Most of the nation-states have laws and regulations regarding cybersecurity in existence since 2014, with fewer added later on (
Burr 2015). For a variety of reasons, effective legislation and regulatory implementation remain a major challenge. Among these is the fact that cybersecurity laws and regulations must pass through several institutions, both public, semi-public, and private. All these institutions have overlapping processes that impede their effective implementation. Because of these overlaps, the country’s administration’s complicated pyramidal structure, and a lack of cooperation across agencies, the execution of current rules is difficult to observe and deploy in its completeness. Nevertheless, the information sector’s rules are the responsibility of numerous authorities, the primary role of which is to “guarantee that the cybersecurity process must be carried out rigorously in compliance with all applicable by-laws.” They are generally (but not exclusively) under the supervision of the Ministry of Information Technology. Nonetheless, numerous other ministries, such as the Ministry of Interior and the Ministry of Science, have major powers in the formulation and execution of different policies and instruments in the information technology industry at large (
Tene et al. 2017).
It should be noted that collaboration across all ministries in the security process is quite weak. This may be evident at the legislative, administrative, and policy implementation levels, which eventually leads to inadequate execution and implementation of existing laws and regulations (
L. J. Bikoko et al. 2019). This position raises additional worries regarding the nature of policy development in the country and in cybersecurity specifically. In this latter sector, it has been seen that cybersecurity breaches and, as a result, the collapse of cybercrime have approached an astonishing rate in recent years (
Rasool 2015). These results, as well as policy structures among several ministerial departments, may have contributed to the shortcomings.
Law enforcement is vital in states, thus more demographic knowledge is essential to have a detailed understanding of the elements that might affect law enforcement regionally (
Clark 2002). In the past, the state of mechanisms for law implementation development plans appeared to be the most important element in a country. Prior history of federal programs, resource availability, state wealth, or geographic location did not appear to have a substantial impact on policy formation, but there are some indicators that other elements may become relevant in the following stage of legislation implementation, policy acceptance (
Harbin et al. 1992). It indicates that several variables such as inadequate resources (
Burns et al. 2004), corruption (
Polinsky and Shavell 2001), insufficient knowledge, ambiguity about law enforcement (
Chopard and Obidzinski 2021), a willingness on the part (
Bolger and Walters 2019), and low confidence (
Hall 2012) are influencing progress in the application of cybersecurity regulations. These elements are detailed more below.
2.4.1. Corruption and Law Implementation
Law enforcement agencies oversee and implement laws designed to protect those who engage in cybercrime, Internet fraud, and cyberattacks. Corruption makes law enforcement a far less reliable weapon for minimizing and avoiding cybersecurity damages (
Kolstad and Søreide 2009;
Parker 2019;
Robbins 2000). Contributing to the difficulty is the reality that cybercrime is a minor issue for law enforcement agencies in many nations, specifically if they are under-resourced and confront a variety of other challenges to the legal system. Such crimes may even be seen as having no victims (
Williams 2019). Corruption is defined as the misuse of delegated power for personal benefit. Bribery and extortion, granting benefits in return for campaign donations, favoritism, and embezzlement, are all forms of corruption.
Corrupt behaviors frequently intersect with cybercrime, and corruption is frequently used as a “door opener” for cybercrime. Bribes or gratuities to support the international or domestic usage of unlawful or unauthorized hacking, ransomware and malware distribution, and denial of service; bribery for a favorable decision or other judicial process manipulation; employing illicit ways to launder the revenues of cybercrime and associated corruption are some instances of cybercrime-related corruption (
Williams 2019). Because of the prevalence and influence of corruption, efforts to decrease cybercrime through law enforcement may have unintended or unexpected consequences. This notion is illustrated by two basic approaches in which corruption may weaken law enforcement.
Throughout several historical decades, traditional states engaged in battles against different challenges in order to protect their freedom, territorial boundaries, socioeconomic equilibrium, sustained functioning, and development. In most present-day nations, owing to their elevated levels of development, societies are experiencing novel types of challenges due to the digitalization and swift development of cyber technology consisting of cyberthreats. Therefore, modern nations are obligated to propose efficient governmental policies to combat the aforementioned issues and protect information, preservation of national sovereignty, security, and continued survival in a transformed digital environment. Corruption poses a significant threat to virtual reality, as evidenced by previous studies (
Holovkin et al. 2021;
Richards and Eboibi 2021). Currently, the progress of the information state relies on the policies made by those in the government, in addition to its socioeconomic and technological aspects. If a country’s government involves corruption in the decision-making process across various disciplines, this indicates that corruption poses a significant risk to cybersecurity (
Abbas et al. 2021). Its significance is highly substantial because of the global development in informatization and the overall shift from conventional to digital paradigms. As corruption becomes more prevalent, the cybersecurity infrastructures of certain countries and the global world become increasingly susceptible to cyberattacks (
Bechara and Schuch 2021;
Hauser 2019;
Lallie et al. 2021;
Suwana and Sardini 2022). We argue that when a country’s government is involved in corrupt practices in policy-making processes, it is highly vulnerable to implement those laws. Based on the above discussions, we developed our first hypothesis as follows:
Hypothesis 1. The higher the perceived corruption in the society, the lower the likelihood of implementation of cybersecurity law.
Corruption can steer implementation toward less powerful entities and relatively low criminal activity. Lower-level offenses, such as traffic infractions or hunting, are not only relatively simple to detect, but they also present possibilities for law enforcement agents to extort bribes due to their superior position of power and influence in the scenario. When bribes are passed up the bureaucratic chain, this generates attractive benefits inside the administration to spend law enforcement resources on initiatives that maximize bribe collection potential. Where there are fewer options for remuneration, there is less motivation to pursue illicit actions. This also means that illicit actors who can afford to pay can avoid arrest or conviction (
Williams 2019). In Pakistan, for instance, corruption is contributing to the demise of Pakistan’s forest management system and highlighting the weaknesses of traditional anti-corruption reform efforts. The “crime and punishment method” and the “holistic approach” are the most frequently referenced reform strategies in the fight against corruption. The “crime and punishment” strategy necessitates strong enforcement mechanisms, which Pakistan lacks (
Chêne 2008;
Pellegrini 2011).
Adolescent communities that hold a disadvantageous position in the network of communication and social structures, particularly those who experience multimodal discrimination, are vulnerable to cyberbullying and cyberthreats and often experience negative psychological outcomes. Cyberbullying on the basis of discrimination is a pervasive worldwide social issue (
Hong et al. 2018;
Peguero and Hong 2020). Cyberbullying can emerge regardless of whether adolescent individuals possess discriminatory characteristics or personalities, although those with such qualities can be more susceptible. Previous studies discovered that discrimination-based cyber harassment tends to include a higher number of attackers, frequent instances, and prolonged periods compared to non-discriminated harassment (
Jones et al. 2023;
Navarro-Rodríguez et al. 2023). Recently, there has been a growing interest among academics in both conventional bullying and cyberbullying. Due to the absence of cybersecurity laws and of temporal and spatial constraints, cyberbullying can impact more extreme trauma on its victims compared to conventional bullying (
Bauman and Yoon 2014). Although discrimination and cyberbullying both arise from a social status asymmetry, it is the government that ensures equality and justice through the implementation of adequate policies in relation to cybersecurity. Additionally, it is worth noting that cyberbullying is primarily prevalent in teenagers (
Earnshaw et al. 2018), and the governments neglect this segment of society while making policies. Weinstein et al. highlighted that teenagers may encounter deleterious effects of different kinds when investigating the correlation between perceived discrimination and both offline bullying and cyberbullying (
Weinstein et al. 2021). We argue that in cases of significant discrimination among various segments of society, the government of a country is incapable of implementing stringent policies that apply uniformly to all segments. Based on the aforementioned discussion, we proposed our subsequent hypothesis as follows:
Hypothesis 2. The higher the discrimination in the society, the lower the likelihood of implementation of cybersecurity law.
- B.
Involved in the Eradication of Illicit Conduct
Prosecution, juries, and law enforcement personnel can all be influenced by politics or be motivated by corrupt motives. Corruption can lead to less repression of criminal acts, such as during case preparation. In Honduras, for example, state involvement was accused of the destruction of evidence in a lawsuit involving some of the country’s top timber corporations (
Goncalves et al. 2012). Despite the inability to gather and present important proof that might be attributed to a lack of capacity or inadequate resources, corruption and political meddling are frequently prevalent. Bribe payments to judges, on the other hand, have been shown to influence charge and penalty levels (
Williams 2019). Rendering to another research, personnel in Kenya’s Forest Service (KFS) have allocated forest areas for forestry and farming in return for unlawful bribes. Attempts to expel forest inhabitants in Kenya’s highlands have been regarded as a kind of rent capture and as part of wider historical methods of forced integration. Evacuations also eliminate key witnesses to criminal activity (
Cavanagh 2017).
Hypothesis 3. The higher the illicit conduct of government and law enforcement agencies, the lower the likelihood of implementation of cybersecurity laws.
2.4.2. Expertise and Law Enforcement
Cybercrime is one of our world’s most serious dangers, with far-reaching ramifications for national security, economic strength, and public safety. Investigating a wide range of cybercrimes and cyberthreats perpetrated by cybercriminals, hackers, extremists, and state actors is a problem for the state, regional, local, and territorial law enforcement agencies. To face this problem, cybersecurity law enforcement executives must guarantee that competent agency workers receive cybercrime training to gain skills in preventing cyberattacks or identifying perpetrators for prosecution in the case of such assaults.
With the advancement of technology and the global availability of the Internet, new forms of cybercrime are emerging daily. As per Mike Hulett, the director of operations of the UK’s National Cyber Crime Unit, cyber was engaged in almost half of all registered crimes in the UK in 2017. Furthermore, around 68% of significant UK organizations have been the target of cybersecurity breaches or assaults. Law enforcement is having a difficult time keeping up with the surge in cybercriminals’ numbers and the innovation of their techniques. Previous research suggests that the methodologies and processes employed by law enforcement in traditional investigations do not always apply in the cyber environment (
Brenner 2010;
Williams 2008). Consequently, to neutralize these technologically complex crimes, a new process must be adopted, as well as a new set of expertise and skills. This is critical because cybercriminals are typically technologically savvy and are always changing and developing innovative tools to stay one step ahead of law enforcement agencies (
Koziarski and Lee 2020;
Nurse 2018).
Technological expertise and skills are problems associated with the staff’s cyber competencies. In comparison to developed countries, developing countries have a shortage of trained technical experts working on cybercrime investigations. The majority are highly skilled investigators who have previously worked on street crime but are now transitioning to the cyber field due to the growth in cybercrime. Investigators are well versed in obtaining intelligence and investigative techniques, but they may not be as well versed in cyberspace. As a result, there are still unanswered questions about employee expertise and training in emerging countries. Due to the worldwide increase in cybercrime, this is unlikely to be a problem that exclusively affects this geographic area. Further training and expertise for the appropriate staff, as well as the development of technologies that are better suited to supporting user skills and activities, are all possibilities that could be pursued in the future. The ideal situation would be to provide easy-to-use procedures and technologies that would shorten the acquisition time for new cybercrime investigators (
Nouh et al. 2019).
Hypothesis 4. The higher the expertise of law enforcement agencies, the higher the likelihood of implementation of cybersecurity law.
2.4.3. Ambiguity and Law Enforcement
Individuals are expected to accurately appraise the likelihood of being penalized if they commit an offense under the civil law enforcement framework (
Becker 1968). Nonetheless, in real-life scenarios, prospective criminals usually have only a hazy understanding of their chances of being found and perhaps punished. They have beliefs about the likelihood of discovery and may be optimistic or pessimistic. For example, in the context of corporate taxation, taxpayers tend to exaggerate the likelihood of being subjected to an examination by the tax authorities (
Slemrod 2019).
Individuals’ decisions on whether to respect the law will be influenced by how they assess their chances of being caught. The likelihood of identification and indictment is uncertain, even though potential perpetrators are fully aware of the severity of the penalty. The fundamental reason for this idea is that punishments are frequently stated in sentencing guidelines or criminal legislation, but information concerning the likelihood of discovery cannot be provided. Furthermore, ambiguity about the severity of punishments raises concerns about the concept of equal treatment under the law (
General Assembly 2014). Assume Mr. X and Mr. Y perform the same offense under the same conditions. If Mr. X receives a 5-year sentence and Mr. Y receives a 3-year term, the disparity appears to be highly harsh (
Chopard and Obidzinski 2021).
Numerous theorists, based on the predicted general law enforcement framework (
Polinsky and Shavell 2007), suggest that potential offenders are aware of their chances of identification and prosecution. The purpose here is looking at how uncertainty about this probability affects the standard conclusions about the optimal punishment and the resources that benevolent public law enforcement should expend in investigation and conviction. (
Snow 2011) defines ambiguity as “uncertainty regarding probability caused by the omission of crucial and potentially available information.” There are various possible models of decision when there is uncertainty. In the context of cybersecurity law enforcement, two social welfare factors (populist and paternalist) are examined and determine the best implementation approach in each situation. The major distinction between the two techniques is whether the law enforcement should consider the disparity between the objective and perceived probability of a fine. Indeed, when people are pessimistic, this disparity may result in a perception bias cost (optimistic). A paternalistic state law enforcer does not consider the difference between the predicted and genuine penalty, but a populist law enforcer does (
Williams 2019).
The findings suggest that the level of pessimism of potential criminals be considered when designing deterrent strategies. Consequently, attitudes can have a significant impact on deterrence policy suggestions. Assume that people are pessimistic and overestimate their possibilities of being caught and convicted (
Chopard and Obidzinski 2021). It is argued that ideal penalties be reduced for two reasons: penalties may be viewed as expensive transfers if society considers mental anguish, and the perceived likelihood of detection is greater than the factual probability. In terms of the best way to invest in an investigation, the outcomes vary depending on the goal role of the law enforcement. When the law enforcer is populist, it is demonstrated that raising the likelihood and lowering the quantity of the fine may be socially acceptable provided the marginal cost of detection is sufficiently low (
Williams 2019). In such a circumstance, the fine is not always the maximum. Furthermore, under certain situations, it is feasible that the resources involved in identification are smaller than in the absence of ambiguity. Despite the weight of the beliefs, the objective likelihood of detection looks to be a less effective deterrent strategy in this situation.
Hypothesis 5. The lower the ambiguity in cybersecurity law, the higher the likelihood of its implementation.
2.4.4. Public Confidence and Law Enforcement
In a modern democracy, the study of public confidence regarding law implementation is considered significant since the security forces are thought to exemplify the moral integrity and legitimacy of the state (
Vaughn et al. 2001). Citizens’ impressions of law enforcement services could act as an indicator of a government’s performance in serving public needs and interests in this regard. Additionally, the public’s overall attitude toward the authorities (i.e., confidence in the law enforcement, contentment with the authorities, and faith in the system) can influence the prosecutor’s social control role through its impact on citizen support and collaboration (
Holmes and Goodman 2010;
Karakus et al. 2011). Public confidence in law authorities and the effectiveness of law enforcement agencies has been shown to boost citizens’ readiness to exercise opportunities to avoid cyberattacks and cybercrimes in society (
Gross et al. 2017).
Even though research conducted over the last three decades has revealed that the public at large has favorable perceptions toward the law enforcement agencies (
Karakus et al. 2011), differences in citizens’ attitudes have been discovered depending on the set of parameters (gender, age, socioeconomic level, civil status), neighborhood quality of life (disorder, fear of crime, neighborhood satisfaction), and interactions with the security forces (
Schafer et al. 2003). Nevertheless, it is crucial to highlight that most of the past studies have been conducted in the United States and other English-speaking/developed countries (
Benedict et al. 2000), and little is known about public perceptions regarding security services in developing countries (
Akhtar et al. 2012;
Jackson et al. 2014). The validity of current models and related outcomes clarifying variability in the public’s view of law implementation across different ethnicities and contextual factors is thus called into question, as current understanding may be constricted or even subjective because of the near-unique emphasis on the United States and other developed countries. According to the scarce study undertaken in developing nations, for example, the public sees law enforcement less favorably than the populace of wealthy countries. These unfavorable sentiments against the law enforcement agencies can lead to mutual ill will, a lack of respect, chaos, and ineffective law enforcement functioning (
Benedict et al. 2000).
Hypothesis 6. The higher the public confidence in law enforcement agencies, the higher the likelihood of implementation of the law.