Abstract
The rapid growth in the availability of information and communications technologies has also expanded opportunities to commit cybercrime. Law enforcement officers are often the first responders to such incidents. Internationally, research has revealed how police preparedness to respond to cybercrime is mediated by organizational policies and procedures, as well as characteristics such as education, gender, and previous training for cybercrime investigations. However, there has been limited research in an Australian context examining police preparedness to respond to cybercrime. As such, this article examines the preparedness of Australian police personnel to respond to cybercrime incidents drawing on surveys with two state-wide police agencies (n = 422). Here, we examine the prevalence of cybercrime training across both agencies, levels of individual and organizational confidence about responding to cybercrime incidents, and their views about enhancing responses to cybercrime. The results suggest only half of the surveyed personnel have received some cybercrime-related training, with significantly less reporting specific instruction about how to receive and direct incident reports and manage digital crime scenes. Further, while personnel are modestly confident in their individual capabilities to respond to cybercrime incidents, they lack comparative confidence in their organizations and yearn for more resourcing and professional development. Implications for police resourcing, training, and practices are discussed.
Introduction
The rapid uptake of information and communications technologies has created new opportunities for motivated offenders to target potential victims. As such, cybercrime is a growing social and financial problem. For example, the Australian Cyber Security Centre (ACSC, 2019, p. 5) indicates that Australians lose $890,000 to cybercrime each day. Such an estimate is only the tip of the iceberg, with the underreporting of cybercrime incidents contributing to a much larger “dark figure” of online crime (Tcherni et al., 2016). The harms of cybercrime are also broader than the estimated financial costs, with victims also experiencing physical and mental health problems (ACSC, 2015; Cross et al., 2016). As such, given the increasing integration of technology in everyday life (Lyon, 2013)—via computers, laptops, tablets, mobile phones and the Internet of Things—the threats posed by cybercrime are also likely to increase, placing greater demands upon law enforcement agencies to be effective first responders to reported incidents.
At the broadest level, cybercrime refers to illegal behaviors that involve the use of a computer system (Holt et al., 2018, p. 11). However, computers can be “used” to perform illegal activities in different ways. Many scholars suggest offenses can be divided into “cyber-enabled” and “cyber-dependent” crimes, which respectively distinguish between crimes that involve the incidental use of a computer system or those that require the use of a computer system (see McGuire & Dowling, 2013; Wall, 2007). For example, the use of social media to engage in harassment is a cyber-enabled crime involving the incidental use of an online platform. In contrast, the selling of “zero-days” (vulnerabilities in computer code) via a crypto-market is a cyber-dependent crime, requiring knowledge and use of computer programming, cryptography, and blockchain technologies. Further, cybercrime is inclusive of a broader collection of offenses categorizable as crimes against property (e.g. the theft of data following a cyberattack), crimes against morality (e.g. the distribution of obscene material using file sharing networks), and crimes against the person (e.g. stalking an individual using surveillance technologies or social media).
The diversity of these criminal offenses complicates the work of law enforcement agencies and demands a diverse range of strategies for effectively responding to cybercrime, including training and resourcing of police personnel, public education about online safety and data security, and collaboration with corporate and nongovernment organizations to effectively regulate online platforms (Button, 2020; Paek et al., 2020). Within this context, police are often the “first responders” to cybercrimes, and it is, therefore, important they can support victims and manage digital crime scenes (Bossler & Holt, 2012). Specifically, police ought to be equipped with the procedural knowledge necessary to assist victims to report cybercrime incidents (Cross, 2020, p. 371) and a basic understanding of digital forensics may be essential for responding to crimes that involve computers or networks (e.g. Wilson-Kovacs, 2019). For example, the authentication (and probative value) of digital evidence within Australian courts is dependent on the quality of digital crime scene management and the use of standardized digital forensic procedures (Mason & Stanfield, 2017). Police therefore ought to understand that directly interfacing with seized storage media (e.g. a hard disk drive) may disrupt attempts to recover deleted files that have been removed from the device's file system (Holt et al., 2019b; Karie et al., 2019). Similarly, interfacing with an encrypted device can disrupt attempts to recover complete or partial decryption keys from the device's memory (Hargreaves & Chivers, 2008). Finally, Australian police ought to understand how domestic jurisdiction for responding to cybercrime is established (i.e. establishing “cyber-jurisdiction”), given the shared jurisdiction of state and federal governments over telecommunications under section 51(v) of the Constitution of Australia (1900). Although it may be impractical for all police personnel to be equipped with specialist knowledge, the increasing integration of technology in everyday life highlights the importance of basic cybercrime investigation skills.
Within Australia, all cybercrime is reported via a centralized portal called ReportCyber. This portal is operated by the ACSC, who “decide whether it should be referred to law enforcement agencies for possible investigation” (QPS, 2019a: para. 4). Once the ACSC receive the initial complaint, they will refer it to the relevant state or federal police agency for assessment. Upon referral, most Australian jurisdictions have specialist units and authorized officers responsible for cybercrime investigations. For example, the Queensland Police Service (QPS) has the Financial and Cyber Crime Group (for investigating general cybercrime offenses) and Taskforce Argos (for investigating online child exploitation and abuse). Relatedly, device forensics for storage media is limited to officers that have been trained and authorized by the Electronic Evidence Unit (QPS, 2019b, p. 70). Similarly, the Western Australian Police Force has Technology Crime Services, which is subdivided into three specialized teams focusing on cybercrime investigations, digital evidence, and online monitoring. However, most police recruits receive limited instruction about responding to cybercrime incidents. For example, neither the Australian Federal Police (AFP, 2020) nor the New South Wales Police Force (NSWPF, 2020) includes cybercrime-specific training as part of their police academy curricula. The QPS (2020, p. 29) does provide basic computer training, yet this does not extend beyond how to access and use police databases. As a result, the preparedness of Australian police personnel to respond to cybercrime requires greater scrutiny.
This article thus examines the preparedness of Australian police personnel to respond to cybercrime. Specifically, survey data collected from 422 personnel based within two state-wide police agencies are used to analyze the prevalence of cybercrime-specific training, personnel levels of individual and organizational confidence about responding to cybercrime, and personnel perceptions of how to improve responses to cybercrime. The paper proceeds across four sections. The first section reviews existing research examining the complexity of cybercrime investigations and police preparedness to respond to reported incidents. The second section outlines the research methodology and data analysis strategies, including a detailed explanation of the sampling process and research instrument. The third section provides a description and analysis of the statistical data. Finally, the paper concludes with a discussion of the results within the context of the extant literature and suggestions for further research. Overall, the paper argues that responses to cybercrime within Australia would benefit from additional training for police personnel with regard to the management of digital crime scenes, the preservation of digital evidence, and the procedures for establishing cyber-jurisdiction.
Literature review
There is a growing collection of research examining the complexity of cybercrime investigations and police preparedness to respond to incidents. Within this section, we review the extant literature across two subsections. First, we examine the complexity of cybercrime investigations through a discussion of how computer networks create unique challenges for police to establish jurisdiction, identify offenders, and preserve the chain of custody. Second, we examine international research from comparable jurisdictions indicating that police are generally unprepared, and often reluctant, to respond to cybercrime incidents. Thus, we note that there is currently limited Australian research examining these issues and identify five corresponding research questions that our study seeks to answer.
The complexity of cybercrime investigations
Previous research has highlighted how the characteristics of cybercrime create difficulties for law enforcement. Specifically, the distributed character of computer networks (i.e. cyberspace) enables offenders to anonymously target victims across jurisdictions (Yar & Steinmetz, 2019, p. 14). Additionally, the technological sophistication of modern computers creates unique complexities in the collection and analysis of digital evidence that do not apply to traditional documentary evidence (Casey, 2011). As such, police regularly encounter several hurdles that can disrupt effective responses to cybercrime.
Many cybercrimes are committed by offenders located in geographical jurisdictions different from their victims. As such, cyberspace creates distinct issues with establishing jurisdiction to investigate and prosecute offenses. The prevailing international framework for establishing cyber-jurisdiction is Article 22 of the Convention on Cybercrime (Council of Europe, 2004). This suggests standard geographical jurisdiction as the basis for establishing jurisdiction, where the physical location of the offender takes priority (Maillart, 2019). Australia's domestic legal framework also reaffirms the application of standard geographical jurisdiction in cybercrime cases (Criminal Code Act, 1995, s14.1). However, the application of standard geographical jurisdiction is complicated under circumstances where cybercrime statutes differ, offenders relocate to a third jurisdiction, where an offender's nationality differs from their geographical jurisdiction, where victims are located in multiple jurisdictions, or where evidence is stored across multiple jurisdictions (see: Brenner, 2007). This also applies to cross-jurisdictional victimization at the domestic level, where offenders target victims located in a different state or territory. As such, even where cybercrime has been committed against a resident of Australia it is not guaranteed that Australian police can establish jurisdiction to investigate an offense. Finally, as noted earlier, jurisdiction to legislate, investigate, and prosecute cybercrime is shared by both the state and federal levels of government within Australia. Overall, police responses are potentially hindered by cross-jurisdictional discrepancies with regard to cybercrime statutes, differences in organizational resourcing and prioritization of cybercrime investigations, and different levels of technical and legal expertise among law enforcement personnel (Dodge & Burruss, 2019, p. 339; Holt, 2018, pp. 143–144).
A related issue for law enforcement is the decentralized and anonymous characteristics of much cybercrime. For example, the distribution of copyrighted material via Peer-to-Peer file sharing networks is incredibly difficult to disrupt, owing to the interconnected relationships between nodes in a computer network (Dupont, 2017, p. 101). Similarly, decentralized botnets can be used to commit targeted harassment on social media or via Distributed Denial of Service (DDoS) attacks (e.g. Mantilla, 2013, p. 565). These decentralized characteristics create difficulties in identifying individual offenders and preventing further victimization. The problem is exacerbated by the criminal misuses of privacy-enhancing technologies to evade detection by law enforcement. Technologies such as end-to-end encryption, onion routing, and cryptocurrencies can be used by offenders to mask their identities, locations, financial transactions, and communications (Holt et al., 2010; Weimann, 2016). Similarly, the tracking of decentralized and anonymized communications requires specialized knowledge in digital forensics (e.g. Karampidis et al., 2018), which is beyond the reasonable capabilities of most general duties officers. Although agencies have established specialist units to address these issues, the limited time and resources available require specialists to triage their work according to the investigative priorities of their organization (Rappert et al., 2021). As such, the decentralized and anonymous characteristics of cybercrimes create technical hurdles for law enforcement.
Further complicating this matter is how the unique characteristics of digital evidence complicate the preservation of the chain of custody. Digital evidence is fundamentally distinct in that it is binary data stored within magnetic or flash memory. As first responders, police should be aware that directly interfacing with the contents of seized devices can alter how these data are stored and thus disrupt the acquisition of digital evidence. For example, seemingly innocuous access to a device may override information stored in random access memory (providing details about recent user actions), while altering files stored on a device may impede the recovery of data that has been deleted but not yet overwritten (Holt et al., 2019a, 2019b; Karie et al., 2019). As such, it is integral for first responders to take steps to preserve digital crime scenes to avoid impeding the subsequent acquisition of digital evidence by specialists.
A final complicating issue is the diversity of devices and operating systems now available to consumers (Bennett, 2012, pp. 160–161). The rapid pace of development of off-the-shelf computing technologies complicates the ability of investigators to use scientifically reliable and reproducible methods of digital forensics (Mason & Stanfield, 2017). Specifically, the short commercial lifespans of devices and their operating systems create pragmatic constraints on digital forensic analysts to systematically study how unique configurations of hardware and software translate human inputs into data stored on the device (Losavio et al., 2016; Sommer, 2010). The result is that law enforcement agencies may be using one-size-fits-all digital forensic tools (e.g. “The Forensic Toolkit”) to examine the contents of a seized device that may not meet the scientific standards necessary for admissibility in the courts (Casey, 2019; Vincze, 2016). Evidently, these characteristics of cybercrime—as a function of computer networks—create difficulties for law enforcement.
Police preparedness to investigate cybercrime
There is a growing collection of research examining police preparedness to respond to cybercrime from comparable jurisdictions to Australia, including the United Kingdom (UK), the United States (US), and Canada. For example, research suggests that 54% of agencies within the US include a specialized cybercrime unit (Nowacki & Willits, 2019, p. 69). However, US officers prefer to ascribe responsibility to citizens to prevent cybercrimes, rather than pursue additional training themselves (Bossler & Holt, 2012, p. 175). Indeed, a majority of US police report that they have not responded to a cybercrime incident within the past year (Bossler & Holt, 2013, p. 357). Similarly, over 70% of UK-based police officers do not spend more than 4 h per week responding to cybercrime (43.3% spend less than one hour) (Holt et al., 2019a, p. 916). Research from the UK also suggests there is a relationship between organizational policies and procedures and an officer's individual levels of confidence about responding to cybercrime (Bossler et al., 2020). Specifically, only 38.8% of UK officers have undergone cybercrime-specific training and only 42.4% of surveyed officers indicated some degree of “preparedness to respond to online fraud” (Bossler et al., 2020, p. 318). This is a problem insofar as police personnel are often the “first responders” to digital crime scenes (Bossler & Holt, 2012). As such, it is important they are equipped with basic knowledge about responding to cybercrime, as the quality of a first responder's crime scene management is known to impact the outcome of an investigation (including by impacting the admissibility of evidence at trial) (Hinduja, 2007). This includes preserving digital evidence to enable subsequent acquisition and analysis by cybercrime specialists, as well as traditional policing skills such as speaking with witnesses and gathering additional intelligence to assist specialists in their investigations (Bossler & Holt, 2012; Hinduja, 2007; NIJ, 2008; Stambaugh et al., 2001).
Almost all categories of cybercrime are ranked by law enforcement as lower priorities than “offline” or “traditional” crimes, except for the online distribution of child exploitation material (Hinduja, 2004; Holt et al., 2010, 2015). The production, distribution, and possession of such material is considered an unambiguous example of cybercrime victimization. However, other categories do not produce comparable sentiments among police personnel. For example, Canadian police do not generally view “cyberbullying” as constituting a criminal matter, preferring to ascribe responsibility for managing such behavior to parents and educators (Broll & Huey, 2015, pp. 163–165). This is despite research indicating that cyberbullying is increasingly supplanting other forms of interpersonal harassment and can have lasting psychosocial impacts on victims (Hemphill et al., 2015; Stevens et al., 2020). Similarly, research suggests that law enforcement officers generally have an impoverished understanding of image-based sexual abuse (i.e. nonconsensual sharing of intimate images) (Bond & Tyrrell, 2021) and other forms of technology-facilitated sexual violence (Powell & Henry, 2017, 2018). Officers generally perceive image-based sexual abuse as less serious than other forms of intimate partner abuse (Henry et al., 2018; Powell & Henry, 2018). Such beliefs are linked to perceptions of victims as morally less deserving of assistance if they share intimate images (Venema, 2019). This is not an isolated issue. Research suggests the comparative “blamelessness” of victims is important for understanding officer willingness to respond to cybercrime, as victims who have taken steps to protect themselves are perceived as more deserving of assistance (Black et al., 2019; Broll & Huey, 2015, p. 167; Hinduja & Schafer, 2009). For example, Millman et al. (2017, p. 93) observe that British police report frustration with “unhelpful victims” of cyber-harassment who continue to use social media.
These perceptions of cybercrime as comparatively less serious than offline crimes are further complicated by research suggesting law enforcement lack confidence in their investigative capabilities. One recent study from the UK suggests that 61.5% of officers felt unprepared for investigating cybercrime, which they primarily attributed to a lack of training (Burruss et al., 2019). Furthermore, 80.9% of surveyed officers reported a lack of confidence in their organizations’ capabilities (Burruss et al., 2019, p. 111). British officers’ levels of confidence vary according to whether they have undertaken cybercrime-specific training, their self-reported levels of technical expertise, and previous experience investigating cybercrime incidents (Bossler et al., 2020; Cockcroft et al., 2018; Holt et al., 2019a). Further, focus group research with sixteen (16) British police officers suggests this lack of confidence can be attributed to beliefs that cybercrime is too complex, existing cybercrime training opportunities are inadequate, and ongoing confusion about the blurred distinction between “cyber” and “offline” criminal offenses (Hadlington et al., 2021).
There is also an apparent link between police personnel's confidence in investigating cybercrime and their organization's workplace culture. Large-scale studies of US law enforcement suggest larger organizations are better prepared to respond to cybercrime as they are more likely to have clearer cybercrime reporting protocols and the personnel and equipment necessary for digital forensic analyses (Nouh et al., 2019, pp. 8–9; Willits & Nowacki, 2016). Basic training in digital forensics also predicts officer capabilities to preserve electronic evidence (Brown, 2015, pp. 64–65) and more nuanced attitudes about cybercrime (Holt & Bossler, 2012; Holt et al., 2019a, 2019b, p. 32). Finally, research suggests officers who have previously encountered cybercrime incidents tend to be more willing to undergo additional training and are more enthusiastic about conducting cybercrime investigations in the future (Bossler & Holt, 2012; Holt & Bossler, 2012).
Despite this growing literature, there has been comparatively less research within an Australian context concerning police preparedness to respond to cybercrime. For example, research has found that Australian law enforcement continues to quarrel over how to establish jurisdiction, resist accepting responsibility for investigations, and fail to deliver appropriate care to victim-complainants of cybercrime (Cross, 2018a, 2018b). Recent qualitative research examining three Australian cybercrime units do suggest that specialist officers feel they are “invisible” to police command and are thus underresourced and ill-equipped to deal with an increasing number of case referrals (Harkin & Whelan, 2019, pp. 5–13; Harkin et al. 2018; Whelan & Harkin, 2019). Harkin and Whelan (2022, pp. 70–73) have argued that the consequences of a “lack of training” among Australian police personnel with regard to cybercrime are complex, as knowledge deficits among police management translate into insufficient training for general duties officers and general investigators, as well as the underresourcing of cybercrime specialty units. However, there remains a notable gap in quantitative research examining police preparedness to respond to cybercrime within Australia.
Methodology
This article draws upon a subset of data from a larger project examining the policing of cybercrime in Australia. The larger project involved both quantitative and qualitative research with both sworn and unsworn police personnel, as well as quantitative research with the general Australian community. 1 For the purposes of this article, we present original quantitative analyses examining the preparedness of Australian police personnel to respond to cybercrime. For specifics on this, and a detailed methodology of the overall project, see Cross et al. (2021).
Research aim and questions
The aims of this research are to analyze, for the first time in an Australian context, police personnel encounters with cybercrime, their levels of individual and organizational confidence in responding to cybercrime, and perceptions about how to improve responses to cybercrime. As such, the research is guided by the following five (5) research questions:
RQ1: How regularly do Australian police personnel encounter cybercrime? RQ2: How common is cybercrime training among Australian police personnel? RQ3: How confident are police personnel in their individual abilities to respond to cybercrime? RQ4: How confident are police personnel in their organizations’ capabilities to respond to cybercrime? RQ5: What resources or skills do police personnel believe are necessary to improve responses to cybercrime?
Sample and procedures
This research uses an exploratory survey design. We surveyed personnel (n = 422, 100%) employed within two anonymous state-level police agencies within Australia. Specifically, we surveyed 149 personnel within Agency A (35.31%) and 273 personnel within Agency B (64.69%). The resulting sample was primarily male (n = 254, 60.33%; females: n = 158, 37.44%), with a mean age of 42.36 years (SD = 9.85). Approximately half of the sample had attained a postsecondary qualification (n = 206, 48.93%; no postsecondary qualification: n = 215, 51.07). Respondents were recruited with the agencies’ ethics approval and were given an information sheet and consent form outlining the details of the study. The respondents were recruited by internal emails distributed by their organizations, and we received an estimated 2% response rate of total personnel (sworn and unsworn) across both agencies. As participation was influenced by self-selection effects, the results should not be generalized to other police organizations without observing the characteristics of the sample as noted in Table 1.
Characteristics of the officers sampled from Australian police agencies.
The low response rate is typical of email surveys that are distributed to all police personnel, as mass distribution compounds existing difficulties with response rates such as distrust of external researchers and survey fatigue (Nix et al., 2019, p. 542). It is also comparable with response rates from similar studies of police organizations in the UK (e.g. Bossler et al., 2020; Holt et al., 2019a). The characteristics of respondents drawn from the two agencies differ. Although Agency A had comparatively more general duties officers respond, Agency B had comparatively more specialists and unsworn personnel. Similarly, Agency A had more respondents drawn from regional areas compared with Agency B. The distribution of respondents’ ranks was broadly comparable across the two agencies. As noted above, these sample characteristics should be kept in mind when interpreting any observable patterns within the data.
Measures
The survey instrument was adapted by the researchers from prior studies examining cybercrime policing in the US and UK previously conducted by member of the research team (Holt et al., 2019a; Holt & Bossler, 2012). It comprised a range of items pertaining to: 1) demographic characteristics; 2) previous encounters with cybercrime; 3) levels of individual and organizational confidence in responding to cybercrime; and 4) views about how to improve responses to cybercrime. Each are described in turn as follows.
Demographic characteristics
The survey instrument included the following demographic items: police agency (“Agency A,” “Agency B”), role 2 (“general duties,” “specialists,” and “unsworn personnel”), region (“metropolitan” “regional”), gender 3 (male, female, nonbinary or intersex, prefer not to say), and highest level of education (“primary or elementary school,” “secondary or high school,” “tertiary diploma,” “university undergraduate degree,” and “university postgraduate degree”). This latter variable was consolidated into a binary category indicating completion of a university qualification (“yes,” “no”) for the purposes of analysis.
Previous encounters with cybercrime
For this item set we asked respondents “Did your initial police training include any modules on using the internet or cybercrime?” (“yes,” “no”) and “When is the last time that you responded to a cybercrime or online incident?” (“never,” “over a year ago,” “within the last year,” “within the last six months,” “within the last six weeks,” “within the last week”). If personnel had completed training about cybercrime, we asked for further details about the substance of the training module. As data were collected before the establishment of the ACSC, the study uses the earlier Australian Cybercrime Online Reporting Network (2015, para 1) definition of cybercrime. 4 Respondents were directed toward this definition of “cybercrime” within the project's information sheet.
Individual and organizational confidence
Respondents were asked two mirror questions: “How confident are you that the current police response to cybercrime in your State or Territory is effective?” and “How confident are you in your own ability to respond to cybercrime effectively?” (responses ranging from “1 = Not at all confident” to “5 = Very confident”). This item set also included a series of subquestions related to organizational confidence about specific matters. Example items include: “How confident are you that your organization takes cybercrime as seriously as face-to-face crimes?” and “How confident are you that your organization is adequately funded and resourced to address cybercrimes?”. Higher scores indicated greater confidence in organizational responses to cybercrime.
Improving responses to cybercrime
Finally, respondents were asked a series of questions about what skills or resources they felt they needed to improve their individual capabilities to respond to cybercrime. Respondents were asked to rank their responses on a five-point Likert scale (ranging from “1 = Not at all important” and “5 = Very important”). Example items included “Increased resources for digital forensic tools and technologies” and “Increased funding for training officers and staff in cybercrime”.
Analytic strategy
The unweighted sample was analyzed using STATA Version 14. Responses to questions about individual and organizational confidence were consolidated into three levels (“Not Confident,” “Neutral,” and “Confident”) to increase the sensitivity of categorical data to statistical analysis. Descriptive analyses were conducted to explore the overall agreement of police personnel according to the item sets. Subsequently, a series of bivariate analyses (Pearson's Chi-square tests) were performed to determine whether there were significant differences in individual and organization confidence according to six categorical independent variables (agency, role, region, training, education, and gender), with Cramer's V as a measure of effect size.
Results
Encounters with cybercrime
To examine police preparedness to respond to cybercrime within Australia, we first examined personnel encounters with cybercrime incidents and training. The results suggest over half of surveyed respondents (n = 236, 57.70%) have encountered a cybercrime incident within the previous 12 months. However, a significant minority of respondents report rarely encountering an incident, with 1 in 5 (n = 84, 20.90%) reporting their last encounter was over 12 months prior, and another 1 in 5 (n = 82, 20.40%) reporting never responding to an incident. A complete summary of responses can be found in Table 2.
Comparative prevalence of most recent exposure to cybercrime complaint (n = 422).
We analyzed these patterns according to respondents’ agency, role and region. Results suggest that personnel from Agency A reported more recent encounters with cybercrime incidents than personnel from Agency B, χ2 = 4.74, p < .05, V = .109. Specifically, personnel within Agency A were more likely to report responding to at least one cybercrime incident within the preceding six months (n = 81, 54.73%), compared with personnel within Agency B (n = 110, 43.48%). Further, almost one-in-four personnel within Agency B (n = 61, 24.11%) report never encountering an instance of cybercrime, in comparison to only 1 in every 7 respondents from Agency A (n = 21, 14.09%). General duties officers were more likely to have encountered a cybercrime incident within the preceding six months (n = 86, 64.66%), compared with specialists (n = 89, 44.72%) and unsworn personnel (n = 16, 23.19%), χ2 = 32.67, p < .001, V = .29. There were no significant differences in rates of encountering cybercrime between respondents based within metropolitan policing districts (n = 126, 45.16%) and those within regional policing districts (n = 65, 53.28%) within the preceding six months, χ2 = 2.24, p = .13, V = .07. This suggests the comparative recency of cybercrime encounters observed within Agency A is a function of its proportion of respondents who were general duties officers.
Slightly under half of the respondents report that they have completed training in the general awareness of cybercrime (n = 197, 49%). A summary of the complete results can be found in Table 3. Despite reporting less frequent encounters with cybercrime incidents, respondents from Agency B reported significantly higher rates of general cybercrime training (n = 142, 56.13%) compared with respondents based within Agency A (n = 55, 36.91%). However, there were no significant differences between the two agencies with regard to more specialized forms of training.
Prevalence of cybercrime training in Agencies A and B (n = 402).
*Note that this survey was completed before the creation of the Australian Cyber Security Centre. This item thus refers to the previous centralized reporting portal.
There were no observable differences in the rates of training between personnel based in metropolitan policing districts (n = 141, 50.54%) and regional policing districts (n = 55, 45.08%), χ2 = 1.01, p = .32, V = .05. However, there were differences according to a respondent's role within their organization. Table 4 provides crosstabulations for cybercrime-related training according to roles within policing organizations, including chi-square tests used to compare the rates of training between general duties and specialist officers.
Prevalence of cybercrime training according to role within organization (n = 401).
*Note that this survey was completed before the creation of the Australian Cyber Security Centre. This item thus refers to the previous centralized reporting portal.
Specialists were more likely to have completed general cybercrime awareness training compared to general duties officers, as well as specific training about how to collect and preserve digital evidence, digital investigation techniques and relevant legislation. Beyond these differences, the number of sworn and unsworn personnel who report completing training in more specialized areas (e.g. how to direct members of the public to report cybercrime; how to record an initial complaint of cybercrime) was notably low. For example, less than 40% of general duties officers had received training about how to refer members of the public to report cybercrime and less than 20% had received basic instruction about preserving digital evidence when initially encountering an instance of victimization.
Levels of individual confidence
To further understand the predictors of police preparedness to respond to cybercrime, we analyzed respondents’ confidence in their individual capabilities. Over half of respondents indicated that they were at least “somewhat confident” in their capabilities (n = 223, 52.84%). A summary of the results can be found in Table 5.
Distribution of responses to item measuring individual levels of confidence (n = 422).
Using a consolidated three-point variant of this item, we again observed significant differences in levels of individual confidence among personnel from the two surveyed agencies. Specifically, respondents from Agency B were more likely to report they were at least “confident” in their own ability to respond to cybercrime (n = 53, 19.41%) compared with respondents from Agency A (n = 17, 11.49%). Conversely, respondents from Agency A were more likely to indicate they were either “not” or “not at all confident” (n = 82, 55.03%) compared to respondents from Agency B (n = 117, 42.29%), χ2 = .10.56, p < .05, V = .158. Specialist officers were more likely to report at least some confidence in responding to cybercrime (n = 119, 56.94%) compared to general duties officers (n = 58, 42.96%), χ2 = 17.51, p < .01, V = .144. Similarly, respondents based within metropolitan policing districts were more likely to report at least some confidence (n = 166, 56.85%) compared with respondents based within regional policing districts (n = 56, 43.44%), χ2 = 7.79, p < .05, V = .136. There were no differences between male and female respondents. However, respondents who had completed cybercrime-specific training were more likely to report some confidence (n = 123, 62.44%) compared to those who had not (n = 89, 43.41%), χ2 = 14.5911, p < .001, V = .191. Respondents with a postsecondary qualification were also more likely to have confidence in their own capability to respond to cybercrime (n = 51, 23.72%) compared to those without a postsecondary qualification (n = 19, 9.22%), χ2 = 17.10, p < .001, V = .202.
Levels of organizational competence
In contrast to levels of individual confidence, police personnel were somewhat less confident in their organizations’ capabilities to respond to cybercrime effectively. The results indicate that over half of respondents were “not at all” or “not” confident in their organizations’ capabilities (n = 224, 53.08%). In contrast, a small minority of respondents reported they were either “very confident” or “confident” in their organizations’ capabilities (n = 51, 12.09%). The full results are summarized in Table 6.
Distribution of responses to item measuring level of confidence in organization (n = 422).
We examined variance in levels of organizational confidence (three levels) according to the six independent variables: agency, role, region, training, gender and education. There were no observable differences in levels of organizational confidence according to whether a respondent had undergone cybercrime training, χ2 = .017, p = .99, V = .007. Similarly, there were no observable differences in the patterns of responses between respondents based within Agencies A and B, χ2 = .40, p = .82, V = .031. Unsworn personnel (n = 52, 67.53%) were more likely to have at least some confidence in their organization, compared with either general duties officers (n = 56, 41.48%) or specialist officers (n = 89, 42.58%), χ2 = 17.21, p < .01, V = .143. There were no observed differences in levels of organizational confidence between personnel based in metropolitan or regional districts, χ2 = 1.47, p = .48, V = .06. Female respondents (n = 27, 17.09%) were more likely to report confidence in their organizations’ capabilities compared to their male colleagues (n = 23, 9.06%), χ2 = 7.38, p < .05, V = .134. In contrast to the observed effect on individual confidence, respondents with a postsecondary qualification were more likely to lack confidence in their organization's capabilities to respond to cybercrime (n = 127, 59.07%) compared to respondents without a postsecondary qualification (n = 97, 47.09%), χ2 = 6.37, p < .05, V = .123.
In addition to a general measure of organizational confidence, we also asked respondents a series of subquestions measuring confidence in specific capabilities (three levels). As with general confidence, most respondents (over 50%) indicated they were either “not at all” or “not” confident about their organization's capabilities across the seven subquestions (see Table 7 for full results).
Responses to items measuring aspects of organizational responses to cybercrime (n = 421).
There were no significant differences between respondents based within Agencies A and B on these items. However, there were observable differences according to respondent roles within their organizations. The full results are summarized in Table 8.
Responses to items measuring aspects of organizational responses to cybercrime (n = 421).
As with general levels of confidence, unsworn personnel were more likely to have at least some confidence in their organization for a range of items, compared with either general duties or specialist officers. Respondents with a postsecondary qualification were more likely to lack confidence that their organization was taking cybercrime as seriously as face-to-face crimes (n = 106, 49.30%) compared with respondents without a postsecondary qualification (n = 81, 39.32%), χ2 = 6.34, p < .05, V = .123. We also observed that male respondents are more likely to lack confidence in their organization's capabilities to charge cybercriminals (n = 176, 69.29%) compared to their female counterparts (n = 90, 56.96%), χ2 = 6.96, p < .05, V = .13. Finally, we examined the relationship between individual and organizational levels of confidence. The complete cross-tabulation data can be found in Table 9. Specifically, respondents were more likely to have at least some confidence in their organization's responses to cybercrime if they also reported confidence in their individual capabilities, χ2 = 28.45, p < .001, V = .184.
Cross-tabulation comparing respondent levels of individual and organizational confidence.
Improving responses to cybercrime
The final set of items measured respondent perceptions of what skills or resources would help improve responses to cybercrime. A complete summary of the results can be found in Table 10. Respondents were in favor of the proposed measures to varying degrees. The most popular measures were those that addressed organizational resourcing, such as providing increased funding for cybercrime-specific training and further investment in high-tech crime units. Respondents were less enthusiastic about, yet still supportive of, measures that involved external stakeholders, such as educating members of the public about staying safe online or cooperating with business to improve reporting of cybercrimes. Respondents were in favor of increasing the capabilities of federal, state and local authorities, without any clear preference for a specific level of government. Finally, more punitive approaches to combatting cybercrime (i.e. increasing penalties) were comparatively less popular, although a clear majority of respondents (n = 340, 80.76%) were still in favor.
Responses to items measuring perceived importance of improving cybercrime investigations (n = 422).
Again, we observed some differences according to the independent variables. There were no significant differences according to a respondent's agency, role, region, or level of education. Previous training corresponded with some observable differences in attitudes. Respondents who had not received cybercrime-specific training (n = 191, 93.17%) were more likely to support developing the capabilities of local governments for tackling cybercrime, compared to officers who had already received training (n = 170, 86.29%), χ2 = 6.19, p < .05, V = .124. We also observed several differences between male and female respondents. Generally, female respondents were more supportive of solutions involving law reform. Female respondents were more likely to view more severe penalties for cybercriminals as important to improve responses to cybercrime (n = 137, 86.71%) compared to their male counterparts (n = 196, 77.17%), χ2 = 7.55, p < .05, V = .135. Similarly, female respondents were more likely to perceive legislative reform as an important aspect of responding to cybercrime (n = 149, 94.30%) compared to their male counterparts (n = 220, 86.61%), χ2 = 7.28, p < .05, V = .133.
Discussion
The reported data provide insights into the preparedness of Australian police personnel to effectively respond to cybercrime incidents. In particular, the data suggest that while general duties officers were more likely to encounter cybercrime incidents, they were less likely to report completing the types of training necessary for “first responders” to digital crime scenes. These officers were also less likely to feel confident in their personal capabilities to effectively respond to cybercrime incidents. Overall, the data reveal some capabilities and confidence deficits among the surveyed personnel that have real-world consequences for the victim-complainants of cybercrime (e.g. Cross, 2018a, 2020), yet also highlight the desire for greater resourcing and training opportunities within these police organizations.
The findings suggest that Australian police encounter cybercrime at a modest rate. Specifically, approximately 65% of general duties officers reported encountering a cybercrime incident in the preceding six months. This helps answer the first research question and is generally consistent with the international literature. For example, data from the UK suggest over 56.7% of general duties officers reported spending at least 1 hour each week responding to cybercrime incidents (Holt et al., 2019a, p. 916) and reaffirms the role of general duties officers as the “first responders” to digital crime scenes (Bossler & Holt, 2012). Of course, these data should be scrutinized carefully. The rate of contact police have with cybercrime is also a function of their capacity and willingness to act a cybercrime complaint, as well as the reporting behavior of cybercrime victims. Given previous findings that both police and victims often perceive cybercrime to be less serious than “traditional” criminal offenses (Holt et al., 2018), the data are unlikely to capture the true extent to which police personnel encounter cybercrime incidents in their day-to-day work.
A related finding is that only about half of respondents’ report completing any form of cybercrime training. This helps answer the second research question and is broadly consistent with the extant literature. The proportion of Australian police personnel who report completing general cybercrime-related training exceeds rates previously measured in the UK, where only 38.8% of general duties officers reported completing such training (Bossler et al. 2020, p. 318). This tentatively suggests that Australian police agencies are comparatively better-preparing personnel to respond to cybercrime incidents, although the quality of training would impact any assessment of capabilities. Still, there remain clear deficits in Australian police personnel's capabilities to respond to cybercrimes. Only 38.35% of general duties officers completed training about cybercrime reporting protocols and only 18.05% had received basic instruction about the preservation of digital evidence. As noted above, both skills are essential for “first responders” to cybercrime incidents and do not require sophisticated knowledge of digital forensics. The findings thus build upon research by Harkin and Whelan (2019, 2022), who observed how different categories of Australian police personnel have distinct training deficits. Specifically, our research identifies a need for tailored training of general duties officers about how to receive and refer victim-complainants of cybercrime (i.e. where/ how to report an incident to the appropriate agency) and basic skills for digital crime scene management (how to preserve electronic evidence at the time an incident is reported). Although only 18.66% of all respondents had received specialized training in digital investigation techniques, such skills are comparatively more complex and involve more detailed knowledge of digital forensics (e.g. Willits & Nowacki, 2016). Such a pattern is therefore less concerning for general duties officers, although such skills would be useful for general investigators (Harkin & Whelan, 2022, p. 72). Overall, while Australian police personnel have received some cybercrime-related training, there remain areas and topics where they would benefit from further instruction.
Our data suggest that a slim majority of the surveyed personnel report some measure of confidence in their individual capabilities, although comparatively few were comfortable describing themselves as “confident” or “very confident.” General duties officers reported less confidence than either the surveyed specialists or unsworn personnel, with less than 50% reporting at least “some” confidence. This helps answer the third research question. Again, the data are consistent with previous research examining preparedness among law enforcement officers within the UK, where general duties officers were “moderately” confident in responding to cybercrime incidents (e.g. Bossler et al., 2020). Importantly, our analyses provide support for the relationship between completing cybercrime-specific training and higher levels of individual confidence in responding to cybercrime incidents (e.g. Burruss et al., 2019). Thus, the lower rates of training among general duties officers are likely a contributing factor to the observed confidence deficit. Similarly, postsecondary education was a predictor of higher levels of individual confidence among personnel. Again, these relationships should be interpreted critically, rather than merely taken at face value as research suggests highly educated people tend to overestimate their cybersecurity skillsets (e.g. Martens et al., 2019, p. 146). This might suggest that the relationship between training, education, and self-reported confidence does not translate into actual differences in skill—further research would be necessary to assess such a relationship. Further research would also be necessary to accurately measure officers’ applied cybercrime investigative skills.
In contrast, our data suggest that police personnel generally lack confidence in their organizations’ capabilities to respond to cybercrime. This helps answer the fourth research question. There is comparatively less existing research examining this phenomenon, although the results are consistent with some existing Australian research observing how cybercrime specialists feel underresourced and ill-equipped to deal with an increasing number of cybercrime case referrals (Harkin & Whelan 2019, pp. 5–13; Harkin et al., 2018; Whelan & Harkin 2019). Interestingly, our data also suggest that personnel who feel personally confident responding to cybercrime incidents were more likely to express confidence in their organization's capabilities, highlighting the nexus between an individual's levels of confidence and organizational policies and procedures (e.g. Bossler et al., 2020). The data also provide insights into police personnel's views about potential solutions to this confidence deficit, with officers generally supportive of a range of initiatives to varying degrees. This helps answer the fifth research question. Primarily, respondents preferred expanding opportunities for training and resourcing within their organizations, which is consistent with the broadly inward-looking orientation of law enforcement agencies (e.g. Cordner, 2017; Reiner, 2010). However, our results also suggest personnel recognize the importance of engaging with corporate and nongovernment organizations to effectively “police” online platforms. This willingness to work collaboratively with external groups is consistent with earlier research suggesting awareness of capabilities deficits among police correlates with higher levels of support for public–private partnerships for regulating cyberspace (Button, 2020; Paek et al., 2020).
While the results of this study are useful, it is important to avoid generalizing to all Australian police agencies given their organizational diversity. Yet, the data do provide an initial snapshot of the preparedness of Australian police personnel to effectively respond to incidents of cybercrime. Overall, the respondents were modestly confident in their own capabilities yet lack corresponding confidence in their organizations’ policies and procedures. The observed nexus between individual and organizational confidence is particularly prominent among general duties officers who occupy a role as “first responders” to many digital crime scenes. Further, although there are identifiable gaps in their professional capabilities, our data suggest police personnel are yearning for more organizational resources and training opportunities. As such, this suggests a potential need for further resourcing by Australian law enforcement agencies (or, at least, the surveyed agencies) to enhance organizational capabilities for responding to cybercrime, including (but not limited to) upskilling personnel with basic knowledge about how to manage digital crime scenes, the preservation of digital evidence, and procedures for receiving and referring victim-complainants of cybercrimes.
Despite the insights gained via the present study, it also has limitations and highlights the need for further research. While useful, statistical analyses of police survey data only ever provide a snapshot of the phenomenon. The present results should therefore be considered within the context of the broader literature rather than in isolation. We also only surveyed two law enforcement agencies constituted by self-selecting samples of police personnel due to time and resource constraints, and thus the experiences of personnel from other agencies may differ from those presently examined. This is an important limitation to recognize, given the influence of personal experiences and organizational policies on officer perspectives of cybercrime. Future research could also assess the quality of existing cybercrime training modules and tease out the reasons why there is a discrepancy between individual and organization levels of confidence in greater detail. It would be useful to have more specific data about what skills officers lack. This would help ensure training programs are addressing substantive gaps in knowledge. Finally, further research could examine the direct impacts, if any, of a lack of confidence among personnel on public confidence in police responses to cybercrime.
Conclusion
The present study has examined the preparedness of Australian police to respond to cybercrime incidents. Specifically, we examined existing levels of training for responding to cybercrime, levels of individual and organizational confidence in responding to cybercrime, and views about enhancing organizational responses to cybercrime. Our research suggests that while police personnel are modestly confident in their individual capabilities, they lack comparative confidence in their organizations. Further, while half of the respondents reported completing general cybercrime-related training, a significant majority lacked training in essential skills for effectively responding to cybercrime. This is particularly important for general duties officers who commonly act as “first responders” to cybercrime incidents. Yet, in contrast to other jurisdictions, Australian police personnel appear to yearn for additional organizational resourcing and further training to enhance their capabilities. As such, the current study is useful for guiding the development of cybercrime policies and procedures within Australian law enforcement agencies. Indeed, the research suggests Australian police personnel may benefit from further training in foundational cybercrime-related skills, including the management of digital crime scenes, the preservation of digital evidence, and the processes for receiving and referring victim-complainants of cybercrime incidents.
Footnotes
Acknowledgments
The authors would like to acknowledge the support and assistance of the two Australian police agencies in undertaking this research. The authors would also like to thank the two anonymous reviewers for their helpful feedback on the manuscript.
Declaration of conflicting interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship and/or publication of this article.
Funding
The author(s) disclosed receipt of the following financial support for the research, authorship and/or publication of this article: This work was supported by the Australian Institute of Criminology (grant number Criminology Research Grant (CRG 23/16–17)).
