The Perceived Importance of Cybercrime Control among Police Ofﬁcers: Implications for Combatting Industrial Espionage

: The current research explored the predictors of how police ofﬁcers perceived the importance of combatting cybercrime. This is an era in which industrial security is threatened by perpetrators who use advanced techniques to steal information online. Understanding how law enforcement ofﬁcers view the control of cybercrimes, especially those that steal conﬁdential business information, can inform industrial espionage prevention and help maintain a nation’s industrial competitiveness in the world market. We surveyed a convenience sample of South Korean police ofﬁcers attending training at the Police Human Resources Development Institute (PHRDI) using a paper-and-pencil questionnaire. The results indicated that the ofﬁcers’ perceptions of colleagues’ and organizational views on cybercrime control signiﬁcantly impacted their attitudes. Additionally, ofﬁcers’ perceptions of the seriousness of online theft (in this paper, we use the terms online theft and property cybercrime interchangeably) and their computer proﬁciency were also found to affect their views on the importance of combatting cybercrimes. We conclude by suggesting that the police take a proactive organizational approach to prevent and respond to online property crimes through education and public awareness programs, which could positively impact the prevention of industrial espionage.


Introduction
The development of information and communications technologies has presented a formidable challenge to law enforcement and other security governance actors. In particular, cybercrime, a term that covers the offenses targeting both computers and/or networks and those assisted by computer technology [1][2][3], has become a major social issue over the past couple of decades. With the virtual environment offering myriad opportunities for illegal activities, new offenses such as hacking and malware attacks have emerged [3]. Traditional crimes are now committed by taking advantage of cyberspace's unique characteristics [1,4,5].
Today's industrial espionage can be conducted in various manners. For example, cyberspace is used as a medium through which trade secrets are illegally acquired from domestic companies to benefit international businesses. The virtual environment presents unpredictable risks to industries through increased interconnectedness and the availability of criminal opportunities which are not restricted by spatiotemporal limitations [6][7][8][9].
Any industry can fall victim to espionage, but biotechnology, information and communications technology, energy, and defense technology are some of the expected targets. Once a business is victimized, it can wreak havoc at the national level as well. For example, a 2017 Russian cyberattack which disabled bank, transportation, and company operations worldwide cost FedEx approximately $300 million [10]. Considering industrial espionage's negative impact on the targeted industry and subsequent damage to a nation's economic and social well-being, it is vital to establish strategic plans to prevent it. In this exploratory research, we aim to suggest prevention and response measures by examining police officers' perceptions of cybercrime control.

The Role of Police
Law enforcement can play a central role in combatting industrial espionage as the main social control agent. For the police to play their roles effectively, understanding the nature and status of industrial espionage is important, but estimating victimization is often difficult due to a lack of reporting by victims [7]. Moreover, current tools for detecting and investigating incidents, especially cyberespionage, are inadequate and have not been tailored to technological evolution [11].
Although existing literature offers insights into protecting intellectual property and trade secrets (e.g., [12,13]), there is little scholarly discourse and empirical evidence concerning industrial espionage policing. Significantly, law enforcement responses to and perceptions of cyberespionage are important research areas that can inform the control of industrial espionage in an era in which cyberspace is a medium for most business and personal activities. Considering that cyberespionage is a type of cybercrime using techniques such as hacking and malware attacks, understanding police officers' attitudes toward these offenses can lay a foundation for effective policing of industrial espionage occurring in the virtual environment. Therefore, this research examines the factors related to the importance that police officers attribute to cybercrime control.
According to the Federal Bureau of Investigation (FBI), a total of 467,361 complaints with an estimated $3.5 billion losses were filed to the Internet Crime Complaint Center (IC3) in 2019 [14]. Considering the volume of unreported cybercrimes [15], the actual number of offenses committed in cyberspace is expected to be much higher. Based on the trend over the last five years, the number of crimes committed in cyberspace and the resulting financial losses will continue to rise. To commit espionage, techniques such as phishing are often used to lure targets [16]. The European Union Agency for Cybersecurity (2020) reports that around 63% of 2019's cyberespionage cases involved phishing [17]. Because different offense techniques (e.g., malware, hacking, phishing, etc.) can be combined to steal information in cyberspace [18], industries must understand the nature of cybercrime threats to confidential information such as intellectual property.
As the primary responders to crimes, law enforcement is expected to control illicit activities in cyberspace. Because security governance in the virtual environment requires specialized knowledge and investigative skills [19], issues that make policing cybercrime challenging have been noted in the policing and cybercrime literature, including officers' lack of awareness and interest [20,21]. Building on the existing evidence, we explore the factors that predict the importance that police officers attribute to cybercrime control. Since officers who acknowledge the problem's magnitude are more likely to be interested in resolving it [22], the results of this research can inform the practice of preventing and responding to cyberespionage.

Issues in Policing Cybercrime
The number of Internet users continues to rise worldwide, with an estimated digital population of 4.6 billion in 2020 [23], constituting nearly 60% of the global population. From the perspective of Routine Activities Theory [24], cyberspace offers appealing opportunities to motivated offenders by allowing them to commit crimes without the need for spatiotemporal convergence with potential victims and guardians [25,26]. This makes it difficult for law enforcement to identify offenders' locations, especially when they can maintain a degree of anonymity [27]. Additionally, emerging offenses aimed at inanimate objects that utilize advanced technology such as automated vehicles [28] have complicated regulating cybercrimes.
A lack of available resources is another major obstacle to the effective regulation of cybercrimes [29]. This issue is linked to insufficient training and low-level knowledge about these emerging crimes and an inability to keep pace with technological developments and the offenders who have adjusted to them [30,31]. These limited resources and expertise have implications for officers' willingness to engage in cybercrime control. Evidence suggests that officers are not knowledgeable or experienced enough to perform cybercrime investigations (e.g., [32]), and they are reluctant to get involved in them [20].
To enhance industrial espionage countermeasures, Hou and Wang [33] suggest multiagency collaborations involving private and public sector agencies. For such programs to be implemented successfully, each constituent should make unique contributions [34]. Aside from the need for training and education in public law enforcement, as mentioned earlier, businesses are not willing to report their victimization incidents to protect brand values and shareholders' assets [35]. Without active cooperation from the private sector and businesses involved in industrial espionage, the police cannot take a central role in combatting it. This is especially the case because the police are traditionally expected to handle street crimes, on which a heavy emphasis is placed. Thus, law enforcement duties are prioritized over order maintenance and service [36,37]. It has been found that officers do not support establishing cybercrime units at a local level and are unwilling to receive additional cybercrime training [20].
Furthermore, an element of the police subculture that resists changes and hinders adaptation to evolving environments [38] presents another obstacle for police response to cybercrime. For police to improve their capability of regulating illicit activities in cyberspace, effort must be invested in shifting the organizational focus. In the hierarchical and collective work environment, such change will impact management and line officers' views [39,40]. Studies show that police officers do not believe they should be the primary contact authority for cybercrimes [20,41]. This is possibly due to little emphasis placed on cybercrimes at the organizational level or low self-confidence and lack of preparedness for responding to cybercrime cases [42,43].
Based on the idea that controlling cybercrime lays a foundation for regulating cyberespionage, we assess the factors related to how law enforcement officers perceive the importance of cybercrime control. Understanding officers' attitudes is an essential step for planning, establishing, and implementing programs to combat cyberespionage.

Research Method
This research was carried out in the cultural setting of South Korea. The country recorded a gross domestic product exceeding $1.6 trillion in 2019, ranking 12th globally. The South Korean economy largely relies on exports from industries such as semiconductors, displays, electronic vehicles, and telecommunications [44,45] whose intellectual properties must be protected to maintain the nation's socio-political competitiveness in the world. To combat industrial espionage, the South Korean police enforce the Prevention and Protection of Industrial Espionage Act, the Unfair Competition Prevention and Trade Secret Protection Act, and the Defense Industry Technology Protection Act. Industrial espionage investigators are also cultivated, and the Korean National Police Agency (KNPA) offers training and education courses on industrial espionage [44].
According to the KNPA [46], suspects in 581 industrial technology leakage cases were arrested from 2015 to 2019. Furthermore, a total of 155,554 incidents of information network infringement crime and information network crime were reported in 2019. Given the link between these online offenses and technology leakage, law enforcement must emphasize the property offenses committed in the virtual environment.
Because of the increasing pervasiveness of the Internet and the unique characteristics of online offenses, it is necessary to examine how police officers view cybercrimes. In particular, understanding officers' views on the importance of controlling cybercrime and the factors that affect their perceptions can inform the practice of educating and training officers in evidence collection and investigation which are critical components of regulating the offenses [47].

Data Collection
We collected data from a convenience sample of officers attending training at the Police Human Resources Development Institute (PHRDI) in June 2014. The PHRDI is the training hub for officers of all ranks, assignments, and work locations and offers a comprehensive list of programs regularly. Using a paper-and-pencil questionnaire developed based on Bossler and Holt [20] and Holt and Bossler [41], we surveyed participants' views on the importance of policing cybercrimes. We met with each course instructor and informed them about the research purpose, survey distribution, and collection procedures.
The survey questionnaire included a wide range of items related to the perceptions of cybercrime and response strategies. For this research, how participants perceived an organizational emphasis on cybercrime and their attitudes toward their supervisors' and colleagues' views of the importance of cybercrime control were examined. Furthermore, the perceived seriousness of cybercrime and the personal capability of responding to it were explored. After being informed about the research background and ensured anonymity, 433 officers participated in the survey. A total of 362 cases were used for the analysis after 71 cases were deemed unusable due to missing information.

Measurement
The dependent variable was the perceived importance of cybercrime control. Two items, "conducting a stakeout on the computer is just as important as a traditional stakeout" and "investigating cybercrime is a priority for the police" (Spearman-Brown = 0.54), measured how respondents perceived (1 = strongly disagree; 5 = strongly agree) the importance of controlling cybercrime.
The police are a conservative collectivist organization [38][39][40]. The profession's chain of command also resembles that of the military, so how other members and the organization view cybercrime control are likely to affect individual officers' attitudes. Therefore, respondents were asked about the emphases their colleagues, supervisors, and organization had placed on cybercrime control (1 = strongly disagree; 5 = strongly agree).
Based on existing research on police officers' perceptions of cybercrime [20,41], officers who view cybercrime to be serious and feel confident about their computer proficiency are more likely to see cybercrime control as a critical task. To measure the perceived seriousness of property cybercrime, participants were shown six offenses (electronic theft of money, identity theft, credit card fraud, virus/malicious software, copyright infringement/piracy, and voice phishing/phishing) and were asked to indicate their seriousness (1 = not serious; 5 = very serious). In addition, computer proficiency was measured by responses to the following two items (Spearman-Brown = 0.65): "I would feel comfortable in working in the cybercrime unit at any time" and "If I receive suitable training, I am confident that I can contribute to cybercrime investigation" (1 = strongly disagree; 5 = strongly agree) (Appendix A).

Analytic Strategies
We employed Ordinary Least Squares (OLS) as the main analytic strategy. Aside from independent variables (i.e., perceptions of colleagues', supervisors', and the organization's emphasis on the need for cybercrime control, view of the seriousness of property cybercrime, and computer proficiency), socio-demographic characteristics such as gender, education level, and years of experience were included in the OLS model as control variables.
Univariate and bivariate analyses were conducted to examine each variable's characteristics and the independent variables' relationships with the outcome variable. Before proceeding to OLS, Variance Inflation Factor (VIF) values were checked to confirm no multicollinearity among the predictor variables.

Results
The vast majority of respondents were male (89%) with an average of 17 years of experience. About a half of participants (51%) held a four-year college degree, and the range of experience was 3 to 34 years with a mean of 17 years. As for views of the importance of controlling cybercrime, participants believed investigating cybercrime was an important task for the police (x = 7.75), placing considerable emphasis on regulating illicit activities in cyberspace (Tables 1 and 2). Respondents believed that their colleagues believed in the need for cybercrime control (x = 3.71), supervisors showed concern for the need to control cybercrime (x = 3.44), and the police as an organization placed an equal amount of emphasis on cybercrime as on street crimes (x = 3.46). Officers also perceived property cybercrimes to be serious offenses (x = 24.46) and reported a reasonable level of computer proficiency (x = 6.30).
The bivariate correlation analysis (Table 3) found that each independent variable was positively correlated with the dependent variable. Particularly, the perception of colleagues' beliefs on the need for cybercrime control had the strongest relationship (r = 0.47; p ≤ 0.01) with the dependent variable, followed by the perception of a supervisor's attitude (r = 0.34; p ≤ 0.01) and organizational emphasis (r = 0.31; p ≤ 0.01). According to the OLS analysis (Table 4), the model explained 28% of the dependent variable variance. None of the socio-demographic characteristics were related to participants' perceptions of cybercrime control's importance. On the other hand, except for the supervisor's view, each independent variable predicted the importance respondents attributed to cybercrime control. How officers viewed their colleagues' (β = 0.33; p ≤ 0.001) and the organization's concern (β = 0.33; p ≤ 0.001) for controlling cybercrime affected their perceptions positively. Specifically, the more they believed their colleagues and organization showed concern for or emphasized cybercrime, the more they were likely to think that controlling cybercrimes was important. Furthermore, online theft's seriousness (β = 0.15; p ≤ 0.01) and computer proficiency (β = 0.10; p ≤ 0.05) were positively associated with the perceived importance of cybercrime control.

Discussion
The current research results suggested that several factors may impact individual officers' views of the importance of controlling cybercrimes. Cybercrimes continue to emerge with the increased use of technology, and cyberspace provides opportunities for committing traditional crimes by taking advantage of the unique virtual environment. Over the past decade, companies and governments worldwide have been targeted by attackers who have used different computer techniques to steal confidential information [48], suggesting the prevalence of cyberespionage.
To respond to the rapidly evolving techniques and sophisticated tools used for industrial espionage, public law enforcement must play a central role as the main social control agent. For the police to effectively perform their duties in this area, understanding how individual officers perceive the importance of controlling cybercrime is critical. Officers' attitudes toward cybercrimes, particularly property offenses, have implications for cyberespionage because officers who accept the problem's importance are more likely to be interested in countermeasures [22].
The current research found that both the perceived views of colleagues and organizational emphasis influenced officers' attitudes toward the importance of controlling cybercrime. The perceived seriousness of online theft and individual proficiency also increased officers' emphasis on fighting cybercrimes, which supported prior research suggesting the influence of officers' perceptions as first responders [20,41,49].
The findings offer the following practical implications for the police in responding to cyberespionage. The KNPA [50] report that there was a total of 3638 cases of network infringement in 2019, which included 2664, 35, and 270 cases of hacking, denial-of-service, and malware attacks, respectively. Based on 112 cases of industrial espionage in the same year and the fact that phishing and other online fraud techniques are commonly used in industrial espionage [16,17], the police should redefine their roles [51] to eradicate industrial espionage along with property cybercrimes, especially those involving cyber-trespass and cyber-deception/theft [52]. A number of scholars have suggested improving industrial espionage-related policing activities, hiring expert personnel, and training officers to enhance skills [53][54][55].
The recommended measures will eventually help the police participate in cyberspace security governance and cyberespionage control, but a more immediate issue requiring attention is how officers view cybercrimes. Considering the nature of the virtual environment that defies spatiotemporal limitations, solving cyberespionage cases often necessitates interagency cooperation and involves officers performing varying duties at different levels. Therefore, general officer populations must be informed about the relevance of property cybercrimes for industrial espionage. This means organizational effort is needed to help raise officers' awareness and prepare them to handle cybercrimes effectively by establishing clear guidelines and providing sufficient training [42,43].
Additionally, the public must be educated on the seriousness of cybercrimes and the need to control them to prevent industrial espionage. It has been noted that lowlevel awareness is a major reason for the underreporting of economic cybercrime [51]. Government programs aimed at distributing information about cybercrimes and industrial espionage should be implemented to encourage reporting of suspicious online activities related to cyber trespassing and theft. Posters and billboards containing information about the offenses and the number(s) to call for reporting can be installed in public spaces, and public service announcements could reach many citizens.
The police can emphasize industrial espionage in all officer training. Evidence collection and handling the early stages of cyberespionage, including communication with the units in charge, can improve investigational efficiency and effectiveness. Training should include educating officers on the significance of industrial espionage control and emphasize personal computer efficiency. Lastly, the KNPA can publish reports on cyberespionage statistics. At the moment, there are no statistics to estimate the prevalence of online cybercrimes in industrial espionage cases. Access to such statistics will promote the development and implementation of more practical and relevant strategies.
The results must be interpreted by taking the following limitations into account. Because of the non-probability sampling (i.e., convenience) method used, the results' generalizability is limited. Nonetheless, considering that the PHRDI is the hub for police training and education, it can be argued that the survey participants comprised a national sample. In addition, the cross-sectional survey does not allow us to examine causal relationships between the variables. For instance, officers who feel that controlling cybercrimes is important may be more likely to believe that their colleagues and the police organization also emphasize it. Moreover, those who believe in the importance of preventing and responding to cybercrimes could invest greater effort in improving necessary skills (i.e., personal computer competency) to make a positive contribution. Future research should collect a random sample and employ an analytic strategy that enhances the findings' external validity and allows examination of causal effects to establish clear temporal orders between variables.
Moreover, the time elapsed since data collection could have undermined the validity of findings. We are aware of the social, political, and economic changes that have occurred for the past seven years, including a greater degree of interconnectedness in cyberspace due to the increasing number of Internet users and ongoing advancements in information and communications technologies. These developments have resulted in multiplication of criminal opportunities and diversification of offender modus operandi in the virtual environment. Public law enforcement, however, has not been able to keep up with these changes as recent studies suggest that officers still lack adequate understanding of and skills for combatting cybercrimes [42,43]. In addition to little improvement in policing cyberspace, the police as an organization are slow to adopt innovations and are difficult to reform [38]. Therefore, we believe the data used in this research are not a serious limitation, especially when our goal is to examine officers' perceptions of cybercrime control.

Conclusions
We examined the correlates of police officers' perceived importance of controlling cybercrime and its implications for combatting industrial espionage. As the Internet has become an essential part of everyday business, regulating illicit activities in cyberspace must be prioritized by the police who are the major law enforcement organization in the public sector. To regulate behaviors that could pose threats to a nation's industrial security, the police must acknowledge cybercrimes' seriousness and educate officers accordingly. Although there is extensive research conducted on cybercrime victimization and offending, there is little scholarly discourse of cyberespionage. To fill this gap, we explored the correlates of South Korean police officers' perceived importance of cybercrime control and discussed the implications for combatting industrial espionage.
We suggest that the police invest effort in redefining their missions and rethink how to police illegal online activities. Traditional crimes such as industrial espionage can now be committed online through hacking and malware attacks. Expressing concern about this issue may help shift the organizational focus, stimulating changes in officers' attitudes. Regular training and education programs may also increase officers' awareness and enhance their cyberespionage investigation skills and knowledge. Drawing from the facts that economic losses from cybercrimes continue to rise rapidly [14] and cybercrimes are now employed by politically-motivated offenders [56], countermeasures involving cross-sectoral partnerships should also be considered for effective prevention and response [49]. Furthermore, informing ordinary citizens about the importance of preventing industrial espionage and how it can be committed online and reporting procedures can supplement policies implemented at the organizational and governmental levels. Finally, future research should continue to pursue this line of research and contribute to the literature of policing industrial espionage by investigating the predictors of victimization and measuring the effectiveness of the programs implemented for industrial espionage control.