Next Article in Journal
GARMT: Grouping-Based Association Rule Mining to Predict Future Tables in Database Queries
Next Article in Special Issue
Hardware and Software Methods for Secure Obfuscation and Deobfuscation: An In-Depth Analysis
Previous Article in Journal
Exploring the Potential of the Bicameral Mind Theory in Reinforcement Learning Algorithms
Previous Article in Special Issue
Detecting Zero-Day Web Attacks with an Ensemble of LSTM, GRU, and Stacked Autoencoders
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Computers
Volume 14
Issue 6
10.3390/computers14060219
computers-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Threats to the Digital Ecosystem: Can Information Security Management Frameworks, Guided by Criminological Literature, Effectively Prevent Cybercrime and Protect Public Data?

by
Shahrukh Mushtaq
* and
Mahmood Shah
*
Newcastle Business School, University of Northumbria at Newcastle, Newcastle upon Tyne NE1 8ST, UK
*
Authors to whom correspondence should be addressed.
Computers 2025, 14(6), 219; https://doi.org/10.3390/computers14060219
Submission received: 26 March 2025 / Revised: 27 May 2025 / Accepted: 1 June 2025 / Published: 4 June 2025
(This article belongs to the Special Issue Using New Technologies in Cyber Security Solutions (2nd Edition))
Browse Figures
Versions Notes

Abstract

As cyber threats escalate in scale and sophistication, the imperative to secure public data through theoretically grounded and practically viable frameworks becomes increasingly urgent. This review investigates whether and how criminology theories have effectively informed the development and implementation of information security management frameworks (ISMFs) to prevent cybercrime and fortify the digital ecosystem’s resilience. Anchored in a comprehensive bibliometric analysis of 617 peer-reviewed records extracted from Scopus and Web of Science, the study employs Multiple Correspondence Analysis (MCA), conceptual co-word mapping, and citation coupling to systematically chart the intellectual landscape bridging criminology and cybersecurity. The review reveals those foundational criminology theories—particularly routine activity theory, rational choice theory, and deterrence theory—have been progressively adapted to cyber contexts, offering novel insights into offender behaviour, target vulnerability, and systemic guardianship. In parallel, the study critically engages with global cybersecurity standards such as National Institute of Standards and Technology (NIST) and ISO, to evaluate how criminological principles are embedded in practice. Using data from the Global Cybersecurity Index (GCI), the paper introduces an innovative visual mapping of the divergence between cybersecurity preparedness and digital development across 170+ countries, revealing strategic gaps and overperformers. This paper ultimately argues for an interdisciplinary convergence between criminology and cybersecurity governance, proposing that the integration of criminological logic into cybersecurity frameworks can enhance risk anticipation, attacker deterrence, and the overall security posture of digital public infrastructures.

1. Introduction

The widespread integration of interconnected digital systems has made information security (IS) a critical priority, especially in preventing cybercrime and safeguarding public data. Although various information security management (ISM) frameworks have been developed [1,2,3,4,5,6,7], their ability to effectively counter the increasingly sophisticated and adaptive nature of cyber threats remains widely debated. This article examines how empowering these frameworks through criminology literature could strengthen their preventive capabilities. Current research on cybercrime highlights the intricate relationship between technological vulnerabilities [8], human behaviour, and the broader societal consequences of cyberattacks [9,10,11,12,13]. Applying criminological insights to this dynamic offers a valuable foundation for designing more resilient security strategies. Therefore, this review builds on theoretical comparison of criminology applied to cybercrime prevention studies conducted either on users or organisations.

Background

The existing literature emphasises the need to integrate criminology theories with cybersecurity practices for more effective prevention of cyber threats [14]. It highlights the application of Situational Crime Prevention (SCP) strategies, which aim to increase the effort and risk for potential offenders targeting online services. This approach involves reducing the associated rewards through measures such as strengthened authentication protocols, access control mechanisms, and continuous monitoring, all designed to deter cybercriminal activity [15]. However, even with a well-established cybersecurity culture, strict adherence to security protocols is not guaranteed. In fact, inconsistencies and contradictions within cybersecurity frameworks can create systemic vulnerabilities, thereby heightening the likelihood of security breaches. This underlines the need for a more comprehensive and interdisciplinary approach—one that merges traditional technical defences with human-centred strategies [13,16].
Both governmental and private sector systems present lucrative targets for cybercriminals [17], with cybercrimes currently costing organisations approximately GBP 284.4 million annually [18], a figure projected to escalate to GBP 12.7 trillion by 2029 [19]. From a management standpoint, the formulation and execution of strong ISM practices are essential. Nevertheless, the existing literature offers limited insight into the theoretical underpinnings of cybercrime prevention [16]. Cybercrime victimization is a global issue, affecting individuals across all age groups [20]. The widespread adoption of mobile devices and increased reliance on online services have expanded the pool of potential victims, with mobile users now outnumbering traditional computer users [21]. The COVID-19 pandemic further amplified this vulnerability by accelerating remote work and digital interactions, creating new entry points for cybercriminals [22].
Both public and private sectors face comparable reputational and operational damage from cybercrime incidents [23]. Their extensive social media presence makes them influential in shaping user security behaviours through awareness initiatives [24]. However, despite baseline online security standards in many countries, significant gaps remain, particularly in regions with emerging digital infrastructure, leaving certain populations more exposed.
Similarly, the growing use of biometric data for authentication adds to privacy concerns. Black [22] notes that while biometrics, such as facial recognition and retina scans, are commonly used to unlock smartphones, they are increasingly employed for financial transactions. Border control agencies also rely on biometrics for visa processing and legal entry [25]. However, the large-scale collection and storage of such data heightens risks of misuse, including discriminatory practices and privacy breaches. The healthcare sector, with its vast stores of sensitive patient data, is particularly vulnerable. Increasing reliance on digital systems makes it a prime target for cyberattacks, where breaches could expose entire medical histories, undermining patient privacy and trust in national health services [26].
Cybercrime also presents multi-jurisdictional challenges for public and private organisations. Khan and Saleh [25] argue that without harmonised security frameworks, prosecuting cross-border cybercrimes is nearly impossible. Furthermore, Dinev and Hart [26] report that users’ privacy concerns intensify when they are required to share sensitive information online, eroding trust between users and service providers [27].
While prior work, such as [28], offers a comprehensive synthesis of criminological theories applied to the context of cybercrime, it notably omits the complementary dimension of cybersecurity frameworks that are operationalised in practice. This omission presents a critical gap in the literature, particularly in understanding how criminology theories are, or can be, translated into actionable strategies through structured cybersecurity protocols. Given the increasing complexity of cyber threats and the evolving nature of digital criminality, it is imperative to investigate not only how criminology theories have informed the academic understanding of cybercrime, but also how this body of knowledge aligns with or diverges from industry-adopted cybersecurity frameworks.
To this end, this study aims to bridge the theoretical–practical divide by examining the extent to which contemporary cybersecurity practices are informed by criminology insights and whether empirical research has sufficiently supported such integration. This investigation is especially relevant in the context of developing comprehensive, theory-driven, and evidence-based frameworks for cybercrime prevention. Accordingly, the study is guided by the following research questions:
  • What is the current state of research in criminology for cybercrimes?
  • In what ways have criminology theories been applied to understand and address cybercrime?
  • How does information security literature address cybercrime prevention?
  • What empirical evidence supports the integration of criminology research findings into the development of effective cybersecurity frameworks?

2. Materials and Methods

This study employs a structured, three-phase methodological design to systematically explore the intersection of cybercrime, criminology theories, and cybersecurity frameworks. The approach combines bibliometric analysis, theoretical mapping, and global benchmarking to provide a comprehensive understanding of scholarly developments and practical applications in the field. For the bibliometric analysis and visualization tasks, the study utilised RStudio Desktop (version 2025.05.0-496)—a leading integrated development environment for R programming. Specifically, the bibliometrix and biblioshiny packages were employed to process and analyse bibliographic data. Figures were generated using these tools to ensure methodological rigor, reproducibility, and transparency. RStudio and its associated bibliometric libraries are widely adopted and cited in peer-reviewed literature, establishing their reliability and credibility within academic research [29].

2.1. Phase 1: Bibliometric Analysis of Scholarly Literature

The first phase involved a comprehensive bibliometric analysis using bibliographic metadata obtained from two major academic databases: Web of Science and Scopus. A targeted search query was applied using the string ALL (cybercrime AND criminology AND cybersecurity AND framework), which yielded a total of 617 academic records. To ensure scholarly rigor, the inclusion criteria were limited to peer-reviewed journal articles. Grey literature, conference papers, and editorials were excluded. No publication date restrictions were applied in order to capture the historical and longitudinal development of relevant research.

2.2. Phase 2: Temporal Mapping of Criminological Theories

The second phase focused on mapping the temporal deployment of criminological theories within cybercrime-related research. This step aimed to identify which theoretical frameworks have been most frequently adopted over time and how these theories have influenced the development of cybersecurity strategies and research paradigms. The chronological analysis provides a theoretical trajectory that illustrates the shifting academic focus.

2.3. Phase 3: Global Benchmarking Using Cybersecurity Performance Metrics

In the final phase, data from the Global Cybersecurity Index (GCI) were used to benchmark high-performing countries based on their cybersecurity posture. The top three countries in the GCI rankings were selected for in-depth examination of the cybersecurity frameworks they have implemented. This analysis aimed to identify exemplary models of national cybersecurity governance and to understand how these frameworks align with or diverge from the theoretical insights identified in earlier phases.
Collectively, these three phases offer a rigorous and integrative methodological framework that bridges academic theory with international practice in cybercrime mitigation.

3. Results

3.1. Phase I: Bibliometric Analysis

The bibliometric analysis provides a detailed account of research conducted on the topic; details provided in Figure 1, which were identified using the specified search string mentioned in the Section 2, referred as “bills of materials Radanliev [29]”. Since no time span limitation was placed, the study includes papers from 2009 to March 2025 from 1590 authors with an annual growth rate of 25.53%. Only 104 documents were single-authored. Despite no reference data, the documents have a respectable impact with an average of 12.73 citations each and a relatively young average age of 3.15 years. A total of 1995 keywords indicates diverse research themes, highlighting a dynamic and expanding area of study with increasing scholarly engagement.
The study utilised Multiple Correspondence Analysis (MCA), and Confirmatory Factor Analysis (CFA) following [30] presented in Figure 2, to identify prominent thematic dimensions. It visually represents the two distinct dimensions of cybercrime literature derived from the analysis. The first dimension (76.29%) captures the disciplinary orientation of existing literature, differentiating technical cybersecurity methodologies—including machine learning, deep learning, and network security, positioned toward the left—from criminological and human-centred research themes such as victimization, offender motivation, and law enforcement practices on the right.
The second dimension (6.98%) reflects the thematic emphasis of research studies, distinguishing between socio-behavioural and organisational factors (e.g., security systems, social engineering, and behavioural research) at the upper end, and risk-focused, practical cybersecurity management approaches (such as risk assessment, digital forensics, and electronic crime countermeasures) located toward the lower end. This configuration features the extent of interdisciplinary integration and reveals varying degrees of theoretical versus practical research orientations within the cybersecurity and criminology domains.
The keyword co-occurrence network [31], prominently positions “cybercrime” as the central and dominant concept, highlighting its fundamental significance across various research domains in Figure 3. Closely linked to cybercrime are theoretical and criminological frameworks, notably situational crime prevention, routine activities theory, and general criminology concepts, which suggest an increasing scholarly interest in integrating traditional crime prevention strategies within cybersecurity contexts. Simultaneously, the map illustrates a robust connection to technical cybersecurity concepts such as malware, phishing, cyberattacks, cybersecurity awareness, and risk management, underscoring the literature’s balanced focus on both technical and human factors involved in cybercrime prevention.
Additionally, the presence of emerging technological themes like artificial intelligence, machine learning, blockchain, and deep learning indicates growing attention to innovative methods for cyber threat detection and mitigation. Finally, legal and governance-related terms—including law enforcement, regulation, privacy, and governance—reflect a critical scholarly discourse on policy and regulatory frameworks as essential complements to technological and theoretical approaches in addressing cybercrime comprehensively.

3.2. Phase II: Theoretical Progression

Numerous criminologists have examined crime prevention across diverse research domains, significantly enhancing the understanding of criminal behaviour and its effective mitigation [28]. In recent scholarship, established criminological frameworks have been systematically adapted and expanded to address cybercrime specifically, facilitating a more rigorous and structured exploration of digital offenses [29]. The existing literature highlights prominent theories that elucidate causation, operational mechanisms, and preventive strategies associated with cybercrimes presented in Figure 4.
The purpose of reviewing these theories is twofold. First, to assess their relevance and applicability to cybercrime contexts, and second, to evaluate how effectively they can inform the design of actionable and theoretically sound cybersecurity frameworks. This review facilitates the alignment of behavioural insights with structural interventions, ensuring that cybersecurity solutions are informed not only by technological considerations but also by criminological understanding. Figure 4 provides a thematic overview of these theories and their conceptual linkages to digital crime.

3.2.1. The Rational Choice Theory (1750)

Emerging from the classical school of criminology, rational choice theory posits that individuals are rational actors who engage in crime after weighing its potential benefits against associated risks or costs [32]. In the context of cybercrime, offenders assess the likelihood of success, potential rewards, and the probability of detection before committing an act. Although the model assumes rationality, it does not account for all behavioural nuances. Nevertheless, its core logic remains relevant for interpreting offender decision-making in digital environments.

3.2.2. The Path of Least Resistance Theory (1911)

Originating in physical science, this theory suggests that individuals gravitate toward options that require the least effort or resistance [33]. In cybercrime, this principle is evident when offenders exploit the weakest points in a system like outdated software, human error, or poor cyber hygiene, rather than launching more complex attacks. The theory highlights the importance of identifying and reinforcing system vulnerabilities to prevent intrusion.

3.2.3. The Cultural Lag Theory (1922)

According to Volti [34], material innovations (e.g., digital technologies) often outpace society’s normative adaptation to them. This lag can create vulnerabilities when individuals or institutions adopt technologies without fully understanding the responsibilities, risks, or governance structures required for secure use. The theory underscores the disjunction between rapid technological change and the slower evolution of cybersecurity awareness and practice.

3.2.4. Social Learning Theory (1961–1963)

Social learning theory asserts that criminal behaviours are acquired through observation and imitation of others, particularly within influential social groups [35], In the cyber domain, this learning occurs through online forums, social media, and dark web interactions, where knowledge about cyber-offending techniques and justifications are readily exchanged. Behavioural reinforcement through online communities can thus normalise cybercrime over time.

3.2.5. Deterrence Theory (1963)

Deterrence theory posits that crime can be prevented through the certainty, severity, and swiftness of punishment system [36]. While this model remains central to criminal justice policies, its application in cyberspace is complicated by challenges in attribution, jurisdiction, and enforcement. Nevertheless, the theory remains relevant for discussions around strengthening legal frameworks and surveillance capacities in cybercrime prevention.

3.2.6. Routine Activity Theory (1979)

Routine activity theory, developed by Cohen and Felson and later extended to cyberspace [37], identifies three conditions necessary for a crime to occur: a motivated offender, a suitable target, and the absence of a capable guardian. In online environments, “guardianship” may include firewalls, intrusion detection systems, or informed users. This theory helps conceptualise how everyday internet use can expose individuals and systems to criminal risks [38].

3.2.7. The Situational Crime Prevention (1980)

Situational crime prevention (SCP) aims to reduce crime opportunities by modifying the environment to increase the effort and risk associated with offending [39,40]. In cyber contexts, SCP may involve implementing encryption, multifactor authentication, or user education. The theory is often supported by rational choice and routine activity theories but has been critiqued for neglecting deeper socio-psychological causes of crime [33,41].

3.2.8. The General Theory of Crime (1990)

This theory, introduced by Gottfredson and Hirschi [42], argues that low self-control is a primary predictor of criminal behaviour. Individuals with impulsive tendencies are more likely to engage in deviant acts, including cybercrime. The theory aligns with observed behaviours such as phishing or identity theft, where opportunism and lack of restraint play a central role.

3.2.9. The General Strain Theory (1992)

An extension of Merton’s strain theory, general strain theory posits that individuals experiencing strain, like goal failure, loss of positive stimuli, or exposure to negative stimuli, may resort to crime as a coping mechanism [43]. In the cyber realm, such strain might manifest social rejection or economic hardship, prompting engagement in financially or socially motivated cyber-offenses.

3.2.10. The Crime Pattern Theory (1998)

The crime pattern theory according to Brantingham and Brantingham [44] suggests that criminal opportunities emerge when offender and victim paths intersect. In cyberspace, this can occur through shared platforms, browsing habits, or common digital routines. Recognising these patterns can aid in identifying high-risk online behaviours or vulnerable digital spaces.

3.2.11. The Space Transition Theory (2008)

The space transition theory [45], explores how the shift from physical to digital environments influences criminal behaviour. It emphasises anonymity, identity flexibility, and diminished guardianship as enablers of cybercrime. The theory helps explain why individuals who may not offend offline become emboldened in virtual settings.

3.2.12. The Digital Drift Theory (2015)

Digital drift theory further develops the idea of online disinhibition. It suggests that the lack of face-to-face accountability and the presence of pseudonymous identities allow individuals to engage in cyber-offending without moral conflict [46]. This theory highlights the importance of platform governance and the risks of unchecked anonymity in cyberspace.
Cybercrime prevention can be understood most clearly by weaving together several classic criminological perspectives rather than treating them in isolation. At the heart of online offending lies a cost–benefit calculus: rational choice theory argues that offenders gravitate toward the lowest-risk, highest-reward opportunities, which in cyberspace are the technical weak points—misconfigured servers, poor authentication, lax encryption—that constitute the “path of least resistance” [32,33]. Cultural lag theory adds a temporal dimension, showing how institutions adopt digital services faster than they develop the rules and oversight needed to secure them [34], once these systems are embedded, simply reverting to analogue processes is no longer realistic. Social learning ideas suggest that observing others profit from violations can normalise deviance, yet anonymity and global reach make such imitation diffuse and hard to trace [35]. Space-transition and digital-drift perspectives deepen this point, contending that fluid online identities and weak guardianship let users slip easily between compliant and deviant roles with little reputational cost [45,46] illustrated in Figure 5.
Motivational explanations then diverge: general strain theory links offending to pressures such as blocked goals or perceived injustice [43], while the general theory of crime locates it in enduring low self-control [42]. Deterrence theory, by contrast, focuses on external constraints, predicting that credible, swift, and severe punishment will recalibrate offenders’ cost–benefit calculation [36], an expectation often frustrated by cross-border jurisdictional hurdles online. Finally, situational crime-prevention principles shift attention from motive to opportunity, prescribing concrete security controls (e.g., multi-factor authentication, continuous monitoring) that shrink the attack surface but often treat end-users as passive recipients rather than active partners.
Synthesised, these theories reveal complementary blind spots: technical hardening without user engagement ignores the social vectors of risk; punitive deterrence without robust evidence collection weakens credibility; and motivational accounts without situational constraints leave vulnerabilities open. A holistic prevention framework must therefore integrate user-centred controls into resilient technical and institutional architectures, aligning the rational calculations, social dynamics, and environmental conditions that together determine whether cybercrime opportunities are exploited or neutralised. Therefore, information security management has devised controls and international cybersecurity frameworks for practical control and protection from digital threats.

3.3. Information Security Management (ISM)

ISM within the organisations depends on its management; for instance, effective IS is achieved through enacted management practices which are both proactive and reactive, comprising of a process which involves protecting, detection, and response to cybercrimes [47]. However, there is a scarcity of theories on cybercrime prevention especially in such context; therefore, ISM within institutions needs a more holistic approach [16]. We have compiled and reviewed theories which are considered important in this regard.

3.3.1. Socio-Technical Systems Theory

The theory suggests that harmony in social and technical settings within an organisation leads to effective IS. This perspective argues that both human and organisation factors are important for IS solutions [48].

3.3.2. Cybersecurity and Risk Management Framework

The international cybersecurity and risk management framework provides a comprehensive process of identification, protection, detection, response, and recovery from cybercrimes based on cybersecurity controls. These frameworks provide guidelines to industry’s best practices; however, it does not ensure effective security unless proper implementation and careful management compliance to these controls. Two main frameworks are ISO and NIST cybersecurity frameworks [3,49].

3.3.3. Institutional Theory

The theory examines how external pressure influences the internal management practices of IS. The external pressures include the regulations and industry practices. The organisations therefore based on these external pressures assume internal change suitable for effective ISM within organisations [50].

3.3.4. Integrated Framework for Information Security Management

Ma, Schmidt [51] proposed an integrated ISM framework based on contingency management. The framework incorporates Risk Management Theory, Control and Auditing Theory, and Management System Theory. The theory can be used to predict organisational attitudes and behaviour thus assisting in better IS decisions.

3.3.5. Information Security Policy Compliance

Along with protection motivation theory, 11 other theories were investigated and aligned to form a framework for IS policy compliance to understand the employee intentions and reactance towards the IS policies established within the organisations. However, the framework also recommends to consider awareness, security climate, and culture to bring in scenario-based training to detail how non-compliance would affect the institutional reputation [52].

3.3.6. Cybersecurity Mitigation Framework

The framework illustrates the importance of digital connectivity nodes based on assumptions that organisations may have less developed threat intelligence gathering, and a lack of auditing and control mechanisms. This might result in additional security misconfigurations. The framework describes phases to detect, assess, analyse, evaluate, and respond cyber incidents [2]. An influence of criminology theories on development of international cybersecurity frameworks is presented in Table 1.

3.4. Phase III: Cybersecurity Frameworks and Global Development

Figure 6 illustrates the relationship between the National Cyber Security Index (NCSI) and Digital Development Level for a broad range of countries, with each data point representing a country and coloured according to the difference between its cybersecurity preparedness and digital maturity. We operationalise national cyber-readiness using the National Cyber Security Index (NCSI) and contextualise it against a country’s broader digital maturity via the Digital Development Level (DDL) [53]. The NCSI is a continuously updated, evidence-based composite maintained by the e-Governance Academy that evaluates central-government capacity to prevent, detect, and manage cyber incidents. It assigns weighted values to 49 publicly verifiable indicators grouped into 12 legal, organisational, and technical capacities, and normalises a country’s aggregate score on a 0–100 scale representing the percentage of attainable points achieved [53]. The DDL, reported alongside the NCSI, provides a commensurate 0–100 measure of overarching digital transformation by averaging a nation’s standings on the UN E-Government Development Index and the Networked Readiness Index. Juxtaposing these two indices enables a nuanced analysis of whether cybersecurity capacity keeps pace with, lags behind, or exceeds a country’s level of digital development, thereby offering a theoretically and empirically robust baseline for our comparative assessments [53].
Countries shaded in purple exhibit a positive difference, indicating a relatively stronger cybersecurity posture compared to their level of digital development. In contrast, those in red reveal a negative difference, suggesting underperformance in cybersecurity relative to their digital growth. The dataset was sourced from the National Cyber Security Index archive from a project funded by British embassy in Tallinn [53].
In the realm of national cybersecurity frameworks, leading nations adopt distinct approaches tailored to their specific needs while often incorporating established international standards. The United States predominantly employs the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a comprehensive set of guidelines designed to help organisations manage and mitigate cybersecurity risks. Similarly, Belgium has shown engagement with NIST’s initiatives, reflecting an alignment with its principles [3]
Conversely, the United Kingdom has developed its own National Cyber Security Strategy, which, while independently formulated, integrates practices and standards that resonate with those established by NIST and the International Organisation for Standardization (ISO). Canada’s National Cyber Security Strategy articulates a long-term plan that aligns with various international standards, including those set by NIST and ISO, to enhance the nation’s cybersecurity resilience. The frameworks that can be adopted in Institutional level settings are compared in Table 2.

4. Discussion

Given the growing scholarly focus on cybercrime prevention, this study undertakes a comprehensive approach threefold. First, the bibliometric analysis is performed on a combined collection of WoS and Scopus databases to understand the criminology literature applied to cybercrimes. In the second phase, the theories from criminology applied to cybercrime prevention studies are reported with their growth and connections in cybercrime research. Lastly, the information security management theories are identified to consider the cybersecurity frameworks. The national cybersecurity index was used to plot the data of the cybersecurity index in comparison to digital development.
After a comprehensive evaluation based on the practices that are addressed by deterrence theory [54], Situational Crime Prevention [15], Role-Based Framework [55], and National Institute of Standards and Technology [3], the NIST cybersecurity framework provides detailed information based on five key cybersecurity functions. This additionally associates with the deterrence theory [54].
Most of the research in the cybercrime domain has focused on the technological aspects of crime considering the importance of security features, software, hardware, and extensive technological resources. However, behavioural aspects are important to understand effective cybercrime prevention within any setting, call it institutional or individual. The theories identified in the literature provide different paradigms to study cybercrime prevention. For instance, the routine activity theory and rational choice theory provides the foundation for understanding users’ victimization [37,38,44]. The routine activity theory explains the offender and victim in absence of a capable guardian. Thus, the guardian (organisation) relates as an element for understanding cybercrime prevention in organisations.
Similarly, the unified theory of information security compliance and an integrated information security framework focuses on training based on scenarios which openly address noncompliance effects on institutional reputation. Both information security management and criminology literature address these concerns; however, there is a need for an effective cybercrime prevention theory which can assist in understanding the factors that fully capture the cybercrime prevention landscape within the institutional settings.
The incorporation of criminological theories into cybersecurity frameworks has substantially enriched the comprehension and mitigation of cyber threats. By leveraging established criminological concepts, cybersecurity professionals can more effectively anticipate, prevent, and respond to cybercriminal activities.
A salient example is the application of the routine activity theory (RAT), which asserts that crime transpires when a motivated offender encounters a suitable target in the absence of capable guardianship. In the cyber realm, this framework aids in deciphering how offenders select targets and identify vulnerabilities where protective measures are deficient. By scrutinising these elements, organisations can devise strategies to diminish their attractiveness as targets and bolster their defensive mechanisms.
Another pertinent contribution emanates from rational choice theory, positing that individuals engage in criminal activities after evaluating the potential benefits against possible costs. In the context of cybersecurity, this entails assessing how cybercriminals perceive the risks and rewards of their actions. By amplifying perceived risks through stringent law enforcement and severe penalties, and diminishing potential rewards via enhanced security protocols, the propensity for cyber offenses can be mitigated.
Furthermore, the integration of criminological theories into cybersecurity risk assessment frameworks highlights the significance of understanding attacker motivations and systemic vulnerabilities. For instance, the Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI) [56] amalgamates principles from routine activity and rational choice theories to furnish a comprehensive evaluation of cybersecurity threats, thereby facilitating the development of predictive models and response strategies for critical infrastructure protection.
Additionally, concepts from environmental criminology have been transposed to the cyber domain, emphasising the role of the digital environment in either facilitating or deterring cybercrime. By analysing ‘cyberplaces’—the virtual locales where offenses occur—cybersecurity measures can be tailored to disrupt the convergence of motivated offenders and suitable targets, thereby augmenting the overall security posture.

5. Conclusions

Cybercrime prevention is studied broadly in context of different disciplines and theoretical foundations. The criminology literature is well extended and applied to cybercrime prevention along with information security management, which is mostly utilised by the information system researchers. Specifically, the criminology literature is used either to understand individual behaviour for effective cybercrime prevention or some technical theories which address controls, such as controls mentioned in situational crime prevention and practices of deterrence theory that are utilised for cybercrime prevention for institutions. The information security literature on the other hand provides a foundation for comprehensively evaluating cybersecurity culture, controls, and nodes requiring security within institutional settings. However, integrated frameworks work best with social, technical, and environmental contexts [57].
This study provides the extant of criminology literature applied to cybercrime prevention, information system theories, and cybersecurity frameworks in one setting. The significance of this study is to discuss the overlap and importance of each aspect within a single study. Therefore, the bibliometric analysis of criminology theories applied to cybercrime was attempted to grasp the current state of criminology research applied to cybercrimes. Additionally, these theories are discussed in detail explaining their assumptions and utilising in terms of cyberspace concepts.
The information security literature on the other hand informs cybercrime prevention through theories like socio-technical theory, institutional theory, information security compliance, and so forth. This establishes the notion of how different the application of criminology theories in terms of institutions is as compared to an individual’s context of researching cybercrime prevention. For instance, deterrence theory and situational crime prevention are more suited for institution settings, while routine activity theory, rational choice theory, theory of planned behaviour etc are utilised for individual victimization or offense [15,47,58,59,60,61,62,63]. However, at the national level, cybersecurity frameworks are utilised for effective cybercrime prevention within the institutional settings on a broad scale against the cybersecurity threats.
The discourse presented herein reveals that the criminological literature has played a pivotal role in interpreting cybercrime prevention from both individual and institutional perspectives. However, in the context of an institutional-level inquiry, a synthesis of information systems security scholarship and criminological theory is often employed to investigate cybercrime prevention strategies. At the national level, these preventive measures are typically operationalised through the development and implementation of comprehensive cybersecurity frameworks, such as those promulgated by NIST and ISO standards.
While existing studies contribute meaningfully by addressing specific research gaps, this study argues for a more nuanced evaluation of the effectiveness of such cybersecurity controls across diverse institutional categories and hierarchical levels. For example, a cybersecurity framework that proves effective within the healthcare sector may not yield equivalent efficacy within the financial sector. Consequently, although national cybersecurity frameworks provide a foundational structure for safeguarding against cyber threats, their application must be context sensitive. Empirical investigations should be undertaken at the individual level—whether from the standpoint of end-users or internal management—to assess the practical effectiveness of these frameworks. A notable gap persists, particularly in the context of developing countries, where institutional research often fails to inform or reflect corresponding policy reforms. This stresses the necessity of contextually grounded studies that bridge the divide between research output and policy development.

Future Research Implications

Future research should focus on assessing how well cybersecurity frameworks perform in different sectors, such as healthcare and finance, and at various organisational levels. Studies should explore both user and management perspectives to understand real-world effectiveness. In developing countries, it is especially important to connect research findings with policy changes to ensure cybersecurity strategies are practical, relevant, and context specific. Moreover, future research must also report and compare different cybersecurity frameworks utilised by the developing and developed world, to compare the differences and unique resemblance which can be utilised to further improve cybercrime prevention in individuals, institutions, and society at large.

Author Contributions

Conceptualization: S.M.; methodology, M.S. and S.M.; software, S.M.; validation, S.M.; investigation, S.M.; data curation, S.M.; writing—original draft preparation, S.M.; writing—review and editing, S.M. and M.S.; visualisation, S.M.; supervision, M.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analysed in this study.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. In, H.P.; Kim, Y.-G.; Lee, T.; Moon, C.-J.; Jung, Y.; Kim, I. A security risk analysis model for information systems. In Proceedings of the Systems Modeling and Simulation: Theory and Applications: Third Asian Simulation Conference, AsianSim 2004, Jeju Island, Republic of Korea, 4–6 October 2004; Revised Selected Papers 3. pp. 505–513. [Google Scholar]
  2. Yeboah-Ofori, A.; Opoku-Boateng, F.A. Mitigating cybercrimes in an evolving organizational landscape. Contin. Resil. Rev. 2023, 5, 53–78. [Google Scholar] [CrossRef]
  3. NIST. NIST Cybersecurity Framework. Available online: https://www.nist.gov/cyberframework/framework (accessed on 10 January 2025).
  4. Harmer, G.; Williams, M. Governance of Enterprise IT Based on COBIT®5: A Management Guide, 1st ed.; IT Governance Ltd.: Ely, UK, 2014. [Google Scholar]
  5. Phillips, A.; Ojalade, I.; Taiwo, E.; Obunadike, C.; Oloyede, K. Cyber-Security Tactics in Mitigating Cyber-Crimes: A Review and Proposal. Int. J. Cryptogr. Inf. Secur. (IJCIS) 2023, 13, 1–20. Available online: https://airccse.org/journal/ijcis/current2023.html (accessed on 12 January 2025).
  6. Phillips, B. Information technology management practice: Impacts upon effectiveness. J. Organ. End User Comput. (JOEUC) 2013, 25, 50–74. [Google Scholar] [CrossRef]
  7. Obaidat, M.A.; Obeidat, S.; Holst, J.; Al Hayajneh, A.; Brown, J. A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures. Computers 2020, 9, 44. [Google Scholar] [CrossRef]
  8. Rawindaran, N.; Jayal, A.; Prakash, E. Exploration of the Impact of Cybersecurity Awareness on Small and Medium Enterprises (SMEs) in Wales Using Intelligent Software to Combat Cybercrime. Computers 2022, 11, 174. [Google Scholar] [CrossRef]
  9. Dupont, B.; Holt, T. The Human Factor of Cybercrime. Soc. Sci. Comput. Rev. 2021, 40, 860–864. [Google Scholar] [CrossRef]
  10. Dupont, B.; Holt, T.J. Advancing research on the Human Factor in Cybercrime. Comput. Hum. Behav. 2023, 138, 107410. [Google Scholar] [CrossRef]
  11. Holt, T.J.; Dupont, B. Summarizing the special issue on the human factor in cybercrime. Comput. Hum. Behav. 2023, 138, 107411. [Google Scholar] [CrossRef]
  12. Leukfeldt, R.; Holt, T.J. The Human Factor of Cybercrime; Routledge: Abingdon, UK, 2019. [Google Scholar]
  13. Pollini, A.; Callari, T.C.; Tedeschi, A.; Ruscio, D.; Save, L.; Chiarugi, F.; Guerri, D. Leveraging human factors in cybersecurity: An integrated methodological approach. Cogn. Technol. Work. 2022, 24, 371–390. [Google Scholar] [CrossRef]
  14. Dupont, B.; Whelan, C. Enhancing relationships between criminology and cybersecurity. J. Criminol. 2021, 54, 76–92. [Google Scholar] [CrossRef]
  15. Ho, H.; Ko, R.; Mazerolle, L. Situational Crime Prevention (SCP) techniques to prevent and control cybercrimes: A focused systematic review. Comput. Secur. 2022, 115, 102611. [Google Scholar] [CrossRef]
  16. Soomro, Z.A.; Shah, M.H.; Ahmed, J. Information security management needs more holistic approach: A literature review. Int. J. Inf. Manag. 2016, 36, 215–225. [Google Scholar] [CrossRef]
  17. Mee, P.; Chandrasekhar, C. Cybersecurity is Too Big a Job for Governments or Business to Handle Alone; European Union Agency for Law Enforcement Training (CEPOL): Budapest, Hungary, 2021. [Google Scholar]
  18. Lohrke, F.T.; Frownfelter-Lohrke, C. Cybersecurity research from a management perspective: A systematic literature review and future research agenda. J. Gen. Manag. 2023. [Google Scholar] [CrossRef]
  19. Statista. Estimated Cost of Cybercrime Worldwide 2018–2029. 2024. Available online: https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide (accessed on 12 January 2025).
  20. Drew, J.M. A study of cybercrime victimisation and prevention: Exploring the use of online crime prevention behaviours and strategies. J. Criminol. Res. Policy Pract. 2020, 6, 17–33. [Google Scholar] [CrossRef]
  21. Haugen, S. E-government, cyber-crime and cyber-terrorism: A population at risk. Electron. Gov. Int. J. 2005, 2, 403–412. [Google Scholar] [CrossRef]
  22. Buil-Gil, D.; Miró-Llinares, F.; Moneva, A.; Kemp, S.; Díaz-Castaño, N. Cybercrime and shifts in opportunities during COVID-19: A preliminary analysis in the UK. Eur. Soc. 2021, 23, S47–S59. [Google Scholar] [CrossRef]
  23. Paoli, L.; Visschers, J.; Verstraete, C. The impact of cybercrime on businesses: A novel conceptual framework and its application to Belgium. Crime Law Soc. Change 2018, 70, 397–420. [Google Scholar] [CrossRef]
  24. Tang, Z.; Miller, A.S.; Zhou, Z.; Warkentin, M. Does government social media promote users’ information security behavior towards COVID-19 scams? Cultivation effects and protective motivations. Gov. Inf. Q. 2021, 38, 101572. [Google Scholar] [CrossRef]
  25. Abomhara, M.; Yayilgan, S.Y.; Nweke, L.O.; Székely, Z. A comparison of primary stakeholders’ views on the deployment of biometric technologies in border management: Case study of SMart mobILity at the European land borders. Technol. Soc. 2021, 64, 101484. [Google Scholar] [CrossRef]
  26. McLeod, A.; Dolezel, D. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decis. Support Syst. 2018, 108, 57–68. [Google Scholar] [CrossRef]
  27. Dion, M. Corruption, fraud and cybercrime as dehumanizing phenomena. Int. J. Soc. Econ. 2011, 38, 466–476. [Google Scholar] [CrossRef]
  28. Onwuadiamu, G. Cybercrime in Criminology: A Systematic Review of criminological theories, methods, and concepts. J. Econ. Criminol. 2025, 8, 100136. [Google Scholar] [CrossRef]
  29. Radanliev, P. Digital security by design. Secur. J. 2024, 37, 1640–1679. [Google Scholar] [CrossRef]
  30. Chourasia, A.; Bahuguna, P. Organizational performance as dependent variable in strategic human resource management literature–a journey so far. Benchmarking Int. J. 2024; ahead-of-print. [Google Scholar] [CrossRef]
  31. Chaure, S.; Punjabi, S. The Effect of Artificial Intelligence on Data Security Systems. In Proceedings of the Cognitive Computing and Cyber Physical Systems, Bhimavaram, India, 4–6 April 2024; Springer Nature: Cham, Switzerland, 2024; pp. 408–419. [Google Scholar]
  32. Hechter, M.; Kanazawa, S. Sociological Rational Choice Theory. Annu. Rev. Sociol. 1997, 23, 191–214. [Google Scholar] [CrossRef]
  33. Johnson, M. Cyber Crime, Security and Digital Intelligence; Taylor & Francis Group: Farnham, UK, 2013. [Google Scholar]
  34. Volti, R.; William, F.O. Social Change with Respect to Culture and Original Nature; JSTOR: New York, NY, USA, 2004. [Google Scholar]
  35. Bandura, A.; Walters, R.H. Social Learning Theory; Englewood Cliffs Prentice Hall: Englewood Cliffs, NJ, USA, 1977; Volume 1. [Google Scholar]
  36. Beccaria, C. On Crimes and Punishments; Transaction Publishers: Piscataway, NJ, USA, 2016. [Google Scholar]
  37. Reyns, B.W.; Henson, B. The Thief With a Thousand Faces and the Victim With None:Identifying Determinants for Online Identity Theft Victimization With Routine Activity Theory. Int. J. Offender Ther. Comp. Criminol. 2016, 60, 1119–1139. [Google Scholar] [CrossRef]
  38. Eck, J.E. Examining Routine Activity Theory: A Review of Two Books; Taylor & Francis: Abingdon, UK, 1995. [Google Scholar]
  39. Clarke, R.V.G.; Felson, M. Routine Activity and Rational Choice; Transaction Publishers: Piscataway, NJ, USA, 1993; Volume 5. [Google Scholar]
  40. Back, S.; LaPrade, J. Cyber-situational crime prevention and the breadth of cybercrimes among higher education institutions. Int. J. Cybersecur. Intell. Cybercrime 2020, 3, 25–47. [Google Scholar] [CrossRef]
  41. Painter, K.A.; Farrington, D.P. Evaluating situational crime prevention using a young people’s survey: Part II making sense of the elite police voice. Br. J. Criminol. 2001, 41, 266–284. [Google Scholar] [CrossRef]
  42. Grasmick, H.G.; Tittle, C.R.; Bursik, R.J.; Arneklev, B.J. Testing the Core Empirical Implications of Gottfredson and Hirschi’s General Theory of Crime. J. Res. Crime Delinq. 1993, 30, 5–29. [Google Scholar] [CrossRef]
  43. Agnew, R. Foundation for a general strain theory of crime and delinquency*. Criminology 1992, 30, 47–88. [Google Scholar] [CrossRef]
  44. Brantingham, P.; Brantingham, P. Crime pattern theory. In Environmental Criminology and Crime Analysis; Willan: London, UK, 2013; pp. 100–116. [Google Scholar]
  45. Jaishankar, K. Space transition theory of cyber crimes. Crimes Internet 2008, 5, 283–301. [Google Scholar]
  46. Goldsmith, A.; Brewer, R. Digital drift and the criminal interaction order. Theor. Criminol. 2015, 19, 112–130. [Google Scholar] [CrossRef]
  47. Ho, H.; Gilmour, J.; Mazerolle, L.; Ko, R. Utilizing cyberplace managers to prevent and control cybercrimes: A vignette experimental study. Secur. J. 2023, 21, 1–24. [Google Scholar] [CrossRef]
  48. Malatji, M.; Marnewick, A.; von Solms, S. Validation of a socio-technical management process for optimising cybersecurity practices. Comput. Secur. 2020, 95, 101846. [Google Scholar] [CrossRef]
  49. Kurii, Y.; Opirskyy, I. Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001: 2013. NIST Spec. Publ. 2022, 800, 10. [Google Scholar]
  50. Al-ma’aitah, M.A. Investigating the drivers of cybersecurity enhancement in public organizations: The case of Jordan. The Electronic J. Inf. Syst. Dev. Ctries. 2022, 88, e12223. [Google Scholar] [CrossRef]
  51. Ma, Q.; Schmidt, M.B.; Herberger, G.R.; Pearson, J.M. An integrated framework for information security management. Rev. Bus. 2009, 30, 58. [Google Scholar]
  52. Moody, G.D.; Siponen, M.; Pahnila, S. Toward a unified model of information security policy compliance. MIS Q. 2018, 42, 285–312. [Google Scholar] [CrossRef]
  53. Academy, e-Governance. National Cybersecurity Index; NCSI: Yokosuka, Japan, 2024. [Google Scholar]
  54. Alanezi, F.; Brooks, L. Combatting Online Fraud in Saudi Arabia Using General Deterrence Theory (GDT). 2014. Available online: https://aisel.aisnet.org/amcis2014/ICTGlobal/GeneralPresentations/12/ (accessed on 12 January 2025).
  55. Okeke, R.I.; Eiza, M.H. The Application of Role-Based Framework in Preventing Internal Identity Theft Related Crimes: A Qualitative Case Study of UK Retail Companies. Inf. Syst. Front. 2023, 25, 451–472. [Google Scholar] [CrossRef]
  56. Martin, C.S. Integrating Criminological Theories in Cybersecurity Risk Assessment: A Study of the TRACI Framework’s Application to Critical Infrastructure. ProQuest Dissertations & Theses. Ph.D. Thesis, Liberty University, Lynchburg, VA, USA, 2024. [Google Scholar]
  57. Wallace, S.; Green, K.; Johnson, C.; Cooper, J.; Gilstrap, C. An Extended TOE Framework for Cybersecurity Adoption Decisions. Commun. Assoc. Inf. Syst. 2021, 47, 51. [Google Scholar] [CrossRef]
  58. Straub, D.W.; Welke, R.J. Coping with systems risk: Security planning models for management decision making. MIS Q. 1998, 22, 441–469. [Google Scholar] [CrossRef]
  59. Graham, R.; Triplett, R. Capable guardians in the digital environment: The role of digital literacy in reducing phishing victimization. Deviant Behav. 2017, 38, 1371–1382. [Google Scholar] [CrossRef]
  60. Hawdon, J. Cybercrime: Victimization, Perpetration, and Techniques. Am. J. Crim. Justice 2021, 46, 837–842. [Google Scholar] [CrossRef] [PubMed]
  61. Saleem, S.; Khan, N.F.; Zafar, S. Prevalence of cyberbullying victimization among Pakistani Youth. Technol. Soc. 2021, 65, 101577. [Google Scholar] [CrossRef]
  62. van de Weijer, S.; Leukfeldt, R.; Moneva, A. Cybercrime during the COVID-19 pandemic: Prevalence, nature and impact of cybercrime for citizens and SME owners in the Netherlands. Comput. Secur. 2024, 139, 103693. [Google Scholar] [CrossRef]
  63. Williams, M.L.; Levi, M.; Burnap, P.; Gundur, R.V. Under the Corporate Radar: Examining Insider Business Cybercrime Victimization through an Application of Routine Activities Theory. Deviant Behav. 2019, 40, 1119–1131. [Google Scholar] [CrossRef]
Computers 14 00219 g001
Figure 1. Bills of Material (authors own).
Figure 1. Bills of Material (authors own).
Computers 14 00219 g001
Computers 14 00219 g002
Figure 2. Conceptual Structure Map—method MCA (author own).
Figure 2. Conceptual Structure Map—method MCA (author own).
Computers 14 00219 g002
Computers 14 00219 g003
Figure 3. Keyword Co-Occurrence Network (author own).
Figure 3. Keyword Co-Occurrence Network (author own).
Computers 14 00219 g003
Computers 14 00219 g004
Figure 4. Theoretical Progression Over time (author own).
Figure 4. Theoretical Progression Over time (author own).
Computers 14 00219 g004
Computers 14 00219 g005
Figure 5. Criminology theories applied to cybercrimes and their assumptions (authors own).
Figure 5. Criminology theories applied to cybercrimes and their assumptions (authors own).
Computers 14 00219 g005
Computers 14 00219 g006
Figure 6. A comparison of National Cybersecurity Index and development globally (authors own).
Figure 6. A comparison of National Cybersecurity Index and development globally (authors own).
Computers 14 00219 g006
Table 1. Criminology Theories influence on International Cybersecurity Frameworks and Policies.
Table 1. Criminology Theories influence on International Cybersecurity Frameworks and Policies.
Criminological TheoryInfluence on International Cybersecurity Frameworks
Rational Choice TheoryForms the conceptual foundation for risk-based cybersecurity models by assuming rational attackers; informs risk assessments and cost–benefit analyses in frameworks like NIST and ISO/IEC 27001.
Deterrence TheoryReinforces the need for enforcement, monitoring, and penalties in policy frameworks such as the Council of Europe’s Budapest Convention and GDPR enforcement mechanisms.
Routine Activity TheoryShapes user behaviour-focused frameworks that emphasise continuous monitoring, user access control, and the role of digital guardianship (e.g., NIST CSF ‘Protect’ and ‘Detect’ functions).
Situational Crime PreventionInforms technical control standards and secure system design principles; aligns with proactive defence strategies in frameworks like ISO 27002 and CIS Controls.
Social Learning TheorySupports awareness training, behavioural analytics, and community reporting elements in national strategies like the UK’s Cyber Aware campaign and Australia’s ACSC initiatives.
General Strain TheoryProvides insight into the socio-economic factors driving cybercrime, influencing policy recommendations in OECD cybersecurity reports and UNODC cybercrime frameworks.
General Theory of CrimeHighlights the importance of individual accountability and internal governance controls in corporate cybersecurity policies and compliance standards such as PCI DSS.
Crime Pattern TheoryInfluences threat modelling and vulnerability assessments by identifying digital behaviour patterns and common access points, adopted in frameworks like MITRE ATT and CK.
Space Transition TheoryRaises awareness of jurisdictional and policy challenges in cyber law by highlighting behavioural differences across spaces, used in cross-border cooperation protocols such as Interpol’s cybercrime operations.
Digital Drift TheoryEncourages ethical design and online platform accountability by identifying drift-related vulnerabilities; relevant to youth digital safety strategies under UNESCO and EU cybersecurity directives.
Table 2. Framework Comparison from Criminology, Information System, and Cybersecurity frameworks.
Table 2. Framework Comparison from Criminology, Information System, and Cybersecurity frameworks.
Framework Comparison
Deterrence Theory [54]Situational Crime Prevention [15]Role-Based Framework [55]National Institute of Standards and Technology [3]
Main conceptThe cybercrime prevention model, based on deterrence theory, addresses various stages of cybercrime prevention, including deterrence, prevention, detection, and remediation.It operates on five core functions: increasing efforts, increasing risk, reducing rewards, reducing provocations, and removing excuses. These fundamental functions are further expanded into 25 specific controls.The framework is designed to clarify the distinct roles of management within organisational settings, recommending that various management levels adopt practices to mitigate identity theft within organisations.It is a comprehensive cybersecurity framework that integrates both technological and managerial controls for cybercrime prevention. The framework offers a detailed set of recommendations for cybersecurity, encompassing both technological and managerial aspects. However, its core emphasizes the importance of identifying, protecting against, detecting, responding to, and recovering from cybercrime.
UtilisationIt can serve as a model for implementing practices at various stages of cybercrime mitigation within digital service settings.Primarily focused on technological controls, this model is frequently referenced in computer science and information systems literature for the implementation of controls in alignment with international cybersecurity frameworks, such as ISO standards.The framework outlines general management practices for consideration, but it is specifically developed and applied within organisational settings, limiting its generalizability to all digital services sectors.Excessively detailed about technological controls, the current framework also links the implementation of each individual function to the cybersecurity framework, thereby representing it predominantly as a technological control paradigm.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Mushtaq, S.; Shah, M. Threats to the Digital Ecosystem: Can Information Security Management Frameworks, Guided by Criminological Literature, Effectively Prevent Cybercrime and Protect Public Data? Computers 2025, 14, 219. https://doi.org/10.3390/computers14060219

AMA Style

Mushtaq S, Shah M. Threats to the Digital Ecosystem: Can Information Security Management Frameworks, Guided by Criminological Literature, Effectively Prevent Cybercrime and Protect Public Data? Computers. 2025; 14(6):219. https://doi.org/10.3390/computers14060219

Chicago/Turabian Style

Mushtaq, Shahrukh, and Mahmood Shah. 2025. "Threats to the Digital Ecosystem: Can Information Security Management Frameworks, Guided by Criminological Literature, Effectively Prevent Cybercrime and Protect Public Data?" Computers 14, no. 6: 219. https://doi.org/10.3390/computers14060219

APA Style

Mushtaq, S., & Shah, M. (2025). Threats to the Digital Ecosystem: Can Information Security Management Frameworks, Guided by Criminological Literature, Effectively Prevent Cybercrime and Protect Public Data? Computers, 14(6), 219. https://doi.org/10.3390/computers14060219

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop