Abstract
A common observation in the literature on cyber-crime policing is the need for more training. However, there is little detail of who within the police organisation requires training and what type of training may be needed. Based on survey and interview data from three specialist cyber-crime units in Australia, this article identifies that ‘lack of training’ is likely to have distinct meanings for different groups within the police: (a) front-line officers, (b) higher management, (c) generalist investigators, and (d) specialist investigators and civilians in cyber-crime units. Each of these groups is likely to face unique training needs that undermines the overall effectiveness of police organisations to respond to cyber-crime. The article explores the perceived training requirements across each of these groups and some potential ways in which they can be addressed in an effort to stimulate further research in this area focusing on the differentiated internal needs of police organisations.
Introduction
It has been amply demonstrated in the literature that cyber-crime issues are an increasing burden on police organisations (Bossler and Holt, 2012; Broadhurst, 2006; Griffiths, 2000; Harkin et al., 2018; Holt and Bossler, 2016; Hunton, 2010; Loveday, 2017; Leukfeldt, 2017; Leukfeldt et al., 2013; Tetzlaff-Bemiller, 2011; Willits and Nowacki, 2016). As cyber-crime continues to increase in ‘frequency, scale, sophistication and severity’ (Australian Cyber Security Centre, 2017: 16), police organisations are compelled to respond and improve their preparedness for tackling cyber-crime. To date, much of the literature highlights the various ways in which police organisations are currently under-prepared or struggling to improve their overall capacity to manage citizen requests for help or execute more effective investigations and prosecutions of cyber-offenders (Dupont, 2012; Gogolin and Jones, 2010; Harkin et al., 2018; Lepanen et al., 2016; Marcum et al., 2010; Nhan and Luey, 2013; Vincze, 2016; Wall, 2007; Wall and Williams, 2007).
One particular message and theme that emerges in the literature is the need for ‘more’ or ‘better’ training in technical understandings of cyber-offending. As examples, Hadlington et al. (2021: 1) outlines the ‘ineffectiveness of current training’ and the need for ‘clearer training’ for all officers; Holt et al. (2019: 919) suggests there is a need for ‘educational and training programmes to improve the views of constables’; Cockcroft et al. (2021: 1) details a range of concerns about the ‘effectiveness of existing training arrangements in facilitating the development of cyber skills within police officers’; Harkin et al., (2018) suggest ‘broader training and up-skilling’ is required; research by Schreduers et al. (2020: 336) suggests that there was ‘a lack of structured or formalised training and that this impeded effective practice’; and official policy documents often make reference to the need for improved ‘capabilities’ including ‘digital training for investigators’ or training in ‘general digital awareness’ (College of Policing, 2015: 16; see also Hitchcock et al., 2017; Home Affairs Committee, 2018). It is common for scholarship or policy documents in this field to emphasise the need for improved ‘training’.
Although the need for better ‘training’ has been thoroughly established, there has been less articulation about who exactly needs that training, what that training should look like, and what particular problems this training should aim to solve. To that end, this article aims to explore the particular problems created by a ‘lack of training’. Doing so will create an improved outline of the kind of training required to improve overall police responses to cyber-crime. Using original data collected in Australia with three specialist cyber-crime units from separate police organisations, the perceptions of those who work in these specialist roles are used as key insights into police preparedness and capabilities in relation to cyber-crime. It is worth emphasising at the outset that the organisations to which these cyber units belong are large by international standards – averaging over 15,000 employees – and have jurisdiction for significant geographical areas. As such, each organisation has clearly defined internal boundaries with regard to the division-of-labour. Specialist cyber units perform formal and informal ‘boundary-spanning’ (Giacomantonio, 2014) functions, both vertically and horizontally, including providing operational advice to general investigators in the field and other specialist units focusing on technical crimes, and strategic advice to police executives on the current and emerging challenges presented by cyber-crime. Indeed, all three units were working on strategic proposals to police executives relating to police responses to cyber-crime at the time of this research. Members of such units are thus in a unique position to address this topic because of their central position in intra-organisational networks of police responses to cyber-crime (Whelan and Dupont, 2017).
Using the perceptions of members of cyber-crime units, it is argued that lack of training is likely to create problems for four distinct groups of police employees: (a) front-line officers who work in generalist roles in local areas; (b) higher management who are in positions of responsibility for organisation-wide policy and strategic decision-making; (c) general investigators in local areas or various other areas within police organisations as well as low-skilled investigators working in specialist cyber-crime units; and (d) highly skilled specialist cyber-crime unit investigators and digital forensic analysts who are performing the most technically sophisticated forms of police investigation and inquiry. Each of these groups faces unique training challenges. In other words, ‘lack of training’ looks very different for a front-line officer compared with the demands placed on a digital forensic analyst. These groups face different challenges and strategic approaches to redress these problems must be cognisant of how to respond to their unique, situational needs. Recognising these differences will shape approaches for strengthening how the broader police organisation can better respond to cyber-crime and advance the literature beyond simply suggesting that ‘more and better training is needed’.
This article is organised in three key sections. First, we outline how the data from the three specialist units in Australia were obtained, elaborating on how the perspectives of staff within these units are a useful focal point for considering the type of ‘training’ reform the whole police organisation needs. Second, we depict how ‘lack of training’ creates unique problems for each of the four groups identified above. Original data are used to describe the differing challenges created with respect to technical knowledge shortcomings. And third, a reflection is provided on how to formulate more effective plans for ‘more and better police training’ in the area of cyber-crime. This section also considers some of the challenges and tensions that would need to be overcome to address training needs as well as highlight areas for future research.
Data and methods
The data presented in this article come from exploratory case study research (Yin, 2014) examining three anonymous cyber-crime units as part of a larger, ongoing research project focusing on the design and functioning of specialist police cyber-crime units. It is important to note that policing in Australia is state-based, meaning that the police organisations to which the cyber units belong are large agencies that service both metropolitan cities and regional areas. The states in question have a population of well above 2.5 million people and jurisdictions that reach across hundreds of thousands of square kilometres. Each of the respective police organisations has a wide range of specialist units concentrating on various crime categories (although, as described shortly, the specialist cyber units are relatively small). In terms of size (although not geographic jurisdiction), reasonable comparisons in the United Kingdom would include police forces such as the Greater Manchester Police and some of the mid-range municipality police in the United States. Australia also has a dedicated federal police service, the Australian Federal Police, which has a key role in managing cyber-dependent crimes and is a member of the Australian Cyber Security Centre (Australian Government, 2020). State police organisations tend to focus more on cyber-enabled offences, with the specialist cyber units assuming responsibility for the more serious and complex cases. As a condition of the research agreements, the three units are de-identified.
The cyber-crime units studied were organisationally and functionally different. For example, two of the units situated their digital forensics teams within the cyber unit, whereas one organisation placed the digital forensics elsewhere. In all cases, the digital forensics team serviced the whole police organisation regardless of their specialist unit membership. One of the cyber units was responsible for investigating online child exploitation offences, whereas in the other two organisations this was the domain of another specialist unit. In terms of tasking, two of the units were responsible for managing online cyber-crime victim reports, whereas in one case this responsibility resided in another independent unit. In general, the specialist cyber units assumed responsibility for more ‘serious offences’ involving a minimum threshold in terms of offending complexity and victim impact, and this was defined independently by each organisation. All of the units had a mixture of sworn and unsworn officers employed, although one unit had significantly fewer civilian staff. Although the size of the units did vary depending in large part on how they were structured, they generally comprised between 20 and 40 staff. These staff tended to play formal and informal roles in advising many areas of their respective police organisations on investigating lower levels of cyber-offending while taking on cases for themselves when they reached a certain threshold of seriousness. The units also have a variety of other roles, including providing input into the basic levels of training on cyber-crime afforded to new recruits and strategic functions such as advising police command on current and emerging challenges with regard to cyber-crime. Members of cyber-crime units are thus in a position to provide unique insights into the cyber capabilities and needs of the whole police organisation.
In terms of data collected, this project deployed a mixed-methods approach of surveys and in-depth interviews. A survey was developed to collect baseline data on the design, composition and responsibilities of the units. Additionally, respondents graded a number of statements on a Likert-scale. For example, ‘My internal training prepared me for my current role’, ‘Working in cyber-crime requires intimate knowledge and skills of IT’ and ‘I have received sufficient training and skills to understand and tackle cyber-crime’. The survey was developed using Qualtrics and was disseminated digitally to all members of each agency's cyber-crime unit with the support of an internal police contact. It should be noted that the survey data were used to collect descriptive statistics from a relatively small and targeted population. It was not necessary to perform any regression analysis or bivariate analysis for the purposes of the research. In addition to collecting baseline, descriptive data, a principal purpose of the survey was to identify themes to focus on during qualitative interviews. The research team visited the offices of each cyber-crime unit to conduct face-to-face interviews. Interviews were used to gain in-depth knowledge of the functioning of the respective units and the perceived challenges faced by staff. For example, interviewees were asked to tell us about their role and what they perceive to be the requirements for effective police responses to combatting cyber-crime. The interview data provided the most relevant and significant data for the themes explored in the article.
A total of 66 respondents completed the survey and 43 members were interviewed across the three specialist units. The interview respondents were a mix of ‘sworn’ and ‘unsworn’ staff. The significant majority of ‘unsworn’ civilian staff who participated in this research held positions as digital forensic analysts. The ranks of the ‘sworn’ staff who participated in this research varied. This article cannot provide a breakdown of the exact ranks of each of the participants because police organisations in Australia have certain unique rank titles which would reveal the organisations who participated in this research. However, it can be said that the majority of interviewee's were at a rank equivalent to a sergeant, and participants were between the range of a senior constable up to the lower ranks of commissioned officers. See Table 1 for a breakdown of the balance between sworn and unsworn participants across the case study organisations.
Total sample breakdown.
Data were a purposive and targeted sample and not intended to be representative across each of the organisations. The claims made in the article reflect the perceptions of our interview participants and should be viewed as the perspective of those who work in the specialist units. Survey responses provide a general impression of the perceived inadequacies of training regimes currently offered by respective police organisations. However, the interview data provide richer understandings of the specifics of what problems are created by a current ‘lack of training’ and the perceived needs for improving police responses to cyber-crime. We therefore draw mostly on interview data in this article. Interview data were coded and analysed using NVivo 11, where a thematic analysis was undertaken (Guest et al., 2014). Each transcript was initially examined with a number of broad themes emerging and was subsequently re-examined and several sub-categories identified. Lack of training and general under-preparedness of the respective police organisations for the scale and complexity of cyber-policing were some of the themes that emerged from the interview data across all organisations studied. The four areas of the police organisation that are the focus of this article emerged organically from these interviews. It should be reiterated that it is the personal views of interviewees that are quoted and these views are not necessarily representative of their respective organisations. The quotes used in this article have been selected based principally on their informative value rather than engaging in a representative analysis among the data sample. It should also be noted that interviews were semi-structured and therefore not every participant was asked the same series of questions. Participants were probed on the issues they felt were the most pressing priorities and challenges facing the specialist units and the wider police organisation, and therefore this article makes no claims about the ‘representativeness’ of their perspective across the specialist unit. We would emphases, however, that the key themes identified were present in each case study organisation and articulated by key members who have a strong vantage point on the issues discussed.
There are two main limitations with the data and approach. First, as with all case study research (Yin, 2014), generalising from the findings should be approached with caution. The study has noted, however, several themes across three major police organisations despite significant differences between them. We therefore believe many of the themes are likely to apply to many local policing organisations in a variety of contexts. In particular, the findings are likely to be more relevant to larger police organisations that are functionally differentiated rather than smaller organisations where these internal boundaries may be less structured and defined. We would also emphasise that we are focused on local police organisations, which have quite different capabilities and resources from federal ones that specialise in more complex and serious types of cyber-crime.
Second, as noted above, we have approached our research questions from the perspective of specialist cyber-crime units. We are unable to ascertain the extent to which such views are shared among other members of police organisations. Nonetheless, given the central position of cyber units in intra-organisational networks of cyber-security governance, we contend they are likely to have unique insights into the requirements of police organisations that are at least worthy of exploration. It is also common in network research, for example, to explore the structure and dynamics of a larger network from the perspective of one focal actor due largely to the methodological challenges of studying ‘whole’ networks (see, e.g. Provan et al., 2007). The current study is no different. Although ideally research would extend to the whole organisation to be able to examine the impacts of ‘lack of training’ to the four principal areas we focus on – front-line policing, management, generalist investigators and specialist investigators – doing so is methodologically difficult if not impossible in the context of Australian police organisations. Indeed, this would require surveying thousands and interviewing hundreds of members in each organisation. For all of these reasons, we have focussed cyber-crime units as distinct focal point from which to examine perceptions of training needs and readers should keep in mind that this article makes no claim to their broader organisational representativeness. Our goal is that this will serve to inform future research into each of these four areas of police organisations.
Findings
‘Lack of training’
Survey data illustrate that staff within specialist police cyber-crime units tend to feel that, on balance, their organisation does not provide adequate training to account for new developments in technology (see Figure 1).

‘My organisation provides adequate training for new developments in technology’ (n = 64).
However, such data only superficially indicate that there is a problem with ‘lack of training’. Speaking with officers in an interview setting reveals a variety of struggles with their skill-set and their ability to perform inquiries relating to cyber-offences. In some circumstances, staff within specialist cyber-crime units notably received no specific training upon their recruitment: There is no training for a lot of the stuff here. You just bring the skills with you. So whilst we are a technical unit there is no training. You know, it's crazy.
‘Lack of training’ was not confined to the specialist units and was perceived to impact the wider organisation. Specifically, it creates unique problems for four specific groups of staff: front-line officers; higher management; generalist investigators; specialist investigators and civilian staff with high-tech roles. The following section outlines how deficiencies in training create situationally specific problems for each of these groups.
Perceived problems created by a ‘lack of training’
Front-line officers
As reported by the staff within specialist cyber-crime units, many have the impression that ‘front-line officers’ in local areas are insufficiently knowledgeable to handle the digital complexity of victims' requests for a variety of technology-enabled crimes. They are aware of this because they often are approached by these areas to take over investigations that have technical complications: But all our time is spent by investigations that are handed over from the LACs [local area commands], because it's become too complicated for them.
Although it was suggested that training officers in the front line was progressing and that ‘a police officer who goes through the academy now gets a pretty decent introduction to cyber-crime’ compared with how an officer ‘who went through the academy five or six years ago’ (Interviewee, case study C), there were still problems with front-line officers being overwhelmed by technological complexity. It was suggested that significant efforts have been made to ensure that ‘a member of the public can go to a station and try and report something and not get laughed at and turned away’ (Interviewee, case study C). However, a ‘lot of misunderstanding’ still occurs due to a lack of ‘education … about the cyber side of it on the front line’ (Interviewee, case study A).
Specifically, a number of problem areas were identified by the specialist units as a result of the perceived shortcomings of knowledge at the front line. For instance, digital evidence preservation was identified as an area that could be improved to help the wider organisation in circumstances in which police officers are handling a victim report or executing a warrant: … what you do when you see a computer … if you think that it has evidence how to deal with it. What to record? What to do, and more importantly what not to do. And if you believe that evidence has been lost, what to do to preserve it.
This can include skills such as understanding what an ‘email header’ is and how to extract source information (Interviewee, case study A), or how to identify an Internet Protocol (IP) address: We need to have it even on the front line … who are very important in the organisation, they need to know where to look. They need to know the basics about, you know, how to find an IP address. Or what is an IP address. What is the offence here that I’m looking at? They need to detect what the offence is and have knowledge of that before they start to investigate it.
As all the cyber-crime units identified, the lack of training of the front line meant the cyber units were taking on too many minor matters that are insufficiently ‘high-end’ for their specialist focus. As a result, they were looking to ‘educate the LACs … to offload the workload to them’ (Interviewee, case study B) and ‘go back to seeing us as an expert unit or a place they can call for advice’ (Interviewee, case study C). At the moment, this scenario was creating a situation where too many ‘trivial’ matters were being passed on to the specialist units because front-line police did not have sufficient understanding: Some of them are very trivial and do not have a high-skill sense – might be a standard eBay fraud, or an email threat, so general police have to do that.
Otherwise, it was suggested that improved front-line training could redirect low-level tasks back to local areas and relieve the burdens on the specialist units: stuff like that [low-level technical frauds] should go back to the regions, like the Craigslist and the Facebook and Twitter and stuff like that.
Higher management
Although many officers on the front line may struggle to manage tasks involving some element of technological complexity, knowledge shortfalls in this crime area can also create problems at higher management level. The current generation of higher management within police organisations, who make the major strategic and resource allocation decisions, are generally unlikely to have in-depth experience of cyber-crime investigation because it is a comparatively new crime type and an area few police have had direct experience in prior to the last decade. The ‘newness’ of cyber-offending means managers may well face knowledge deficits regarding cyber issues comparable with the front line. As a result, some of our interviewees suggested that managers can have a less than ideal level of interest and engagement with the needs of the specialist cyber-crime units, particularly in contrast to other units where there is a much longer history and shared understanding of their role and contribution to the police organisation.
Lack of knowledge on the part of higher management creates a number of difficulties for communicating and understanding the needs of the specialist units, in addition to the needs of the wider organisation. As outlined by one member of a specialist cyber-crime unit, when management do not have sufficient understanding of the technicalities of cyber-offending and cyber-investigation, the possibility of getting support for and implementing necessary reforms is diminished: It just gets really hard to explain certain concepts to them when they just, they are just looking at you like there is something wrong with you. … Given it is the boss that we’re using to push our case to get further training, if he is not across why we need training, it's kind of, there is no point. You are banging your head against a wall.
The perceived lack of understanding at executive level of cyber-related matters was identified in multiple organisations, and was suggested by those in specialist units as hampering the overall organisation's ability to respond to cyber issues: But the people who make the decisions and sign the cheques and so forth – who make the plans to further things in the next year and thereafter – I do not see a lot of indications that they really understand how quickly things have changed. How quickly you can lose capability if you are not already keeping up with changes, if you do not have equipment, or time, or flexibility.
Although the quotes above illustrate how ‘lack of training’ at executive level is perceived to create specific problems for the specialist units, a similar dynamic is likely to play out across the organisation. Management are likely to be under-skilled on issues of cyber-offending and cyber-investigation and this has ramifications for strategic decision-making, and their understanding of the practical challenges facing police dealing with cyber-crime. As the interviewee immediately above emphasises, even if management had this capability at one point in time, keeping this knowledge up to date is a significant challenge for them given their competing priorities and time commitments.
General investigators
Another group within the police who currently face issues due to a ‘lack of training’ on cyber matters are general investigators who typically have low (to moderate) tech-skills. This can include investigators from local areas as well as a range of specialist units focusing on areas such as drugs, organised crime and counterterrorism. We also include here investigators who have recently been rotated into specialist cyber-crime units and have no particular training or technical aptitude: I felt I should have had a basic induction course in computer science, criminality and the internet, those types of things – which I’m picking up as a I go along. … I think there needed to be some sort of induction training specifically based on cyber investigations. … So that when you get there [to the cyber unit] you can show that you have got that level of understanding and they know where to start you and what courses would benefit you.
In specialist units, the lack of training of incoming investigators can create a number of issues. For example, the distribution of responsibility and workload becomes over-burdened on those who do have the knowledge and skills: The problem is they don't do the job because they don't have the knowledge. So then other people get loaded up. … So that means that those people who do have the knowledge get hammered with them. … So you could have a staffing of 24 for example, if you got three or four that do not have the knowledge, you almost lost a quarter of your staff from the get go. So now you are 25% down on jobs you can take through the door.
This dynamic was observed in multiple specialist units, whereby technically unskilled investigators were placed in specialist units and their higher skilled colleagues had to ‘pick up the slack’ to address their shortcomings: We have had promotion of detectives who are totally unsuitable and we have had to find work for them. … (They) did not have the aptitude and it was really bad for us. Because apart from anything else, we cannot give our people justice of them having to pick up the slack of somebody who cannot do the work, who may be well-intentioned. … You have got to have the technical background in this area.
The skill level of investigators who are often rotated into the specialist cyber-crime units from elsewhere demonstrates the cross-organisational problem of low tech-skilled investigators who are under-prepared for 21st century offending and crime investigation. Similar to how specialist units take on more work from the wider organisation as a result of low-tech skills elsewhere, within the internal dynamics of the units, certain highly skilled operatives are over-burdened. Certain low tech-skilled staff can often ‘sink’ and become a burden to their colleagues: It is always difficult to watch a colleague sink, but just knowing if they had a little bit of background knowledge they would not be sinking as quickly. … Being a detective – and being a detective for a while – does not automatically correlate to having good technical skill.
Staff in this position require adequate training to avoid ‘sinking’. At the same time, it was viewed by many that investigators do not necessarily need to know the fine detail of how ‘computer networks operate’; they just need to know how to ‘put people before the court’ (Interviewee, case study B). In this respect, the goal of training low-skilled investigators is not to give them tertiary level qualifications, but adequate training to avoid ‘sinking’ or retaining the capability to conduct technical investigations. Likewise, the digitisation of many aspects of society inevitably creates a need for investigators of all stripes to have cursory knowledge of digital technology, regardless of whether they are in a specialist ‘cyber’ unit or not.
Specialist investigators and civilians with high-tech roles
Finally, investigators and civilian staff with high levels of technical skills, such as digital forensic analysts and very experienced specialist cyber-crime investigators, have their own training needs. ‘Lack of training’ for these staff refers to their ability to perform high-end investigation functions such as performing analysis on a server, utilising programming skills to create in-house tools, having a sophisticated understanding of system-penetration techniques, knowing how to analyse a network system log, retrieving data from a computer, working around encryption barriers, understanding the vulnerabilities of an operating system, reverse engineering malware, performing ethical hacking and so on. Staff within these positions need to develop skills on a wide variety of very specific technical issues.
Although many staff within the police (including civilians) may have the capacity to perform some of the above, the field circumstances are evolving so swiftly that ‘training’ is a constant challenge. Unfortunately, such training is often not available within police organisations and has to be sourced from expensive, external providers. As described by one interviewee, training is much too expensive to cover all the required needs, and as result, equity issues emerge as to who gets trained and for what: For a two-day training course. It is just expensive. Let alone putting them through university at $2000 or $3000 a unit; it becomes very, very expensive. There are guys I know that are getting frustrated now because they are not getting trained. Or what they thought that we get. And that is difficult for a lot of them to deal with. Because they want to have training and do the role. … So there is a lot of back-and-forth to try to prioritise which training you can do. And of the staff who can do it. And then balancing what is fair and equitable. Some people on training and some others not getting in the training. Because they are not as efficient or as smart as somebody else. Is that fair? Trying to balance that is very difficult.
Moreover, ‘lack of training’ for staff in this position can be more than a question of technical aptitude; for example, it can also be training around legal matters (see also Bleakley, 2019). Staff need to know what they can do legally, and what is useful for legal processes, regardless of the technical capabilities: We also need capable investigators because that is one thing to have someone that is cyber capable. But then if they do not know the legislation, they do not know investigative procedures, they cannot interpret the laws … that ultimately makes it a bit void. So it is very hard to get both of those in one person.
‘Lack of training’, therefore, for staff with high-tech roles is a very different training problem than that facing higher management or the front-line officers, for instance.
Discussion
According to the perceptions of staff within specialist cyber-crime units, ‘lack of training’ in matters of cyber-crime and digital investigation is perceived to be a significant problem for different groups of staff within police organisations. Furthermore, those problems are distinct and unique for each of the four areas of the organisation. Only limited numbers of staff need to have advanced understandings of how ‘computer networks operate’, whereas a much larger number need to understand what an IP address is and how to retrieve it. ‘Lack of training’ currently affects front-line officers, higher management and investigators (low-skilled and highly-skilled) in different ways. Each of these groups faces situationally specific training problems that undermine their capacity to execute their functions. Front-line officers can face citizen requests for assistance that they cannot understand or respond to; management are at risk of under-appreciating the full complexity of what is required by specialist cyber-crime units; investigators can become stumped when matters are even mildly technically complex; and specialist investigators can struggle to acquire the skills they need to respond to sophisticated cyber-offending.
These problems are identified by the specialist units as interacting and compounding. Struggling front-line officers can pass too many tasks onto the specialist investigators because it is beyond their skill-set; low-skilled investigators can over-burden high-skilled investigators; and higher management can fail to support the training needs of the staff if they do not have a sufficient understanding of the practicalities involved. In this respect, the overall police organisation eco-system suffers from a knowledge deficit that is circumstantially different but interacts and has cumulating effects. These overall struggles reduce the capacity of the police to respond to cyber-offending. We make no claim that the four groups we have identified in this article are the only groups that are relevant. For example, there are likely to be a wide range of roles such as crime or intelligence analysts that could also benefit from enhanced training in relation to cyber-crime (Western et al., 2019; 2020). Nonetheless, our overall goal in this article is to illustrate that improving the overall capacity of police to respond to cyber-offending and better provide for victims must first recognise that efforts to improve training needs to be situated within the complexities of the police organisation.
Although detailing the specific content of such training is beyond the scope of this article, we are able to make a number of observations that will hopefully stimulate further research into each of these areas of the police organisation. For example, our findings suggest that all members of police organisations (including front-line officers and higher management) would benefit from a training package that addresses the essential components of cyber-crime, its different forms (including cyber-enabled and cyber-dependent; see Wall, 2007), and the ways in which police are likely to be confronted by it (i.e. the many victim-related harms). A similar observation has been made by others (Leukfeldt et al., 2013). As some of our interviewees have acknowledged, select aspects of this training are now being incorporated into the curriculum of police academies, meaning new recruits will have some knowledge of cyber-crime. However, it may be necessary to expand this to existing members of the organisation, as this is clearly the only way to systematically upskill the organisation as a whole. It is feasible to envisage this training could be developed internally by police organisations similar to other areas of policing training (Peeters, 2010). Again, it is beyond the scope of this article to detail each of the training packages that should be developed, and in any case, this should be a task for police organisations to manage and align with their specific needs.
In addition to this general training across the organisation, we suggest that higher management would benefit from a tailored package that approaches cyber-crime more on a strategic level while also improving technical knowledge and understanding. Examples include educating police command on the different types of cyber-crimes, their trends (locally and globally), and the ways in which each type is investigated. It goes without saying, however, that training in the area of cyber-crime is less applicable for those managing traffic and routine operations compared with individuals responsible for specialist command units involving areas such as online child exploitation, organised crime, terrorism and, of course, cyber-crime. Although the term ‘higher management’ has been used loosely in this article to denote senior police executives, we fully recognise that it is a term that demands nuance before training in this area were to be designed and implemented. This requires recognising the diverse ways in which police organisations are structured as well as geographically and functionally differentiated; or what Sheptycki (2017) calls the police division-of-labour. In a similar manner to the above, training for higher management could be developed internally, with input from established specialists from police cyber-crime units.
Training for investigators includes those in local regions and other specialist units as well as those entering specialist cyber-crime units. This training could include more advanced curriculum on the types of cyber-crimes and how to investigate them. For example, this might include confronting virtual private networks, Tor and forms of encryption to assist with tasks focused on actor attribution. There may also be utility in addressing the fundamentals of technical crimes such as an introduction to the dark web, ransomware, malware and other common forms of threats or attacks that impact larger numbers of people. In short, the principal aim would be for investigators to be able to address cyber-offences of a lower complexity so that dedicated cyber units can focus on the more serious or technically sophisticated offence types. This training could be developed and delivered internally and, once rolled out, would provide all investigators with the opportunity to complete training before entering cyber units. Some interviewees in our study suggested that an induction package is essential for those joining cyber-crime units, but they also noted that this may not be as critical if the technical skills of investigators were improved overall.
The final group we have identified in this article concerns those that are already in specialist units with high-tech roles. Each cyber unit we studied had a small number of individuals of ‘high’ technical skill, either as expert investigators or civilians in key support roles. These are those investigators that have sufficient skills to investigate computer intrusions, network penetration, and perform professional-level digital forensic analysis (like the forensic examiners discussed in Belshaw and Nodeland, 2021), and so on. Some have acquired unique expertise and skills in areas such as covert online engagement and investigating crypto markets. They may have done expert training such as ethical hacking courses and studied privately at universities, often prior to joining the cyber-crime units. In the context of our interviewees, most people in this category had trained with the Australian Federal Police and completed courses in person with international agencies such as the Federal Bureau of Investigation, which adds considerable costs. This is the one area of training at the moment that most police organisations would struggle to develop internally. It is critical to recognise, however, that police organisations are going to require increasing numbers of people with such expertise (see also Belshaw and Nodeland, 2021). Interagency collaborations could be explored to develop and deliver such training in a more cost-effective manner.
We also note there are a number of tensions with regard to the suggestion for more police training. First, the costs and other resourcing considerations are likely to be considerable. Second, it has been suggested that police generally do not value training if they do not see it as central to their role. It is, as such, very important that police see the relevance of cyber training to their current role and responsibilities (see also Hallenberg and Cockcroft, 2017; Huisjes et al., 2020). The structural and cultural barriers to training the police and responding to their complex needs should not be underestimated (see, for example, Schreuders et al., 2020), and it is recognised that identifying training needs is much easier than addressing training needs. Third, recent questions have been raised about the method of delivering training. Although some have noted that police tend to prefer face-to-face over online training (Cockcroft et al., 2021), it is likely that online training is the only feasible way to reach the whole organisation, particularly in larger organisations, given the resource impacts of other modes of delivery. Training for investigators and specialists, however, is more likely to benefit from a face-to-face component. Fourth, training in an area such as cyber-crime can very quickly become out of date, almost certainly more quickly than other crime types. Research has also identified that the effectiveness of cyber-crime awareness and training programmes decreases over time (Leukfeldt, 2017), and the currency of any training package is very limited in this field. Regular training and ongoing curriculum development are therefore likely to be needed, which again increases costs and time commitments against other responsibilities police perform. However, the longer police take to recognise the strategic importance of cyber-crime and initiate more work to improve their capabilities in this area, the more difficult these highlighted tensions will be to overcome.
Conclusion
The literature on police responses to cyber-crime is growing but is still ‘under-developed’ (Willits and Nowacki, 2016), with only a ‘few empirical studies’ (Bossler and Holt, 2012). But that literature has commonly identified ‘lack of training’ as a problem (Leukfeldt, 2017). As Cockcroft et al. (2021: 18) argue, ‘[i]f cyber knowledge remains the domain of police specialists, the wider field and the habitus of non-specialist officers will continue to fail to recognize its importance’. We agree, but note the risks are much deeper than this and arguably are still not fully known. The current article attempts to develop that idea and show that ‘lack of training’ is likely to be relative for different groups within the police, and that it creates different problems depending on the group in question. Front-line officers, higher management, general investigators and specialists face circumstantially unique challenges that interact and compound one another. Future development of any agenda to up-skill the police and improve their capacity to address cyber-offending must be cognisant of these differing training needs. Specialist cyber-crime units are likely to be essential and important for the foreseeable future, but gaps between their skill level and the rest of the organisation need to be closed or bridged through targeted training.
The article outlines an initial overview for addressing these respective training deficits, while being aware of the many inherent cultural, economic and technical challenges of up-skilling large police organisations. It serves as a starting point for considering diverse training needs of the police organisation. It is hoped that further research focusing on the internal needs of police organisations can examine more fully the specific requirements of training needed within these four areas and potentially others to be identified. These differing training needs must be met to improve the overall capacity of police organisations to better respond to growing levels of cyber-offending.
Footnotes
Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Funding
The author(s) received no financial support for the research, authorship and/or publication of this article.
