Cybercrime in Social Media: Theory and Solutions is a recent book edited by Pradeep Kumar Roy and Asis Kumar Tripathy and published by CRC Press. It provides a collection of papers on social media and cybercrime as well as issues like fake news and offensive language. In this post, I am commenting on one of the papers in the book titled, A Double-Edged Sword Called Cyberspace: Introducing the Concept of Cybercrime, by T. Smith and K. Haines.

Navigating the Murky Waters of Defining Cybercrime:

The authors begin the paper with the fact that technology has come to permeate every area of life for much of the world. They state that “more than half of the world’s population has Internet access” and that “even home appliances are connected to the Internet” because of “lower technology prices, governments’ drive for increased Internet access, and the formation of digital communities…” However, while all of this seems very good, another fact is quickly revealed, which is that “criminals have followed the world into the digital realm.”

The authors then indicate that cybercrime “is… a very broad term as it includes both crimes where technology is used or targeted as part of the criminal act.” In other words, a crime can be categorized as a cybercrime if computers are used to commit the crime or if the target/victim of the crime is a digital system. Later, the authors describe cybercrime more fully as, “an act that violates the law, which is perpetrated using information and communication technology (ICT) to either target networks, systems, data, websites, and/or technology or facilitates a crime.” They cite multiple sources for the development of this definition and acknowledge that “no universally accepted definition” exists.

Why is it so hard to define cybercrime? It is because the term cyber has come to many things to many people. Crime, as a term, is quite easy to define. In the legal sense it is any act that includes breaking a law within the boundaries of a government that defines that law. Cyber, on the other hand, is another story. For many, it means anything that has anything to do with computers.

The Broad Brush Approach: Why All Crime Isn’t Cybercrime:

Therefore, the widest definition of cybercrime would be any breaking of the law that has anything to do with computers (either as the tool used to commit the crime or as the target of the crime). In this loose definition, taking a baseball bat to a computer that doesn’t belong to you would be considered a cybercrime.

To make matters worse, while some do not consider the baseball bat incident previously stated as a cybercrime if one stole that same computer and it resulted in a Denial of Service (DoS) scenario (for example, the computer was a server that provided connectivity to important business applications), it would be a cybercrime. For me, I prefer a somewhat constrained definition. Instead of any crime that is enacted with or against a computer, I prefer to define cybercrime as follows:

an illegal act that is performed within or impacts a computerized digital domain.

Cracking the Code: A Constrained Definition of Cybercrime:

In this context, I would define digital domain as an environment bounded by digital or computerized communications. In other words, it’s only a cybercrime if it takes place in the digital domain or impacts the digital domain. You see, we cannot have a boundaryless definition of cybercrime. If we do, it’s just crime and we cannot effectively develop systems, behaviors, and policies to protect against it. By setting a domain boundary, we enable the development of protection mechanisms.

Equipping Your Organization for Defense: Why Defined Concepts Matter

So, whether you agree with this constrained definition or not, ensure that you have defined the concepts of cybercrime, cyber-security, cyber-safety, and others within your organization. This will allow you to identify and implement effective security mechanisms.

Cybersecurity breaches are no longer a matter of “if,” but “when.” The question is, will your team be prepared to minimize the impact and disruption? The AACSP CyberSecure course provides the practical skills and knowledge to identify, prevent, and mitigate cyber threats, ensuring business continuity and protecting your bottom line. Invest in your future, invest in CyberSecure.