal agencies should the case escalate to that level (Hinduja, 2007; Holt et al., 2017; Marcum et al., 2010). It is important to note that local agencies with specialized cybercrime units tend to be those that service a larger community (e.g., major cities and urban areas) and have access to greater technologies and more frontline officers (Holt et al., 2017; Willits & Nowacki, 2016).

Some scholars have also suggested the need to improve the response of local law enforcement to cybercrime, regardless of whether a cybercrime investigation unit is formed and deployed at the local level (see Holt & Lee, 2019; Holt et al., 2010, 2017; Koziarski & Lee, 2020; Stambaugh et al., 2001). These perspectives focus on officers becoming better responders to digital cybercrime scenes and improving their support mechanisms when victims ask for assistance (Holt & Lee, 2019; Holt et al., 2010, 2017; Koziarski & Lee, 2020; Stambaugh et al., 2001). However, it is challenging for local law enforcement to take on this added responsibility when its agency places a lower priority on online behaviors unless a child victim is involved (e.g., online child sexual abuse materials; see Hinduja, 2004; Holt & Bossler, 2012a; Holt et al., 2017; Senjo, 2004; Stambaugh et al., 2001). The incentive to be better responders to cybercrime is unmatched by both the agency and the community they serve, thereby limiting officers’ motivation and willingness to improve their response mechanisms toward cybercrime inquiries. As a result, local law enforcement agencies generally believe that they should not be designated as the primary enforcers of cybercrime behaviors (Bossler & Holt, 2012; Burns et al., 2004; Holt & Lee, 2019; Holt et al., 2017). Rather, they suggest that individual actors be more cautious online and advocate for legal reform including cybercrime-specific legislation (Holt et al., 2017).

### State and Provincial Agencies

State and provincial law enforcement agencies are larger police forces that are generally responsible for conduct that occur within their wider state and provincial borders, including conducting highway traffic control and providing forensic services to smaller local agencies residing within their state or province (Holt et al., 2017). With regard to cybercrime enforcement more specifically, state and provincial agencies often become involved only when (a) local forces are limited in their resources to respond adequately to an incident or (b) local jurisdictional conflicts exist (i.e., the victim and offender reside in different counties or municipalities within the same state or province) (Holt et al., 2017; Walker & Katz, 2012). In fact, state and provincial agencies may supply local law enforcement agencies with forensic tools and technologies without actively participating in the local investigation themselves (Holt et al., 2017). One of their primary objectives is to provide local law enforcement agencies with the resources and tools they need to successfully respond to an incident, including digital forensics.

Digital forensics is generally understood as the process of collecting and analyzing digital information to be used by the criminal justice system, including network forensics (e.g., Internet traffic), mobile device forensics (e.g., cell phones), and malware forensics (e.g., malicious software) (Holt et al., 2017). There are four stages to a digital forensic investigation: (a) survey/identification, (b) collection/acquisition, (c) examination/analysis, and (d) report/presentation. Survey/identification is the first step of the investigation process where a team of law enforcement officers and digital forensic technicians search the physical and digital crime scene(s) to identify potential sources of digital evidence (e.g., computers, tablets, phones, USB; see Holt et al., 2017). The second step involves the collection/acquisition of digital evidence, which is concerned with retrieving and preserving the digital evidence. Digital forensic technicians must document how the digital evidence was searched and seized from the original source (Holt et al., 2017). Once digital evidence is collected, the examination/analysis stage begins. This refers to analyzing data (e.g., recovery/extraction) to determine if digital evidence was hidden, manipulated, or deleted during the commission of the crime (Holt et al., 2017). The last stage involves drafting a written report/presentation of digital evidence relevant to the investigation. This report describes each step of the investigation process in detail to ensure everything about the digital forensics process is clear (Holt et al., 2017). Various public and private organizations offer professional training and certifications on digital forensics, including the National Initiative for Cybersecurity Careers and Studies, or NICCS, which is managed by the Office of the Chief Learning Officer within the Cybersecurity and Infrastructure Security Agency.4

Many state and provincial law enforcement agencies have specialized cybercrime units to address more technical and resource-intensive online crimes (Willits & Nowacki, 2016). The development of these units may be attributed to larger state and provincial budgets, as well as the fact that they play a role in directly assisting local forces with both cybercrime prevention and investigation (Holt et al., 2015; Willits & Nowacki, 2016). Even if state and provincial agencies are not always the principal actors investigating a cybercrime incident, their enhanced budgets and resources are quintessential in assisting local agencies respond to cybercrime incidents that occur within state and provincial borders (Holt et al., 2017). This is particularly salient for smaller local agencies that do not have enough law enforcement personnel and resources to manage and respond to cybercrime calls for service adequately.

In addition to the specialized cybercrime units, many state and provincial law enforcement agencies have also formed fusion centers that provide intelligence to the appropriate local and federal agencies to assist in crime prevention and investigation (Chermak et al., 2013; Coburn, 2015; Holt et al., 2017). Although these centers were initially conceived to collect and communicate intelligence on emerging terrorist threats, they have since developed into larger information hubs that both process and aid in various investigation efforts at the local, state or provincial, and federal level (Coburn, 2015; Holt et al., 2017; Zetter, 2012).

### Federal Law Enforcement

Federal agencies, also commonly referred to as national police in countries such as Canada, South Korea, and the United Kingdom, are those that operate at the highest level of law enforcement; they deal with crimes that involve homeland security (Holt et al., 2017). Because many cybercrimes contain a transnational element, federal law enforcement agencies are often called upon to be the main responders engaging in cybercrime investigations (Holt et al., 2017). Given their broader responsibility in protecting national interests and homeland security, federal law enforcement agencies are given more powers and resources to both investigate and apprehend cybercrime offenders (Walker & Katz, 2012). In fact, federal agencies are able to gain cooperation across several national jurisdictions, as well as across different countries depending on existing political ties and extradition agreements (Holt et al., 2017).

It is important to note that although federal agencies have more power and control than both local and state or provincial law enforcement agencies, different federal actors are responsible for different categories of cybercrime (Holt et al., 2017). For instance, most computer intrusion incidents that affect financial and economic institutions in the United States are handled by the U.S. Secret Service, whereas piracy and intellectual property theft are typically addressed by U.S. Customs and Border Protection. In addition, cases involving online child sexual abuse materials are often the responsibility of Immigration and Customs Enforcement (see Holt et al., 2017).

Federal law enforcement agencies also work alongside non–law enforcement agencies when incidents rise to national security levels (Andress & Winterfeld, 2013). For instance, conduct involving computer and network intrusions of military systems, as well as those involving cyberterrorism and warfare, may invoke participation from both the Department of Defense and the National Security Agency (Holt et al., 2017). Similar agencies in the United Kingdom (e.g., The Ministry of Defense and Government Communications Headquarters), Singapore (e.g., Cyber Security Agency), and Canada (e.g., Communications Security Establishment) also function to support federal law enforcement efforts when problems pose heightened risk to national security (Holt et al., 2017).

### Extralegal Agencies and Nongovernmental Organizations

Several non–law enforcement agencies are also active in responding to cybercrime incidents. These agencies, commonly referred to as NGOs given their lack of legal authority in regulating criminal behavior, emerge from both the public and private sector and generally perform acts that support law enforcement investigate cybercrime offenses and prevent online victimization (Holt et al., 2017; Wall, 2007b). These NGOs largely facilitate communication channels and information sharing between victims and law enforcement agencies (Holt et al., 2017). Numerous NGOs and private corporations have also provided important resources to support law enforcement efforts with the investigation of cybercrime (Holt et al., 2017).

The Internet Crime Complaint Center (IC3), formerly known as the Internet Fraud Complaint Center, is a prominent NGO that was created in 2000 as part of a larger joint operation of the FBI, the Bureau of Justice Assistance, and the National White Collar Crime Center. The IC3 was created to be a robust cybercrime reporting mechanism, with a particular focus on economically motivated cybercrimes (Holt et al., 2017). Reporting a cybercrime victimization through the IC3 is relatively straightforward. Individuals are asked to fill out a questionnaire asking about the nature of the cybercrime incident, the identity or traits of the offender (if known), as well as the response from the victim (Holt et al., 2017). Once they complete the questionnaire, the IC3 staff members process the complaint and transfer the case to the appropriate corresponding law enforcement agency (e.g., local, state or provincial, federal).

While the IC3 serves as a cybercrime reporting outlet, other NGOs fulfill different objectives, such as Computer Emergency Response Teams (CERTs), which provide intelligence regarding emerging cybercrime threats affecting both the public and private sector (Holt et al., 2017). Although funding for CERTs may be either public (e.g., government) or private (e.g., corporations), these groups largely function to facilitate intelligence and information sharing (Holt et al., 2017). In fact, approximately 369 CERTs exist worldwide and provide intelligence on emerging threats to computer systems (e.g., hardware and software vulnerabilities). CERTs may also perform diagnostic tests to determine how and when a cybercrime incident occurred (Cybersecurity & Infrastructure Security Agency, 2017; Holt et al., 2017).

It is important to note that not all NGOs are professionally organized or sponsored by larger organizations. In fact, an NGO known as Working to Halt Online Abuse (WHOA) was created in 1997 by community members who formed a group to support individuals victimized by harassment and stalking (Holt et al., 2017). Because WHOA is not an official government or law enforcement agency, it cannot apprehend offenders or directly participate in active criminal investigations. Instead, WHOA connects cybercrime victims with competent officials in various regions around the world to help victims secure a digital crime scene, collect evidence, document their victimization, and contact the appropriate law enforcement agency (Holt et al., 2017).

### Law Enforcement Challenges

#### Transnational Nature of Cybercrime

One of the biggest challenges involved in policing cybercrime is its transnational nature. Whereas traditional offline crimes tend to be regional (i.e., both offender and victim reside in neighboring geospatial areas), cybercrimes often involve a complex international component that makes investigating and apprehending offenders a difficult and challenging endeavor (Shearing & Johnston, 2013; Wall, 2007b). In fact, because online crimes transcend traditional boundaries of time and space, it may often be the case that offenders and victims reside in two entirely different parts of the world (Holt & Bossler, 2016). This widening of the offender-victim pool makes it incredibly challenging for law enforcement to apprehend offenders because different jurisdictions and countries may have their own ways of enforcing criminal behavior (Brenner, 2010; Holt & Bossler, 2016; Holt & Lee, 2019; Koziarski & Lee, 2020).

Although cybercrime has been categorized byNATO as a problem that must be collectively addressed by the global community (McMurdie, 2016), the absence of cooperative agreements between countries breeds a condition in which various subjects (e.g., individuals, corporations, computer systems, network targets) residing in certain countries become attractive targets for offenders because legal sanctions are not imposed (Brenner, 2008; Chang, 2013; Holt et al., 2017). Cooperative agreements between countries can include assistance in making arrests, search and seizure, collecting evidence, and extraditing offenders (Chang, 2013). These agreements are fundamentally based on how close and friendly nations are with one another (Chang, 2013).

As discussed in the section on “Federal Law Enforcement”, cybercrimes that involve a transnational element are often processed by federal law enforcement agencies (e.g., FBI, Secret Service), especially those that affect the nation-state and national security (Andress & Winterfeld, 2013; Brenner, 2008; Holt & Bossler, 2016; Holt et al., 2017). These federal law enforcement agencies seek cooperation from the international community when cybercrimes involve individuals from outside their country borders. This task becomes increasingly challenging when cooperative agreements between the involved countries do not exist (e.g., no extradition agreements exist between the United States and China, Russia, and the Ukraine). If countries are divided by political or ideological differences, there may not be cooperative agreements in place for law enforcement to further their international investigations (Holt et al., 2017). Given these challenges, law enforcement agencies have become increasingly dependent on existing extradition agreements with friendly countries so that if the desired suspect leaves the original country to one of these friendlier nations, they can be detained and extradited in transit (Chang, 2013; Holt & Bossler, 2016; Holt et al., 2017).

However, even if two countries have positive relations with one another and have extradition agreements in place to resolve transnational online crimes, there may be limited parity in the language of each country’s legislation that makes a certain cybercrime a criminal offense in one country, but a civil misdemeanor in another (Brenner, 2010; Chang, 2013; Holt et al., 2017). In other words, even if multiple countries adopt cybercrime legislation, their coverage of cybercrime behaviors may vary substantially—that is, the same online behavior and offense can be prosecuted under different laws and parameters depending on the country’s legal code (Wall, 2007b). For instance, while stealing trade secrets would be adjudicated under criminal law in the United States, the same act would fall under civil law in the United Kingdom (Law Commission, 1997).

One way to improve law enforcement responses to cybercrime offending is through the expansion of cybercrime legislation to include a more comprehensive list of cybercrime behaviors and punishments covered by the criminal code (Brenner, 2008; Chang, 2013; Holt & Bossler, 2016; Holt et al., 2017). Although progression has been slow, several countries have cybercrime prevention as part of their national security agenda, including the United States, the United Kingdom, Canada, Australia, and the Netherlands (Wall & Williams, 2013). Notable cybercrime legislations include the Computer Misuse Act (United Kingdom), the Computer Fraud and Abuse Act (United States, 18 U.S.C. 1030), and the Convention on Cybercrime (Council of Europe, ETS No. 185). These laws and measures were all drafted with the intent to protect individuals from a variety of cybercrimes, including computer intrusion as well as unauthorized access and modification of sensitive information and computer material (Wall, 2007b).

Despite adopting cybercrime laws, policymakers encounter various obstacles adapting to the rapidly changing environment of technology (Jones, 2006). A failure to adequately address developments in cybercrime behavior results in legal loopholes that allow offenders to escape criminal responsibility for their harmful behavior (Jones, 2006). For instance, although there are federal laws dedicated to regulating the unauthorized access of computer systems and the illegal acquisition of sensitive data and information (Brenner, 2010), there is no legal statute that criminalizes participation in online illicit markets where personal data are sold and traded (Holt & Bossler, 2016; Tucker, 2014). This legislation is written such that only the theft and use of personal information to commit identity fraud, not the buying and selling of such data, is criminalized. This allows individuals to operate in a relatively gray area of crime where the behavior is not technically in violation of any criminal code or statute (Holt et al., 2017).

#### Uncertainties Regarding Agency Roles and Responsibilities

This global nature of cybercrime has also created confusion within law enforcement agencies as to who is best equipped to address cybercrime calls for service (Bossler & Holt, 2012; Holt, Lee, et al., 2019; Lee et al., 2021). Research has found that within-agency confusion regarding who is most responsible for taking lead in collecting digital evidence and processing a formal cybercrime investigation may cause significant delays in apprehending online offenders (Chang, 2013). In fact, there may be instances where the crime occurred at the local level, but given insufficient resourcing, the case is transferred over to a state or provincial or federal agency. Even after a case has been transferred to a different agency, the agency may not possess the requisite skills, tools, and training to adequately resolve the cybercrime inquiry (Bossler & Holt, 2012; Holt & Lee, 2019; Koziarski & Lee, 2020; Lee et al., 2021). Regardless of whether offenders reside in close proximity or are distant from their victims, more clarity concerning law enforcement roles and capacities in resolving cybercrimes is needed (Horgan et al., 2021).

To that end, there is debate among police leadership as to whether specialized cybercrime units should be formed across all levels of law enforcement (PERF, 2014; Willits & Nowacki, 2016). Limited evidence regarding other specialized units within law enforcement suggests that these groups do very little to formally address the problems they were initially set out to resolve (Katz, 2001; Katz & Webb, 2006; Kraska, 2007). However, forming these specialized units may encourage individuals to report their cybercrime victimization and seek the support they otherwise would have neglected (Willits & Nowacki, 2016).

In some instances, cybercrime victims may be sent back by law enforcement officers as their victimization may not be viewed as something law enforcement can actively investigate (Holt et al., 2017). If the particular type of victimization is deemed unsuitable for law enforcement, these individuals may be directed to other agencies or service providers instead (Holt et al., 2017). For instance, victimization involving a malicious software (i.e., malware) infection on a personal computer may not be considered behavior that law enforcement can actively investigate because there is technically no violation of local law, especially if there is no sign of personal information being compromised or misused by the offender (Holt et al., 2017). In a related example, if an individual received a single harassing message on social media (e.g., Facebook, Twitter, Instagram), this victimization may not pose a great enough risk and danger to justify a criminal complaint or warrant a law enforcement response (Holt et al., 2017).

#### Public Sector–Private Sector Relationships

Another challenge law enforcement encounter involves the forming of strong collaborative relationships with the private sector. A strong working relationship with the private sector can lead to intelligence sharing that enables deeper analyses of offender and victimization patterns (Dodge & Burruss, 2019). In addition, intelligence sharing can lead to the identification of more offenders, their criminal behavior, and the potential overlap connecting actors to multiple offenses (Dodge & Burruss, 2019). Despite its many benefits, law enforcement may not know how to form strong relationships with industry in ways that encourage organizations to support law enforcement goals and objectives (Avina, 2011; Dodge & Burruss, 2019; Hodge & Greve, 2007). Like most larger collaborations, making each party understand everyone’s objective and agenda may be challenging as differences in individual and agency-level mandates exist (Koziarski & Lee, 2020). In fact, a clash in organizational goals and objectives is a significant barrier to strong collaborative agreements; as private corporations are inherently interested in making a profit, while law enforcement is concerned with improving public safety (Bures, 2017). For instance, obtaining access to evidential data from industry members (e.g., ISPs) may prove difficult, because corporations that are overly cooperative with law enforcement may receive backlash from their constituents regarding data privacy (Dodge & Burruss, 2019).

A failure to maintain clear and consistent communication channels may also hinder the growth and longevity of such partnerships (Dodge & Burruss, 2019). That is, even if trusting relationships are formed between the public and private sector, law enforcement must know how to maintain these relationships over extended periods of time. A failure to build and maintain collaborative working relationships with the private sector may lead to a duplication of effort involving the investigation of a cybercrime that has already been completed by the private sector (McMurdie, 2016). This means that time and resources were expended to accomplish the same task that could have been spent more fruitfully elsewhere (McMurdie, 2016).

Given the difficulties in forming robust public-private partnerships, various governments have tried to intervene and mandate the sharing of intelligence between these two parties (Bures, 2017). Sustaining these collaborative relationships may prove difficult whenever changes in organizational leadership or objectives are made (Dodge & Burruss, 2019). Moreover, the problem with forcing private industry to partner with law enforcement is that it undermines the spirit of these collaborations, which is based principally on voluntary and mutually beneficial ties (Bures, 2017). Even if these partnerships are imposed, they are likely to be met with resistance from both sides, potentially generating more harm than its intended benefits (Dodge & Burruss, 2019).

#### Underreporting of Cybercrime Behaviors

A larger problem that law enforcement agencies encounter with policing cybercrime relates to the public’s lack of confidence in the police to adequately respond to cybercrime calls for service (McMurdie, 2016; Wall, 2007b). Studies from the United Kingdom found that only 12% of individuals believed that law enforcement agencies were capable of both adequately investigating and resolving cybercrime behaviors (McMurdie, 2016). The unwillingness of cybercrime victims to contact the police for help mirrors research conducted on victims of online fraud and white-collar crime that suggests victims either believe the police are incapable of resolving their issue or will not respond positively to their calls for service (Dodge & Burruss, 2019; Huff et al., 2010). In addition, individuals may not know who to report their victimization experiences to or whether reporting these behaviors will result in meaningful outcomes (McMurdie, 2016). Alternatively, underreporting of cybercrime may also be a result of individuals not knowing they have been victimized of an online crime (Goucher, 2010; Wall, 2007b Willits & Nowacki, 2016).

At the macrolevel, corporations and large businesses may refuse to report their victimization because acknowledging an attack may reduce the public’s trust and negatively impact their public image, consequently affecting their economic profits and value (Wall, 2007b). Corporations do not see the value in reporting their cybercrime victimizations to law enforcement, especially since keeping record of digital evidence and maintaining the crime scene can delay business operations from resuming their normal activities (McMurdie, 2016).

In addition, perceptions of cybercrime seriousness may be a result of low cybercrime reporting levels among the general public (Horgan et al., 2021; United Kingdom, 2016; Yar, 2013). Low reporting levels may indicate to law enforcement that cybercrimes are less frequent and inconsequential crimes (Horgan et al., 2021; United Kingdom, 2016; Yar, 2013). Exploring both law enforcement and public perceptions of cybercrime are important because the allocation of resources may be aligned with stakeholders’ perceptions of cybercrime seriousness (Dodge & Burruss, 2019). For instance, despite the higher frequency of online interpersonal violence behaviors in society, more law enforcement resources are expended on investigating online child sexual abuse material behaviors given its greater perceived seriousness by community stakeholders generally (Dodge & Burruss, 2019; Hinduja, 2004). Certain cybercrimes such as cyberbullying are thought to be entirely noncriminal behaviors by some law enforcement officers, who believe that criminalizing the act would induce an exorbitant amount of stress on the already taxed criminal justice system (Broll & Huey, 2015). Other studies suggest that law enforcement officers believe cybercrimes distract them from pursuing more prevalent and serious offline crimes that deserve more time and resources (see Hinduja, 2004).

A shift toward viewing cybercrimes as more serious offenses has been observed by law enforcement in the early 21st century, although attitudes still favor viewing offline crimes as more common and serious than online crimes (Dodge & Burruss, 2019). The incentives toward improving cybercrime responses are lower than those for offline crime, which may demotivate officers into receiving more training in topics concerning digital forensics or cybercrime investigation (Dodge & Burruss, 2019). It is worth noting that perceptions of cybercrime seriousness may not be uniform across the entirety of the law enforcement agency; that is, perceptions may vary based on one’s rank and experience on the force. For instance, studies have found that workers in upper-level management in law enforcement agencies tend to view cybercrimes as more important and encourage the construction of cybercrime investigation units, whereas patrol officers tend to know very little about cybercrime investigations (Bossler & Holt, 2012; Dodge & Burruss, 2019). In fact, nearly three fourths of surveyed officers believed that cybercrimes should be handled directly by specialized cybercrime units, suggesting that local law enforcement do not view themselves as the primary responders to cybercrime calls for service (see Bossler & Holt, 2012).

Despite views that suggest cybercrime investigation is not real police work, officers who are tasked with resolving cybercrimes encounter comparable levels of job stress to those investigating traditional offline crime (Dodge & Burruss, 2019; Holt et al., 2012). Inadequate staffing, unclear guidelines and best practices, and a lack of investigative resources are some of the main factors contributing to the job stress (Dodge & Burruss, 2019). The inability to commiserate with colleagues about their job stressors further affects officers’ burnout, job fatigue, and secondary trauma (Dodge & Burruss, 2019).

### Evidence-Based Policing and Cybercrime

One approach that could improve how cybercrimes are enforced and regulated is the paradigm of evidence-based policing (EBP) (see Koziarski & Lee, 2020). EBP is a concept adapted from evidence-based medicine that seeks to identify best practices to inform and challenge policing decisions through rigorous, transparent, and replicated/reproduced scientific research (seeKoziarski & Lee, 2020; Sherman, 1998, 2013, 2015; U. K. College of Policing, n.d.). EBP is a collective effort involving law enforcement agencies, academic researchers, and industry personnel/practitioners, whose central focus is to develop a robust evidence base that can identify current and emerging problems in policing, examine possible solutions to these problems using rigorous scientific methods, and monitor these solutions over extended periods of time to ensure successful outcomes are maintained (Koziarski & Lee, 2020; Sherman, 1998, 2013, 2015; U. K. College of Policing, n.d.).

The first step toward implementing an EBP approach to cybercrime is to start an evaluation of existing cybercrime programs, tools, and strategies so that current successes, limitations, and challenges with existing approaches can be identified. The next step of the process is to evaluate best solutions to address these problems and limitations (Koziarski & Lee, 2020). It is important to ensure that police administrators are cognizant of the different forms of cybercrime and the characteristics that make them unique. Accounting for differences in cybercrime behaviors would ensure that each approach is uniquely tailored to the particular offense in question, allowing law enforcement to be more effective at responding to the entire spectrum of online behavior (Koziarski & Lee, 2020).

Along these lines, EBP approaches to cybercrime would benefit from determining best operational practices at each level of law enforcement, including those serving within specialized cybercrime units (Koziarski & Lee, 2020). This evaluation would consider the affordances and limitations of each level of law enforcement and determine best ways to expend these agencies’ time and resources to ensure a successful outcome. This may include streamlining the investigation process such that personnel in smaller, local agencies are provided with specialized training and clear guidelines on how to transfer incident knowledge and digital evidence to both larger and higher levels of law enforcement so that a case can be processed more efficiently (Koziarski & Lee, 2020). The more aware and knowledgeable agencies are with their capabilities in the investigation process, the better allocation of resources and time will be had (Koziarski & Lee, 2020).

To that end, cybercrime training and courses in digital investigation would benefit from being tailored to meet the current needs and demands of particular agencies. Although all training should include coverage of basic digital evidence collection and cybercrime awareness, local law enforcement should have additional content concerning how to respond to civilian calls for service and write cybercrime police reports, as well as effectively transfer more nuanced cybercrime investigation responsibilities to larger agencies that have greater cybercrime investigative resources. Similarly, larger agencies should incorporate more training topics around how best to recruit and retain capable cybercrime investigators, as well as how to perform their responsibilities within their jurisdictional borders (Koziarski & Lee, 2020).

Another aspect of cybercrime policing that may benefit from an EBP approach is determining when it is better for law enforcement or industry personnel to address a particular cybercrime inquiry. It could be that recruiting highly skilled industry personnel is more effective in resolving certain cybercrimes than providing extensive cybercrime training to current law enforcement officers given the experience and expertise of the representatives from industry (Koziarski & Lee, 2020). One way to ensure a more efficient process of recruitment would be to foster stronger partnerships between the public and private sectors so that greater collaborative involvement from each sector could be had without necessarily going through a formal recruitment process (Holt & Lee, 2019; Koziarski & Lee, 2020). For instance, instead of law enforcement hiring industry personnel, these sectors can collaborate to resolve cybercrime incidents by doing their part in regulating online behavior (Koziarski & Lee, 2020). To that end, studies should evaluate whether certain groups of people are better suited for different cybercrime behaviors and identify ways to streamline the investigation process to strengthen law enforcement responses to cybercrime inquiries (Koziarski & Lee, 2020).

EBP approaches to cybercrime should also focus on exploring the different kinds of job stressors affecting law enforcement tasked with enforcing cybercrime behaviors and develop effective coping mechanisms and strategies to improve their overall well-being and mental health (Koziarski & Lee, 2020). Lack of awareness toward cybercrime job stressors may be a result of an overall lack of understanding on what cybercrimes are, their investigative challenges, and the difficulties encountered by law enforcement officers tasked with responding to cybercrime calls for service. To that end, cybercrime awareness campaigns can prove beneficial in that they inform the public of emerging cybercrime threats, their costs to society, and best ways to avoid victimization (Koziarski & Lee, 2020).

As is the case with traditional offline crime, EBP approaches to cybercrime should also focus on forming greater interdisciplinary collaboration across various sectors, especially because every field and discipline has their own strengths regarding the evaluation of data, evidence, and policy. For instance, although criminology and computer science researchers examining cybercrime policing may understand the complex methodological aspects of an evaluation, their understanding of how an approach is enacted in practice may be limited, thus hindering their ability to wholly assess the approach and its effectiveness (Koziarski & Lee, 2020). In fact, research has consistently found that clear and effective communication between the public and private sector is quintessential to the fight against cybercrime (Broadhurst, 2006; Katos & Bednar, 2008; Willits & Nowacki, 2016). Clearly communicating what organization has priority and who will lead different parts of a cybercrime investigation will result in a more effective and efficient response to the cybercrime problem, especially given the large number of players who participate in the regulation of online spaces (Brenner, 2008; Furnell, 2002; Goldsmith & Brewer, 2015; Holt, Brewer, et al., 2019).

Despite the benefits of an EBP approach, it is important not to conflate the application of EBP with the strategies and approaches that are generated from its implementation (see Koziarski & Lee, 2020). Stated differently, applying the EBP framework to cybercrime does not mean that cybercrime problems are resolved using the same strategies and operational practices implemented in offline crime. Although the approach to generating a robust evidence base around best practices is uniform across all phenomena under the scope of EBP, differences in investigation tactics and prevention mechanisms acknowledge the uniqueness of the crime and behavior under review (Koziarski & Lee, 2020).

In addition, it is important that EBP approaches to cybercrime are flexible and account for changes in behavior; strategies that may be deemed effective and efficient for a particular cybercrime at one time may not have lasting effects as the behavior modifies with continued developments in technology (Koziarski & Lee, 2020). Continuously monitoring and tracking the effectiveness of cybercrime tools and approaches may prove particularly useful in these instances, as strategies that are deemed ineffective can be retooled and adjusted appropriately (Koziarski & Lee, 2020).

Although numerous peer-reviewed studies have explored issues involving law enforcement responses to cybercrime offending and victimization (Bossler & Holt, 2012; Holt & Bossler, 2012; Holt, Lee, et al., 2019; Wall & Williams, 2013; Willits & Nowacki, 2016), not enough research has been conducted to generate a replication of findings needed to substantiate a robust evidence base of best practices and operational strategies in the context of cybercrime policing (Koziarski & Lee, 2020). In other words, the scholarship exploring law enforcement responses to cybercrime has been scarce, limiting the evidence base around best practices regarding cybercrime policing (see Holt & Bossler, 2012; Holt, Lee, et al., 2019; Lee et al., 2021 for exception).

An EBP approach to cybercrime has the potential to improve both current and future police practices and decisions, including discussions about how certain strategies are being implemented, measured, and evaluated (Koziarski & Lee, 2020). Because the overall aim of applying an EBP approach to cybercrime policing is to improve law enforcement responses by generating evidence on what programs, interventions, tools, and strategies are effective in different investigation scenarios (Koziarski & Lee, 2020), knowing which operational practices work best in different situations will not only lead to a more intentional use of officers’ time and agency resources, but also strengthen public perceptions of law enforcement in responding to cybercrime calls for service. As a result, initiating an EBP approach to cybercrime would allow agencies to evaluate how their time and resources are being spent, as well as develop more effective and efficient ways to utilize these resources to improve their competencies as capable responders to online crime (Koziarski & Lee, 2020).

### Conclusion

The emergence and evolution of cybercrime require a more comprehensive and coordinated solution from various individuals and agencies, including law enforcement, private corporations, and NGOs (Holt et al., 2017). The more serious and prevalent cybercrimes become, the more likely law enforcement agencies are to develop specialized cybercrime investigation units and expend greater resources to enforcing such behaviors (Willits & Nowacki, 2016). In fact, research has found that approximately 85% of law enforcement agencies in the United States addressed some form of cybercrime in 2013, which is a huge increase from 41% in 2000 (Willits & Nowacki, 2016).

Although various sectors take on different roles in the fight against cybercrime and online victimization, there is considerable variation in each agency’s role and capacity to adequately address cybercrime inquiries, including police forces at the local, state or provincial, and federal level (Holt et al., 2017). Efforts to combat cybercrime behaviors are further complicated when incidents involve international communities where political strife and hostility generate difficulties in constructing extradition agreements or cause preexisting agreements to collapse and dissolve (Holt et al., 2017).

Some scholars have promoted creative prevention solutions to the growing cybercrime problem (Jones, 2006). These solutions involve decentralizing the responsibility of policing cybercrime to the larger community of Internet and computer users by allowing individuals to alter software code whenever vulnerabilities are detected (Jones, 2006). These solutions resemble community policing models in that they seek to improve law enforcement–community relationships while simultaneously allowing community members to actively participate in cybercrime enforcement within their communities (Jones, 2006). It is important to note that this community policing approach to cybercrime is not introduced as a result of an antagonistic relationship between computer/Internet users and the police, but from an intelligence standpoint that acknowledges the benefits and strengths in seeking assistance from qualified individuals (Jones, 2006).

A successful community policing approach to cybercrime could be one that is based on a deterrence framework that increases offenders’ costs of engaging in cybercrime by improving both software and hardware technologies to make engaging in online crime more difficult and riskier (Jones, 2006). In fact, a community policing model already exists in some online communities such as those involving e-commerce (e.g., eBay, Craigslist, Amazon), where buyers use rating systems and customer feedback forums to communicate their satisfaction and experience with vendors and sellers to prospective customers (Jones, 2006).

Another way to involve ordinary civilians in the fight against cybercrime could be to increase the use and access of open software (Jones, 2006). Open software, also commonly known as open source, generally refers to those programs and applications that make their underlying source code available to the public so that users can patch and update its code whenever flaws and vulnerabilities are identified (Jones, 2006). Examples of open software include the Linux operating system and the Firefox browser (Jones, 2006). The potential benefit of using open software is in its ability to share the underlying code and be transparent of its security characteristics and flaws to the wider community of software users (Jones, 2006). In similar ways to how community policing in offline settings allow civilians to monitor their neighborhood and its surrounding activities, using open software enables software users and developers to monitor the underlying code and make changes whenever vulnerabilities are detected (Jones, 2006).

Although open software has the potential to improve the cybercrime problem, it must not be confused as a panacea for cybercrimes writ large (Jones, 2006). Even if open software gives software users the ability to rewrite code and patch known vulnerabilities in the underlying system, these individuals must be willing and motivated to interact with these projects (Jones, 2006). Knowing how to repair a flawed system and update an incomplete line of code does not necessarily mean that these individuals will be motivated to follow through with those actions. In addition, for any software to become open source, the founding individuals or corporation must be willing to divorce themselves from the proprietary software, which may result in substantive economic loss (Jones, 2006).

In addition to improving their knowledge and capacities around cybercrime investigation, law enforcement must simultaneously work toward fostering positive, mutually advantageous relationships with industry partners and computer security professionals (Brenner, 2010; Wall, 2007b). Forming strong cooperative relationships across different public and private sectors may facilitate better intelligence sharing and ways of obtaining digital evidence during cybercrime investigations (Brenner, 2010; Chang, 2013). If law enforcement desires to be more a more effective responder to cybercrime cases, both greater collaboration between the public and private sector and innovative technical solutions must be encouraged and implemented by domestic and international communities alike. Although complications in cybercrime investigation are bound to arise, if effective cybercrime policing mechanisms are to be achieved, a more concerted effort that involves the entire community must be had.

• Dodge, C., & Burruss, G. (2019). Policing cybercrime: Responding to the growing problem and considering future solutions. In H. Pontell (Ed.), The human factor of cybercrime (pp. 339–358). Routledge.
• Holt, T. J., & Bossler, A. M. (2015). Cybercrime in progress: Theory and prevention of technology-enabled offenses. Routledge.
• Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K. C. (2017). Cybercrime and digital forensics: An introduction. Routledge.
• Holt, T. J., Burruss, G. W., & Bossler, A. (2015). Policing cybercrime and cyberterror. Criminal Justice and Criminology Faculty Publications (Paper 70). Carolina Academic Press.
• Holt, T. J., & Lee, J. R. (2019). Policing cybercrime through law enforcement and industry mechanisms. In A. Attrill-Smith, C. Fullwood, M. Keep, & D. Kuss (Eds.), The Oxford Handbook of Cyberpsychology (pp. 645–662). Oxford University Press.
• Horgan, S., Collier, B., Jones, R., & Shepherd, L. (2021). Re-territorialising the policing of cybercrime in the post-COVID-19 era: Towards a new vision of local democratic cyber policing. Journal of Criminal Psychology, 11(3), 222–239.
• Koziarski, J., & Lee, J. R. (2020). Connecting evidence-based policing and cybercrime. Policing: An International Journal, 43(1), 198–211.
• Lum, C. M., & Koper, C. S. (2017). Evidence-based policing: Translating research into practice. Oxford University Press.
• Wall, D. S. (2007a). Cybercrime: The transformation of crime in the information age. Polity.
• Wall, D. S. (2007b). Policing cybercrimes: Situating the public police in networks of security within cyberspace. Police Practice and Research, 8(2), 183–205.
• Wall, D. S., & Williams, M. L. (2013). Policing cybercrime: Networked and social media technologies and the challenges for policing. Policing and Society, 23, 409–412.
• Willits, D., & Nowacki, J. (2016). The use of specialized cybercrime policing units: An organizational analysis. Criminal Justice Studies, 29(2), 105–124.

#### References

• Andress, J., & Winterfeld, S. (2013). Cyber warfare: Techniques, tactics, and tools for security practitioners (2nd ed.). Syngress.
• Avina, J. (2011). Public-private partnerships in the fight against crime: An emerging frontier in corporate social responsibility. Journal of Financial Crime, 18(3), 282–291.
• Bocij, P. (2004). Cyberstalking: Harassment in the internet age and how to protect your family. Praeger.
• Bossler, A. M., & Holt, T. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3, 400–420.
• Bossler, A. M., & Holt, T. J. (2012). Patrol officers’ perceived role in responding to cybercrime. Policing: An International Journal of Police Strategies & Management, 35, 165–181.
• Brenner, S. W. (2001). Is there such a thing as “virtual crime”? California Criminal Law Review, 4(1), 11.
• Brenner, S. W. (2008). Cyberthreats: The emerging fault lines of the nation state. Oxford University Press.
• Brenner, S. W. (2010). Cybercrime: Criminal threats from cyberspace. Praeger.
• Britz, M. T. (2010). Terrorism and technology: Operationalizing cyberterrorism and identifying concepts. In T. J. Holt (Ed.), Crime on-line: Correlates, causes, and context (pp. 193–220). Carolina Academic Press.
• Broadhurst, R. (2006). Developments in the global law enforcement of cyber-crime. Policing: An International Journal of Police Strategies & Management, 29, 408–433.
• Broll, R., & Huey, L. (2015). “Just being mean to somebody isn’t a police matter:” Police perspectives on policing cyberbullying. Journal of School Violence, 14, 155–176.
• Bures, O. (2017). Contributions of private business to the provision of security in the EU: Beyond public-private partnerships. Crime, Law and Social Change, 67(3), 289–312.
• Burns, R. G., Whitworth, K. H., & Thompson, C. Y. (2004). Assessing law enforcement preparedness to address Internet fraud. Journal of Criminal Justice, 32, 477–493.
• Cale, J., Holt, T. J., Leclerc, B., Singh, S., & Drew, J. (2021). Crime commission processes in child sexual abuse material production and distribution: A systematic review. Trends and Issues in Crime and Criminal Justice, 617, 1–22.
• Chang, L. Y. (2013). Formal and informal modalities for policing cybercrime across the Taiwan Strait. Policing and Society, 23(4), 540–555.
• Chao, Y. (2010). Google attacks used addresses based in Taiwan. Taipei Times.
• Chermak, S., Carter, J., Carter, D., McGarrell, E. F., & Drew, J. (2013). Law enforcement’s information sharing infrastructure: A national assessment. Police Quarterly, 2, 211–244.
• Choi, K., & Lee, J. R. (2017). Theoretical analysis of cyber-deviance victimization and offending using cyber-routine activities theory. Computers in Human Behavior, 73, 394–402.
• Choi, K., Lee, S., & Lee, J. R. (2017). Mobile phone technology and online sexual harassment among juveniles in South Korea: Effects of self-control and social learning. International Journal of Cyber Criminology, 11(1), 110–127.
• Clayton, R. (2020). The impact of lockdown on DoS-for-hire (Cambridge Cybercrime Centre Briefing Paper Series). University of Cambridge.
• Clifford, R. D. (2006). Cybercrime: The investigation, prosecution, and defense of a computer-related crime (2nd ed.). Carolina Academic Press.
• Clough, J. (2014). A world of difference: The Budapest Convention on cybercrime and the challenges of harmonization cybercrime: A global challenge. Monash University Law Review, 40(3), 698–736.
• Coburn, T. (2015). A review of the Department of Homeland Security’s missions and performance. Report to the U.S. Senate.
• Collier, B. (2020). Boredom, routine activities, and cybercrime during the pandemic (Cambridge Cybercrime Centre Briefing Paper Series). University of Cambridge.
• Cross, C. (2015). No laughing matter: Blaming the victim of online fraud. International Review of Victimology, 21, 187–204.
• Cross, C., Richards, K., & Smith, R. G. (2016). The reporting experiences and support needs of victims of online fraud. Trends & Issues in Crime and Criminal Justice, 518, 1–14.
• Cunningham, S., & Kendall, T. (2010). Sex for sale: Online commerce in the world’s oldest profession. In T. J. Holt (Ed.), Crime online: Correlates, causes, and context (pp. 114–140). Carolina Academic Press.
• Cybersecurity & Infrastructure Security Agency. (2017). About us.
• Demetis, D., & Kietzmann, J. (2021). Online child sexual exploitation: A new MIS challenge. Journal of the Association for Information Systems, 22(1), 5–40.
• Dodge, C., & Burruss, G. (2019). Policing cybercrime: Responding to the growing problem and considering future solutions. In R. Leukfeldt & T. J. Holt (Eds.), The human factor of cybercrime (pp. 339–358). Routledge.
• Federal Bureau of Investigation. (2017). Internet crime complaint center: m2017 internet crime report . Internet Crime Complaint Center.
• Fissel, E. R., Fisher, B. S., & Nedelec, J. L. (2021). Cyberstalking perpetration among young adults: An assessment of the effects of low self-control and moral disengagement. Crime & Delinquency, 67(12), 1935–1961.
• Florencio, D., & Herley, C. (2013). Sex, lies and cyber-crime surveys. In B. Schneier (Ed.), Economics of information security and privacy III (pp. 35–53). Springer.
• Fox, B., & Holt, T. J. (2021). Use of a multitheoretic model to understand and classify juvenile computer hacking behavior. Criminal Justice and Behavior, 48(7), 943–963.
• Furnell, S. (2002). Cybercrime: Vandalizing the information society. Addison-Wesley.
• Gero, S., Back, S., LaPrade, J., & Kim, J. (2021). Malware infections in the US during the COVID-19 pandemic: An empirical study. International Journal of Cybersecurity Intelligence & Cybercrime, 4(2), 25–37.
• Goldsmith, A., & Brewer, R. (2015). Digital drift and the criminal interaction order. Theoretical Criminology, 19(1), 112–130.
• Goodman, M. D. (1997). Why the police don’t care about computer crime. Harvard Journal of Law and Technology, 10, 465–494.
• Goucher, W. (2010). Being a cybercrime victim. Computer Fraud & Security, 2010, 16–18.
• Grabosky, P. N. (2001). Virtual criminality: Old wine in new bottles? Social & Legal Studies, 10(2), 243–249.
• Hinduja, S. (2004). Perceptions of local and state law enforcement concerning the role of computer crime investigative teams. Policing: An International Journal of Police Strategies & Management, 27, 341–357.
• Hinduja, S. (2007). Computer crime investigations in the United States: Leveraging knowledge from the past to address the future. International Journal of Cyber Criminology, 1, 1–26.
• Hodge, G. A., & Greve, C. (2007). Public–private partnerships: An international performance review. Public Administration Review, 67(3), 545–558.
• Holt, K., Liggett, R., Holt, T. J., & Lee, J. R. (2020). Examining self-reported physical contact with minors among pedophile support forum users. International Journal of Offender Therapy and Comparative Criminology, 64(4), 299–314.
• Holt, T. J. (2012). Exploring the intersections of technology, crime, and terror. Terrorism and Political Violence, 24, 337–354.
• Holt, T. J., & Blevins, K. R., & Burruss, G. W. (2012). Examining the stress, satisfaction, and experiences of computer crime examiners. Journal of Crime and Justice, 35, 35–52.
• Holt, T. J., & Bossler, A. M. (2012a). Police perceptions of computer crimes in two southeastern cities: An examination from the viewpoint of patrol officers. American Journal of Criminal Justice, 37, 396–412.
• Holt, T. J., & Bossler, A. M. (2012b). Predictors of patrol officer interest in cybercrime training and investigation in selected United States police departments. Cyberpsychology, Behavior, and Social Networking, 15(9), 464–472.
• Holt, T. J., & Bossler, A. M. (2016). Cybercrime in progress: Theory and prevention of technology-enabled offenses. Routledge.
• Holt, T. J., Bossler, A. M., & Fitzgerald, S. (2010). Examining state and local law enforcement perceptions of computer crime. In T. J. Holt (Ed.), Crime on-line: Correlates, causes, and context (pp. 221–246). Carolina Academic Press.
• Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K. C. (2017). Cybercrime and digital forensics: An introduction. Routledge.
• Holt, T. J., Brewer, R., & Goldsmith, A. (2019). Digital drift and the “sense of injustice”: Counter-productive policing of youth cybercrime. Deviant Behavior, 40(9), 1144–1156.
• Holt, T. J., Burruss, G. W., & Bossler, A. M. (2015). Policing cybercrime and cyberterror. Carolina Academic Press.
• Holt, T. J., & Lee, J. R. (2019). Policing cybercrime through law enforcement and industry mechanisms. In A. Attrill-Smith, C. Fullwood, M. Keep, & D. J. Kuss, (Eds.), The Oxford handbook of cyberpsychology (pp. 1–20). Oxford University Press.
• Holt, T. J., & Lee, J. R. (2020). A crime script analysis of counterfeit identity document procurement online. Deviant Behavior, 43(3), 285–302.
• Holt, T. J., Lee, J. R., Freilich, J. D., Chermak, S. M., Bauer, J. M., Shillair, R., & Ross, A. (2020). An exploratory analysis of the characteristics of ideologically motivated cyberattacks. Terrorism and Political Violence, 1–16.
• Holt, T. J., Lee, J. R., Liggett, R., Holt, K. M., & Bossler, A. M. (2019). Examining perceptions of online harassment among constables in England and Wales. International Journal of Cybersecurity Intelligence and Cybercrime, 2(1), 24–39.
• Holt, T. J., & Steinmetz, K. F. (2021). Examining the role of power-control theory and self-control to account for computer hacking. Crime & Delinquency, 67(10), 1491–1512.
• Horgan, S., Collier, B., Jones, R., & Shepherd, L. (2021). Re-territorialising the policing of cybercrime in the post-COVID-19 era: Towards a new vision of local democratic cyber policing. Journal of Criminal Psychology, 11(3), 222–239.
• Huff, R., Desilets, C., & Kane, J. (2010). National public survey on white collar crime. National White Collar Crime Center.
• Hyman, P. (2013). Cybercrime: It’s serious, but exactly how serious? Communications of the ACM, 56(3), 18–20.
• Information Warfare Monitor. (2009). Tracking GhostNet: Investigating a cyber espionage network.
• Jenkins, P. (2001). Beyond tolerance: Child pornography on the Internet. New York University Press.
• Jones, B. R. (2006). Virtual neighborhood watch: Open source software and community policing against cybercrime. The Journal of Criminal Law & Criminology, 97(2), 601–630.
• Katos, V., & Bednar, P. M. (2008). A cyber-crime investigation framework. Computer Standards & Interfaces, 30, 223–228.
• Katz, C. M. (2001). The establishment of a police gang unit: An examination of organizational and environmental factors. Criminology, 39, 37–74.
• Katz, C. M., & Webb, V. J. (2006). Policing gangs in America. Cambridge University Press.
• Koziarski, J., & Lee, J. R. (2020). Connecting evidence-based policing and cybercrime. Policing: An International Journal, 43(1), 198–211.
• Kraska, P. B. (2007). Militarization and policing—Its relevance to 21st century policing. Policing, 1, 501–513.
• Law Commission. (1997). Legislating the criminal code: Misuse of trade secrets (Consultation Paper 150).
• Lee, J. R., & Holt, T. J. (2020). Assessing the factors associated with the detection of juvenile hacking behaviors. Frontiers in Psychology, 11, 840.
• Lee, J. R., Holt, T. J., Burruss, G. W., & Bossler, A. M. (2021). Examining English and Welsh detectives’ views of online crime. International Criminal Justice Review, 31(1), 20–39.
• Maillart, J. B. (2019). The limits of subjective territorial jurisdiction in the context of cybercrime. ERA Forum, 19, 375–390.
• Maimon, D., & Howell, C. J. (2020). The coronavirus pandemic moved life online—A surge in website defacing followed. The Conversation.
• Maimon, D., Howell, C. J., & Burruss, G. W. (2021). Restrictive deterrence and the scope of hackers’ reoffending: Findings from two randomized field trials. Computers in Human Behavior, 125, 106943.
• Marcum, C., Higgins, G. E., Freiburger, T. L., & Ricketts, M. L. (2010). Policing possession of child pornography online: Investigating the training and resources dedicated to the investigation of cyber crime. International Journal of Police Science & Management, 12, 516–525.
• Mazanec, B. M. (2009). The art of (cyber) war.
• McMurdie, C. (2016). The cybercrime landscape and our policing response. Journal of Cyber Policy, 1(1), 85–93.
• Muncaster, P. (2020, July). Cybercrime jumped 23% over past time, says ONS. Infosecurity Magazine.
• National Initiative for Cybersecurity Careers and Studies. (2022). Cybersecurity certifications.
• National Institute of Justice. (2008). Electronic crime scene investigations: A guide for first responders (2nd ed.). NCJ 219941.
• Newman, G., & Clarke, R. (2003). Superhighway robbery: Preventing E-Commerce crime. Willan Press.
• Pew Research Center. (2021). Mobile fact sheet.
• Police Executive Research Forum. (2014). The role of local law enforcement agencies in preventing and investigating cybercrime (Critical Issues in Policing Series).
• PricewaterhouseCoopers (PwC). (2016). Global economic crime survey.
• Schjolberg, S. (2004, September 15–17). Computer-related offences [Conference session]. Presentation at the Octopus Interface 2004 Conference on the Challenge of cybercrime. Council of Europe, Strasbourg, France.
• Schneier, B. (2008). The truth about Chinese hackers.
• Senjo, S. R. (2004). An analysis of computer-related crime: Comparing police officer perceptions with empirical data. Security Journal, 17, 55–71.
• Shandler, R., Gross, M. L., Backhaus, S., & Canetti, D. (2021). Cyber terrorism and public support for retaliation–a multi-country survey experiment. British Journal of Political Science, 52, 850–868.
• Shearing, C. D., & Johnston, L. (2013). Governing security: Explorations of policing and justice. Routledge.
• Sherman, L. W. (1998). Evidence based policing: Ideas in American policing. Publisher is National Policing Institute.
• Sherman, L. W. (2013). The rise of evidence-based policing: Targeting, testing, and tracking. Crime and Justice, 42(1), 377–451.
• Sherman, L. W. (2015). A tipping point for “totally evidenced policing”: Ten ideas for building an evidence-based police agency. International Criminal Justice Review, 25(1), 11–29.
• Singh, M., & Singh, S. (2007). Cyber crime convention and trans border criminality. Masaryk University Journal of Law and Technology, 1(1), 53–66.
• Stambaugh, H., Beaupre, D. S., Icove, D. J., Baker, R., Cassady, W., & Williams, W. P. (2001). Electronic crime needs assessment for state and local law enforcement. National Institute of Justice, U.S. Department of Justice.
• U. K. College of Policing. (n.d.). What is evidence-based policing?.
• United Kingdom. (2016). National cyber security strategy 2016–2021. HM Government.
• United Nations Conference on Trade and Development. (2020). Data and privacy unprotected in one third of countries, despite progress.
• United Nations Office on Drugs and Crime. (2013). Comprehensive study on cybercrime—Draft.
• United States Attorney’s Office. (2015). Financial fraud crime victims.
• Vacca, J. R., & Rudolph, K. (2010). Systems forensics, investigation, and response. Jones & Bartlett Learning.
• van de Weijer, S. G. A., Leukfeldt, R., & Bernasco, W. (2019). Determinants of reporting cybercrime: A comparison between identity theft, consumer fraud, and hacking. European Journal of Criminology, 16(4), 486–508.
• Van Nguyen, T., Truong, T. V., & Lai, C. K. (2021). Legal challenges to combating cybercrime: An approach from Vietnam. Crime, Law and Social Change, 77(3), 231–252.
• Vu, A. (2020). The pandemic as incels see it (Cambridge Cybercrime Centre Briefing Paper Series).
• Walden, I. (2003). Computer crime. In C. Reed & J. Angel (Eds.), Computer law (pp. 295–329). Oxford University Press.
• Walker, S., & Katz, C. M. (2012). The police in America. McGraw-Hill.
• Wall, D. S. (2001). Cybercrime and the Internet. In D. S. Wall (Ed.), Crime and the Internet (pp. 1–17). Routledge.
• Wall, D. S. (2004). Digital realism and the governance of spam as cybercrime. European Journal on Criminal Policy and Research, 10, 309–335.
• Wall, D. S. (2005). The Internet as a conduit for criminals. In A. Pattavina (Ed.), Information technology and the criminal justice system (pp. 77–98). SAGE.
• Wall, D. S. (2007a). Cybercrime: The transformation of crime in the information age. Polity.
• Wall, D. S. (2007b). Policing cybercrimes: Situating the public police in networks of security within cyberspace. Police Practice and Research, 8(2), 183–205.
• Wall, D. S., & Williams, M. L. (2013). Policing cybercrime: Networked and social media technologies and the challenges for policing. Policing and Society, 23, 409–412.
• Willits, D., & Nowacki, J. (2016). The use of specialized cybercrime policing units: An organizational analysis. Criminal justice studies, 29(2), 105–124.
• Yar, M. (2013). Cybercrime and society. SAGE.

### Notes

• 1. For digital evidence to be admissible in a court of law, it has to be an unaltered, exact duplicate of the original file(s) (see Holt et al., 2017; Vacca & Rudolph, 2010).

• 2. COVID-19, also referred to as the novel coronavirus, is a highly contagious virus that typically spreads through respiratory droplets from coughing, sneezing, or talking (see Anscombe, 2020; Food and Drug Administration [FDA], 2020).

• 3. Since many of these reports are based on self-reported cybercrime incidents, these figures can be regarded as an underestimated, conservative sum of cybercrime costs to society (Dodge & Burruss, 2019).

• 4. NICCS (2022) provides comprehensive digital forensics training to a wide audience, including federal employees, educators, military personnel, cybersecurity professionals, and members of the general public. NICCS offers more than 6,000 digital forensics and cybersecurity-related courses, including specialized training and certifications on cloud security, penetration testing, and incident handling.