Reconceptualizing Policing for Cybercrime: Perspectives from Singapore †

: As cybercrime proliferates globally, law enforcement agencies face significant challenges in responding effectively. This essay shares perspectives from Singapore, where cybercrime accounted for about 70% of the total annual crime in 2023, with no clear data on case resolution rates. This situation reflects a broader global trend and highlights the need to reconceptualize policing objectives in cyberspace. The fundamental differences between cybercrime and physical crime necessitate a shift from emphasizing the identification and prosecution of perpetrators to adopting a harm-centric perspective. Under this perspective, structures and policies should be implemented to disrupt financial flows, ensure data security, disrupt the spread of harmful content, and prevent physical damage. Once this is done, strategies such as public–private partnerships, international cooperation, and training and building capabilities to address specific harms can be more effectively implemented to mitigate the growing threat that cybercrime poses worldwide.


Introduction
The landscape of criminal activity has fundamentally transformed over the past decade, driven by the increasing penetration of the internet and the ubiquity of smart devices.This transformation has elevated cybercrime to a primary concern for governments and law enforcement agencies globally.For instance, in 2011, the Singapore Police Force (SPF) did not categorize online scams or cybercrimes separately; the closest equivalent was commercial crimes, which accounted for 12.1% of the total crimes (SPF 2011).By 2021, however, online scams and cybercrimes comprised over 50% of all the reported crimes in Singapore (SPF 2021).Despite this increase, there are no available statistics on the resolution rate of these crimes.Globally, it is estimated that only 1% to 4% of all the cybercrime cases are solved (Coupe and Ariel 2019).This dramatic shift underscores the urgent need for reconceptualizing policing strategies to effectively address the pervasive and complex nature of cybercrime.
It is commonly acknowledged that there is a lack of reliable official statistics across the globe, which makes it difficult to estimate the prevalence or incidence of cybercrime (Chen et al. 2023), but the trend of growing cybercrime in Singapore seems to be replicated across the world, with the firm Cybersecurity Ventures predicting the cost of cybercrime globally to reach $10.5 trillion by 2025 (Morgan 2020).Anderson et al. (2019) report that about half of all the property crimes, by volume and by value, are now online, and conclude that we, collectively, are particularly bad at prosecuting criminals.Crime has evidently changed with the times-with Wall and Williams (2013) noting that asymmetrical developments in cybercrime pose contrasting and significant challenges-the question is whether policing can keep up.

Terminology-Crime, Cybercrime, Digital Crime, and Cybersecurity
Clarifying terminology is essential: crime encompasses all the activities prohibited by laws aimed at regulating and punishing behavior.Cybercrime, digital crime, and cybersecurity each have distinct definitions and implications.
While there is no universally accepted definition of cybercrime (Curtis and Oxburgh 2022;Wall 2017;Holt and Bossler 2013;Kshetri 2010), in Singapore, cybercrime refers to two broad categories of offenses: the first being offenses that target computers (for example a distributed denial of service attack, or the unauthorized access of computers), and the second being offenses that involve traditional crimes that are now increasingly committed via computers (for example fraud/scams, or sharing child pornography) (MHA 2016).In other words, the first refers to crimes that would not exist if not for computers, and the second is crimes that are increasingly leveraging on computers to do what was once done in the physical world.
Digital crime is an ill-defined term, though if we explore the root word-'digital'then it must relate to crime involving data that are transmitted in bits.In other words, digital crime is tantamount to cybercrime insofar as both rely on modern-day computer systems and networks.
Cybersecurity, according to Singapore's Cybersecurity Act (2018), in comparison, refers to the idea of protecting computer systems and networks from unauthorized access or amendments.In particular, cybersecurity is a topical and growing research area to explore the notions of cyber-attacks and cyberwarfare, especially those that are state-sponsored, or against critical information infrastructure, which then has knock-on effects on national security and defense.In Singapore, through the operation of the Computer Misuse Act (1993) and the Cybersecurity Act (2018), any cybersecurity incident necessarily also involves the commission of a cybercrime.

Literature Review-Shifting from Deterrence to Harm Mitigation in Cybercrime Policing
This essay employs a qualitative approach to synthesize the existing literature on cybercrime and policing strategies.The research methodology involved a comprehensive review of academic papers, selected based on their relevance to the topic and their contribution to understanding the evolution of cybercrime and policing responses.To provide context, the following literature review summarizes the relevant existing research, highlighting a notable gap in what law enforcement agencies should do versus what they are currently doing in relation to cybercrime.
Extensive global research has been conducted on cybercrimes related to national cybersecurity, with significant contributions from government bodies, think-tanks, and private companies (Vaseashta et al. 2014) on how they occur, and the various methods used by nefarious actors to further their illicit goals.However, there is disproportionately limited research on cybercrimes affecting ordinary citizens, such as online scams and fraud (Maimon and Louderback 2019;Akerlof and Shiller 2016).This gap is particularly evident in jurisdictions like Singapore, where online scams have become the most prevalent form of cybercrime.The existing literature primarily focuses on deterrence and criminological studies aimed at understanding offenders and victims (DeTardo-Bora and Bora 2016; Dupont 2016).There is a noticeable lack of discussion on practical strategies for law enforcement agencies to effectively address cybercrimes post-incident beyond mere deterrence.
Authors like DeTardo-Bora and Bora (2016) have highlighted the necessity for new strategies to address cybercrimes, particularly due to their cross-border nature, which introduces complex jurisdictional and enforcement challenges (Broadhurst 2006).Swire (2009) emphasized the need for strategies to tackle the 'information problem' of fragmented knowledge across jurisdictions and the 'commons problem' of the lack of incentives to prioritize cross-border harms.Dupont (2016) evaluated three main strategies in fighting cybercrime networks like botnets: incapacitation, disruption, and harm reduction, finding that harm reduction shows more promise than the others.Collier et al. (2021) discussed the concepts of 'infrastructural policing', where law enforcement agencies target administrators and infrastructure providers behind cybercrime markets, and 'influence policing', which leverages targeted messaging to deter potential cybercriminals.Additionally, there has been focused research on specific types of cybercrimes, such as sextortion (O'Malley and Holt 2020), ATM hacking (Wang and Hsieh 2021), credit-card fraud (Attivilli and Arul Jothi 2023), and cryptocurrency exchange scams (Xia et al. 2020).Maimon and Louderback (2019), in the Annual Review of Criminology, highlight at least three review articles on the state of and gaps in cybercrime research (Bossler 2017;D'Arcy and Herath 2011;Holt and Bossler 2013).These pieces specifically focus on deterrence theories and policies, but there is an understated gap: the ineffectiveness of tackling cybercrime once it occurs.The existing literature primarily concentrates on ex ante deterrence and criminological studies aimed at understanding offenders and victims.However, there is a notable lack of discussion for practitioners and public policy officials on how to address cybercrimes ex post, beyond deterrence, which has proven challenging for governments.
This essay addresses this gap by (i) reviewing the historical evolution and functions of policing in the physical realm; (ii) identifying the shortcomings of current law enforcement mechanisms in addressing cybercrime; (iii) advocating for a reconceptualization of the objectives of policing in cyberspace, and (iv) proposing comprehensive, harm-centric strategies that law enforcement agencies can adopt to mitigate the escalating threat of cybercrime.By shifting the focus from traditional prosecution to harm mitigation, this paper offers a novel perspective that can significantly enhance the effectiveness of cybercrime policing, making a clear contribution to the wider literature on cybercrime and law enforcement.

Historical Evolution of Modern-Day Policing
It is important to understand that the general powers of law enforcement agencies are a function of the objectives of these agencies, and that they have evolved over time.This section aims to demonstrate that the current objectives of law enforcement agencies in most countries are twofold: preventing crime and prosecuting those accused of committing crimes.The following section outlines that prosecution is distinctly harder for cybercrimes than physical crimes due to five shortcomings of the existing law enforcement mechanisms.Given these shortcomings, it is necessary to reassess our overall aims for addressing cybercrime: if the objectives of agencies in dealing with cybercrimes differ from those for physical crimes, then the powers and strategies required to tackle cybercrime must also evolve.
To begin, Foucault (1977) outlines how society has transitioned through various epochs of order, and how the conception and methods of maintaining this order have undergone significant changes.For instance, Foucault outlines that in ancient civilizations, from Mesopotamia to Greece, 'policing' was primarily a community-oriented venture, and it was the responsibility of every citizen to uphold and enforce laws, with punishment often being a public spectacle.
The establishment of formal police forces, and the shift of enforcement power from individuals to formal bodies, was a gradual process over centuries in Europe.It is generally accepted that France, under King Louis XIV, was the first to institute a system of policing resembling modern-day police forces (Bowling et al. 2019;Luc 2016).Nonetheless, early forms of policing existed in the United Kingdom as far back as 1629, when King Charles introduced the Articles of War which referenced mounted police (Roth 1998).The emergence of modern police forces, however, did not begin in earnest until the 1700s and 1800s.For instance, while constables were first introduced in Edinburgh, Scotland, in 1611, a formal police force did not emerge until the early 1800s (McGowan 1996).In the 1700s, European cities saw a decline in civic police forces made up of citizens, and a rise in professional, municipal police forces (Denys 2010).In the 1800s, police forces became more bureaucratic and autonomous from political institutions (Deflem 2000).This allowed for greater cooperation between the police forces across borders.Most notably, the International Criminal Police Commission, now Interpol, was formed in 1823 to facilitate international police cooperation (Deflem 2000).Bowling et al. (2019) and Roth (1998) show how police forces were also introduced throughout the British Empire during this time.The British model of policing spread to the colonies in Africa, the Middle East, India, Canada, and the Pacific.There was some resistance to the establishment of police forces, as they were seen by some as a threat to civil liberties; however, their perceived necessity for controlling crime and maintaining order led to their gradual acceptance and spread (Loveday 1995).By the mid-1900s, most major cities and countries had established formal, professional uniformed police forces (Mladek 2007).
In summary, the current model of policing is a relatively recent invention in modern societies.As researchers and policymakers, we should be open to reconceptualizing what policing can and should look like in the digital age.

Current Law Enforcement Mechanisms for Policing
The existence of formalized law enforcement agencies is now a truism for countries globally.While nations often establish distinct entities to delineate responsibilities, such as the division between federal and state law enforcement in the United States, the core functions of these agencies remain comparable.In Singapore, institutions like the Singapore Police Force and the Central Narcotics Bureau have distinct roles, yet both hold similar coercive powers essential to their duties, including search, seizure, arrest, and the use of force.
Using Singapore as a representative example, several police powers align with what is commonly understood as the traditional law enforcement mechanisms in the physical realm.These powers include the following: (1) The power to order the production of any document or thing (relevant to an investigation) under section 20 of the Criminal Procedure Code ( 2010 As an important caveat, the list of powers above is not meant to be exhaustive, but rather representative-there are important qualifications to each of them, and they operate in a complex matrix of other powers, duties, and obligations which could and should be the subject of a separate, focused paper. What we now consider as the 'traditional' methods of law enforcement are rooted in objectives such as retribution, deterrence, rehabilitation, incapacitation, and, in some cultural contexts, restorative justice (Ashworth and Kelly 2021).These objectives seek to cater to a dual purpose-a societal need for justice and reparation for harm done, and a transformation or correction of deviant behavior.

Two Overarching Aims of Policing-Prevention and Prosecution
While delving into criminal justice theory is unnecessary at this point, it is evident that most police powers are practical in nature and generally necessary to achieve their objectives, which can be summarized into two overarching aims: preventing further immediate harm and facilitating prosecution.What administrative procedures need to be complied with to exercise coercive powers can be (and is) a matter for debate, but most forces across most countries have the same base set of powers, with a view to achieving these two aims.
For example, the first overarching aim of preventing further immediate harm is fundamental to the duties of uniformed personnel, involving their ability, training, and capability to intervene and respond to law-and-order situations.This applies to extreme cases involving lethal force against a terrorist as well as day-to-day volume cases like disputes in public.Law enforcement agencies are empowered and equipped to maintain law and order in public spaces, to preserve public peace, and to assist in maintaining a sense of safety and security.To ensure that these objectives can be achieved, they have the powers of search, seizure, arrest, and the use of necessary and proportionate force.
Once the necessary things have been done to effect the first aim, the second overarching aim takes center stage: to facilitate prosecution.Primarily, this involves the gathering of evidence to bring criminal charges against the accused persons.As a prerequisite, of course, this requires the accused person to be in custody or otherwise be mandated to appear in a court (hence, the power of arrest).But this aim of facilitating prosecution is extremely broad, given the virtually limitless permutation of criminal offenses that could be committed by an offender-hence, there are broad powers to demand and secure evidence that can assist in criminal investigations.This necessitates powers to demand data and attendance, as well as search and seizure, because without evidence, the prosecution is impossible.
In summary, while this overview simplifies a complex and multifaceted domain, it underscores a consistent truth: in the physical context, aside from prevention, the ultimate goal of most law enforcement agencies is to identify the culprit, gather relevant evidence, and charge the culprit in court (Woods et al. 2019).

Five Shortcomings of Existing Law Enforcement Mechanisms for Cybercrime
While it is true that the absolute number of traditional, physical, crimes is generally decreasing globally (Pease and Ignatans 2016), it is also true that cybercrimes are increasing beyond this rate of reduction (Caneppele and Aebi 2017).It cannot be assumed that the rise of cybercrime has caused a downturn in offline crime (Farrell et al. 2015).The asymmetric rise in cybercrime figures suggests that individuals who might not have committed physical crimes are willing and able to engage in criminal activities online.Similarly, many individuals who might not have been the victims of physical crimes are now at risk of victimization from online crimes.The trend is worrying, but underscores an important point: one cannot, and one should not, equate cybercrimes to physical crimes for the purpose of tracking crime generally-they are not interchangeable statistics.
Having shown in the previous section that the overarching objectives of law enforcement agencies are generally twofold: to prevent crime, and (where it is not prevented), to prosecute the accused for their crime, this section outlines the five important categories of differences that illustrate the shortcomings of the existing law enforcement mechanisms for cybercrime-especially in relation to prosecution.These are (a) the complex and evolving nature of cyberspace; (b) the nature of cybercrimes and offenders; (c) the victims of cybercrime; (d) the role of intermediaries in cybercrime, and (e) the attitudes of officers in law enforcement agencies.Given these shortcomings, prosecution should not be the primary ex post aim for policing cybercrime.Instead, the focus should be on reducing the harm caused to victims.Where prosecution is possible, law enforcement agencies should certainly prosecute criminals, but an over-focus on prosecution detracts from the meaningful work these agencies could do to assist the public.

Complex and Evolving Nature of Cyberspace
The first category of differences has to do with the complex and evolving nature of cyberspace.This has to do with the nature of the internet and technology, and the pace at which it is evolving, which makes it difficult for institutions to keep pace.
Many countries lack effective cybercrime legislation to deal with the range and depth of cybercriminal activity, and their agencies lack the expertise to investigate cybercrimes (Maimon and Hunt 2020;Witting 2018;Bregant and Bregant 2014).For instance, different hacking techniques trigger different federal anti-computer crime subsections in the USA (Hussain and Ibrahim 2019)-as such, training officers to be familiar with nuances and have the needed expertise to gather the requisite evidence for prosecution or even further investigation is a complex and arduous task.It may even be the case that the different categories of cybercrimes may be under the jurisdiction of different agencies, which will inevitably add to the delay and confusion in investigative follow-up (Holt et al. 2015).Moreover, from the perspective of the offenders, it is difficult to differentiate between hacktivists and recreational hackers; and similarly, for fraud-related offenses, it is difficult to assess at first cut what is a purely contractual dispute (for example, the non-delivery of goods) as opposed to a deliberate instance of scam.Having systems or guidelines in place to allow agencies and officers to make considered assessments and have the training to be able to differentiate and solve such crimes is not an easy task.
In addition, as technology develops, more and more activities are facilitated online, and in a greater variety of ways-the speed of transactions and the sophistication of technology serve as significant challenges for law enforcement agencies.A case in point is the difficulty posed by technology like cryptocurrencies, which operate in the 'trilemma' of minimal regulatory oversight, potential for illicit use through anonymity, and infrastructural breaches influenced by the growth of cybercriminality (Corbet et al. 2019).
Fundamentally, this shortcoming is structural: large organizations such as governments and law enforcement agencies are often slower to pivot, adopt, and address technological developments compared to individuals or small illicit groups.On its own, this shortcoming may not amount to much, as physical crime is also always evolving.However, when combined with the next shortcoming related to the nature of cybercrimes and offenders, cybercrime becomes a distinctly different challenge compared to physical crime.

Nature of Cybercrimes and Offenders
The second category of differences has to do with the nature of cybercrimes and offenders.One of the most significant problems under this category is the transnational nature of cybercrimes, which upends the strongly jurisdictional model of physical crimes.While some offenders may be within the jurisdiction of a country, a significant majority of cybercrimes, particularly fraud-related crimes, are committed by perpetrators located overseas or outside the jurisdiction of the victims (SPF 2023; Sarre 2017).Compounding the lack of expertise from the first category of problems is that there is a lack of cooperation between countries and agencies, which leads to most cybercriminals going unpunished (Defossez 2021;Brenner and Schwerha 2002).The extradition process is lengthy and cumbersome (Bassiouni 2014), and especially in relation to cybercrime, may require data that neither the requesting state nor the requested state might possess.Compared to the speed at which cybercrimes occur and spread, the current international landscape appears to be at a distinct disadvantage.
Another significant issue is the structural difference between cybercrime and physical crime.
As Chudasama et al. (2020) argue, the internet provides offenders, especially organized offenders, with a chance to make aggregated revenue with low impact on one victim (for instance, stealing one dollar millions of times rather than millions of dollars only once), and this can cause difficulties in justifying the allocation of police resources-if a person loses ten dollars, it is difficult to justify spending police resources to get those one million ten-dollars lost, as opposed to one person who has lost ten million.
When considered in context, the argument still holds but perhaps in a slightly different way.Some argue that in totality, cybercrime costs the world trillions of dollars per annum and that losses will only increase as time passes (Morgan 2020).Over the course of 2021, in Singapore alone, victims lost at least SGD$633.3 million (approximately USD$450 million) to scams, with each victim losing SGD$26,465 (approximately USD$18,500) on average per scam.These numbers reflect the amount of money that was reported to the Singapore Police Force as having been lost through scams, and it is highly likely that the figure is higher-as many may not report being a victim in the first place (Walsh and Schram 1980), but more on this below.So, while it might seem odd to invest significant resources to assist a victim to get back ten dollars, if structures are in place that can be easily cross-deployed to assist all the victims to get back their ten dollars, the resourcing concerns can be allayed.
The core issue lies in the discrepancy between the speed of enforcement response and the rapid evolution of cybercrime tactics.This is because the overarching tactic behind cybercrime is the 'shotgun' approach: mass blasting the same cybercrime tactic across thousands (if not millions) of people in one go (Rich 2017).By the time one individual falls prey to a cybercrime and reports it to law enforcement agencies, many others may have fallen prey to the cybercrime-either because the offender is exploiting a common vulnerability, or mass-blasting their fraud attempt in a bid to catch as many victims as they can to make a profit.This problem of scale, by its very nature, does not really exist for most physical crimes.
The last problem under this category is the offender profile-recent research shows that there is no one homogenous group of individuals who commit cybercrime; in fact, there are many different offender typologies, and appear with different motivations, backgrounds, and capabilities (Curtis and Oxburgh 2022;Gaia et al. 2020;Moeckel 2019).There are individual offenders who may hack something out of curiosity or excitement (Madarie 2017;Woo et al. 2004) or commit fraud for financial gain (Kerstens and Jansen 2016).Authors like Lim and Thing (2022) go a step further and delineate seven 'root' factors: financial, reputational, idealistic, terroristic, retaliation, thrill, and intellectual, indicating the broad-ranging reasons as to why an offender might get involved in the online crime space.The anonymity and distance created by the internet hinder agencies from implementing virtual 'patrols' or predictive policing, notwithstanding the ongoing debate about their efficacy even for physical crimes.

Victims of Cybercrime
The primary issue under this category is the lack of accurate data on victims, exacerbated by the layperson characterizations of the victims of certain types of cybercrimes.
In the UK, as compared to 54.5% of the victims of theft offenses, only 15.3% of the estimated total victims of fraud and computer misuse reported the crime to the police or other authorities-thus showing significant underreporting by individuals (Curtis and Oxburgh 2022).Moreover, global losses are difficult to quantify as they are largely underreported, sometimes overreported, and possibly fraught with both structural and intentional errors (Anderson et al. 2013).
The heart of getting accurate data to measure the true extent of cybercrime as a problem lies in the characterization of the victims of cybercrime.This issue is less prevalent for the victims of hacking, which is often perceived as relatively sophisticated, but more so for those who fall victim to scams or fraud.Victims may prefer not to report such cybercrime either due to embarrassment and shame, or the grim resignation of not being able to get their money back (Button et al. 2020;Leukfeldt et al. 2019;Walsh and Schram 1980).This perception, coupled with the perception that police are unprepared for cybercrime (HMIC 2015), and that the police are unlikely to act on a report (Button et al. 2020) contribute to the likely significant underreporting of the extent of cybercrime activities across the globe.

The Role of Intermediaries
Physical crimes occur in the physical space-it is tangible, measurable, and for most agencies across the globe, clearly defined.In public spaces, there is no single owner, and the directives of law enforcement agents are generally expected to be followed.In private spaces, within circumscribed limits, law enforcement agents have powers to enter and interact with spaces and people as needed for the purpose of their job.
The fourth category of differences exists because cybercrime occurs in cyberspace-which is intangible, and the responsibility of access, maintenance, and upkeep is diffused across uncountable stakeholders which we can call intermediaries.These entities, including internet service providers, web hosting servers, companies, search engines, social media platforms, and online marketplaces, often act as gateways to the digital world.Their involvement, whether passive or active, can either mitigate or exacerbate the challenges law enforcement faces when addressing cybercrime.Some authors, like Schneier (2003), make compelling arguments for holding system owners accountable, both legally and financially, when security flaws cause losses for victims with a view to incentivize them to keep their systems secure.Kesari et al. (2017) suggest that targeting intermediaries (like payment processors, social media companies, and hosting services) may deter crime by denying criminals the infrastructure they need-and while effective, this raises legal and moral questions about liability for acts done by third parties which many countries have not yet resolved.Sorbán (2022) argues that service providers are in a unique position to provide data to law enforcement agencies-not necessarily through legal mandate, but as a matter of social responsibility, failing which, regulatory action could be considered.
However, as of today, there is no consensus on the precise role and liability of intermediaries in relation to cybercrime.In fact, most jurisdictions do not hold system owners, maintainers, or any other intermediary liable for victims' financial losses.Yes, the General Data Protection Regulation of the EU provides a comprehensive framework for holding intermediaries accountable for failing to protect personal data, which does address one of the four harms associated with cybercrime (more on that below), but it certainly does not equate to full financial or legal liability for the losses suffered by victims.
In the physical space, it is understood that the operation of the law requires compliance from individuals and corporate bodies, and strict sanctions, including regional variations in the offense of obstructing the course of justice can apply.Globally, in the cyberspace, this is not clear, because there is no uniform understanding of when and to what extent intermediaries have to comply, at what speed, and whether or not they could be responsible for providing the offender the avenue or the opportunity to commit the cybercrime.This can be compounded by jurisdictional problems-requesting data hosted by an intermediary in other countries can be a sensitive and tricky issue, especially if privacy legislation and data protection guidelines between the two countries differ.

Attitudes of Enforcement Officers
The last category of differences is in relation to the attitudes of enforcement officers.Many officers perceive cybercrime as unique and distinct from physical crime, not merely an extension or adaptation, thereby requiring new skills, training, and potentially a new role altogether (Holt et al. 2018).Given this potential perception, law enforcement agencies should not take it for granted that the existing officers are willing and able to tackle cybercrimes.Indeed, if law enforcement agencies want to employ the existing officers to perform cybercrime policing, it should be identified as a distinct role and as encompassing a distinct set of skills.Furthermore, the gap in skills and training may affect the confidence of officers dealing with cybercrime and contribute to reports that officers are not responding to victims effectively (Button et al. 2020).Change management, targeted recruiting, and expectation-setting are key in shaping the attitudes of officers, and developing clear guidelines and expectations on the part of law enforcement officials will be key in determining how effectively forces respond to cybercrimes moving forward.

Reconceptualizing Policing for Cybercrime
In traditional law enforcement, the primary goal once a crime occurs is to solve it: identifying culprits, gathering evidence, and ensuring prosecution.However, the five broad differences of cybercrime vis à vis physical crime, with their complexity and transnational characteristics, challenge the utility of this approach.This necessitates a reconceptualization of policing strategies, shifting from traditional crime-solving to harmmitigation, particularly for crimes predominantly occurring in cyberspace.
The resolution rate for cybercrimes is alarmingly low, with estimates suggesting that only 1 to 4% of such cases are 'solved' in the traditional sense.This number is likely to be positively skewed towards incidents where offenders and victims are in the same national jurisdiction (Coupe and Ariel 2019).
The findings from across the globe paint a bleak picture.In addition to the lack of necessary knowledge and training to solve such crimes (Curtis and Oxburgh 2022;De Paoli et al. 2020), there is low public confidence in law enforcement agency effectiveness (Cross et al. 2021), low confidence among officers themselves (Djanggih et al. 2018), and often insurmountable difficulties in obtaining data from across borders (De Paoli et al. 2020).
Just as a new perspective emerged in the 1700s and 1800s around the formation of formalized police forces to better tackle physical crime, it may now be time to adopt a harmreduction perspective and build structures accordingly to tackle cybercrime.Traditional, rigid offence-based models are often ill-suited to address the complexities inherent in cybercrime.From this point, a fourfold harm-centric classification of cybercrime begins to emerge: financial flows, data concerns, intangible harms, and public interest impacts.Exploring these categories demonstrates the practicality and necessity of harm-mitigation strategies.This approach is more adaptable to the fluid nature of cybercrimes and more effective than traditional prosecution-focused methods, particularly in scenarios where prevention is not always feasible.

Need for Flexibility in Response, Not Just for Defining Cybercrime Typologies
Understanding the multifaceted nature of cybercrimes is crucial for advocating a harm-mitigation approach.While the existing typologies provide valuable frameworks for categorizing cybercrimes, the traditional, rigid offense-based models often struggle to address the nuances and complexities of rapidly evolving cyber threats.Therefore, it is essential to shift towards a more flexible and dynamic approach to classifying and responding to cybercrime.This approach does not seek to replace the existing typologies, but rather to complement them by focusing on the underlying harms and facilitating more effective mitigation strategies.Such flexibility aligns with the evolving digital landscape and allows law enforcement and policymakers to adapt more quickly to emerging threats.Phillips et al. (2022) have done a comprehensive review of the definition of cybercrime, tracing its use across the 1980s and 1990s, to various permutations offered by various authors (Thomas and Loader 2000;Gordon and Ford 2006;Wall 2007) as well as relevant legal instruments like the Budapest Convention in force since July 2004.They pull together various definitions, classifications, and typologies to develop a new framework for 'cyberdeviance'-deviant online behaviors that may or may not overlap with cybercrimes.This framework is offense-centered-and maps offenses on whether they are primarily cyber-dependent or cyber-enabled, and within that spectrum, have six categories: crimes against the machine (computer integrity crimes, e.g., hacking); crimes using the machine (computer-assisted crimes, e.g., scams/fraud); crimes in the machine (content-based crimes, e.g., pornography); incidental technology use (e.g., online vice); organized crime, deep web markets, illegal virtual marketplaces and cybercrime-as-a-service; and information and behavioral manipulation (e.g., deep fakes).
Despite significant efforts in this area, there is no complete classification framework for cybercrime (Phillips et al. 2022), posing challenges in policing and prosecution (Akdemir et al. 2020).A common vocabulary is necessary to harmonize legislative and operational responses across different countries (Broadhead 2018).However, due to the rapidly evolving nature of cyberspace, legislation and policy will always lag if cybercrime is reviewed and classified based on specific offenses (i.e., the prohibited act).For example, recent advancements in artificial intelligence, such as voice mimicry technologies (Bunn 2023), have outpaced global legislation in both criminal and privacy realms.Similarly, the use of Generative Adversarial Networks in applications like DALL-E and Midjourney allows the creation of lifelike images from text, raising privacy and deep fake concerns.As technology evolves, new offenses will emerge as malicious actors find new and creative ways to cause harm.Consequently, governments and public bodies will be in a never-ending cycle of updating legislation and policy to address cybercrime.
Instead, rapid technological evolution calls for legislative frameworks that are broad and adaptable, rather than attempting to exhaustively categorize every possible cyber offense, as such categorization would quickly become outdated.Singapore's approach to cybercrime legislation exemplifies this adaptability.Instead of narrowly defining offenses, it provides the overarching descriptions of prohibited activities, allowing law enforcement agencies to apply international frameworks and best practices in a rapidly changing digital environment.
For example, the Singaporean Computer Misuse Act (1993) prohibits the unauthorized access, modification, use, interception, or obstruction of computer material under sections 3 to 8. It also grants extraterritorial jurisdiction to try an offense committed overseas as if it were committed in Singapore if the accused was in Singapore, the computer was in Singapore, or the offense posed a significant risk of serious harm in Singapore at the time.A 'computer' is broadly defined as any data-processing device (with a few specific exceptions like an automated typewriter), and 'unauthorized' simply means without authority.This broad, technology-agnostic definition focuses on the harm, such as the unauthorized modification of computer material, which can occur in numerous ways.
In the following section, four primary classifications of cybercrime are proposed: financial flows, data concerns, intangible harms, and public interest impacts.By examining these categories, the practical necessity and effectiveness of harm-mitigation strategies over traditional prosecution-focused methods will be self-evident.

A Harm-Centric Framework
To effectively reconceptualize our approach to cybercrime, we need to adopt a harmcentric framework that focuses on the victim's perspective.This involves identifying the specific harm suffered by victims and assessing the most effective ways for law enforcement agencies to mitigate this harm.While the identification and apprehension of perpetrators remain important, the primary measure of law enforcement success in this framework should be the extent to which harm is mitigated and future risks are minimized.Emphasizing harm over offense classification enables a more targeted and responsive approach to policing crimes, addressing the most pressing threats effectively and ensuring that resources are allocated where they can have the most impact (Sparrow 2008).

Cybercrimes Involving Financial Flows
In cybercrimes involving financial flows, the primary harm is the victims' financial loss.Law enforcement strategies should focus on disrupting financial transactions to prevent loss and, where possible, recovering lost funds.Victims can range from individuals falling prey to common online scams to organizations targeted by sophisticated ransomware attacks.
These cybercrimes primarily involve the movement of money or money-equivalent property.The harm to be mitigated is to either stop the financial flow or trace it for accountability and harm-prevention purposes.This broadly includes scams and fraud, as well as money mules, money laundering, and terrorism financing.
The broadest category of cases under this umbrella, accounting for 94.2% of the cybercrime cases in Singapore and totaling a loss of $660.7 million in 2022 (SPF 2023), are those that cause financial loss.These can be termed as scams or fraud depending on the jurisdiction.There are many different variations in scams (e.g., phishing, advance fee, e-commerce, investment, romance, and tech support).They can occur on any electronic device and leverage any platform or software (Stabek et al. 2010;SPF 2023).
Most scammers or fraudsters operate from outside the victim's jurisdiction to exploit the jurisdictional challenges of cybercrimes.They often move money through local bank accounts before siphoning it overseas.They may also use e-card credits (e.g., Google or Amazon) or cryptocurrencies to ensure that the digital trail of money is relatively untraceable.It is well-reported that 'scam centers' operate akin to call centers but with the sole objective of defrauding as many people as possible in the shortest amount of time (Kozlowska 2022).
If victims are from a different jurisdiction, the priority of the state where the victims are located should not be to identify and arrest the culprit, as this will always be a difficult and uphill task.Instead, law enforcement should focus on disrupting and stopping the flow of money.The victim's primary priority is to recover the money they lost.While retributive justice against the scammer may be desirable, it is not an expectation.If the state becomes efficient and effective in recovering lost money, scammers may target this state less, as it would be less profitable to scam victims where less money can be obtained.
Singapore sets an example that may merit further study.It has established the Anti-Scam Division, which has shown some success; for instance, it has been reported to have recovered 25% of the money lost to scams (Begum 2022).In cooperation with service providers like telecommunication companies and banks, Singapore has implemented measures to reduce the likelihood of scam calls coming through the international gateway and to display more information to users to help them distinguish scam calls from legitimate calls (Mahmud 2022;IMDA 2020).
By focusing on the amount of money lost and the amount of money recovered or frozen in connection with cybercrime activities, law enforcement agencies can establish processes and structures to meaningfully address financial loss-related cybercrimes.

Cybercrimes Concerning Data
In the realm of cybercrimes concerning data, the primary harm is the unauthorized access and potential misuse of sensitive information.These cybercrimes fundamentally center on data breaches, encompassing offenses such as hacking, data espionage, illegal interception, system interference, and ransomware.Although there is an overlap between these offenses and those concerning financial transactions above, and those causing intangible harms below, the paramount concern for the victims in this category is often twofold.
Firstly, the victims prioritize recovering the stolen data or, if recovery is improbable, ensuring the data become inaccessible or unusable to prevent potential misuse.Secondly, they focus on enhancing their security measures to thwart future breaches.
Given the expansive and intricate nature of the internet, once data is compromised, its complete retrieval becomes challenging, if not impossible, though law enforcement agencies can have policies in place for tracing or negotiating in such instances.Consequently, the role of law enforcement extends beyond traditional crime-solving.Their emphasis should pivot towards promoting cyber hygiene and cyber safety.This encompasses endorsing the consistent application of best-practice measures in the digital realm: from employing secure and unique passwords and avoiding dubious software downloads to keeping systems regularly updated.Early education and the promotion of cyber hygiene are strategies applicable across various categories of cybercrime (Lim and Thing 2022), though they are particularly critical for cybercrimes where no further remedial action can be taken.
Another vital component, aligning with the aspects of cybercrimes causing physical damage (discussed below), is post-incident analysis.Law enforcement agencies can assist in identifying the root cause of a data breach and provide recommendations to prevent its recurrence.In Singapore, this pivotal role is assigned to the Cybersecurity Agency of Singapore, although its mandate is limited to breaches involving critical information infrastructure or national security.
One such crime is ransomware, given its increasing prevalence and financial implications (Popoola et al. 2017).When data is stolen or intercepted, it falls under this category of cybercrime concerning data.Once the data is leaked or revealed to the public, it falls under the next category: causing intangible harm.

Cybercrimes Causing Intangible Harm
These cybercrimes primarily involve intangible harm, which is difficult to quantify in terms of physical damage or monetary loss, to victims.This umbrella includes various sub-categories of harm: psychological harm (e.g., harassment, bullying, and sextortion), vice-related harm (e.g., illegal gambling, sex tourism, and sale of illegal drugs online), harm against public morality (e.g., pornography, hate speech, and religious and radicalizationrelated materials), harm against intellectual property (e.g., digital piracy), and harm caused by disinformation (e.g., fake news and deep fakes).When addressing cybercrimes causing intangible harm, the focus should be on rapid response mechanisms to limit the spread and visibility of harmful content.
Cyberspace may not present the same physical safety and security concerns as, for instance, walking home alone at night, but ample research shows that cybercrime has a significant propensity to cause lasting psychological harm to victims (Monteith et al. 2021;Kaakinen et al. 2018;Worsley et al. 2017).In such situations, many victims cite social consequences (e.g., what will others think of me), which is also present in fraud cases (Button et al. 2012;Whitty and Buchanan 2015).However, the key distinction is that while scams are directly targeted at victims and can be kept relatively private, many cybercrimes involve data being posted in cyberspace for anyone or a particular class of people to access.
As a result, the common priority for victims is to prevent others from seeing the content.This can include ordering the takedown of servers on which the content is hosted, blocking access from a particular jurisdiction, or directing a platform/intermediary to remove the content.This idea inherently tackles the problem of illegal content propagation, where speed is crucial-the response to cybercrime involving intangible harms must be fast to be meaningful.
There are notable examples of government takedowns, such as the Federal Bureau of Investigation's takedown of the drug marketplace Silk Road in 2013 (Hodson 2013) and the online books marketplace Z-Library (Javaid 2022).However, as Hutchings et al. (2016) note, government agencies are not as effective at takedowns as specialized private companies at this stage.There is also a growing field of trust and safety within many large internet companies, focusing on introducing moderation to prevent harmful content from appearing on their platforms, emphasizing prevention and expeditious response to remove harmful content (Bernard 2023).
In Singapore, the recently passed Online Criminal Harms Act 2023 authorizes a government agency to issue five types of directions to organizations operating in Singapore: (i) disabling directions to disable certain content or services from the view of people in Singapore; (ii) account restriction directions to stop a particular account from interacting with Singaporean users; (iii) a stop communication direction mandating the recipient to stop communicating specified online content to people in Singapore; (iv) an access-blocking direction requiring internet service providers to block access to any online location from the view of people in Singapore; and (v) an app removal direction requiring app stores to remove an app from their Singapore storefront.While the Act targets a range of cybercrimes causing intangible harm, it also includes special provisions to counter scams, allowing agencies to take action to prevent their propagation.The effectiveness of the law remains to be seen, but it does clarify the responsibility of platforms and intermediaries concerning illegal content in cyberspace.
For disinformation-related cybercrimes, Singapore has the Protection from Online Falsehoods and Manipulation Act, which aims to disrupt the spread of disinformation.While the law has been criticized for potentially restricting the freedom of speech (Özdan 2021), the concept underpinning it has some merit.The danger of fake news and deep fakes lies in their propensity to spread from platform to platform, making them difficult to control once posted (Waldrop 2017;Belova and Georgieva 2018).As Miró-Llinares and Aguerri (2021) and Waldrop (2017) note, more systematic research is needed to ascertain the nature and type of threat posed by fake news, as the term 'fake news' is a loaded one.However, structures to prevent the propagation of cybercrime content must be developed, with finer details up for debate.

Cybercrimes Impacting Public Interest
Cybercrimes impacting public interest can be segmented into two major sub-categories: first, cybercrimes that cause or may lead to damage in the physical world (e.g., hacking a device to overheat and explode) and second, cybercrimes involving critical information infrastructure (e.g., a distributed denial of service attack against an energy provider to shut down a power grid).
Given the potentially catastrophic implications of such crimes, prevention is paramount.The comprehensive regulation and proactive oversight of stakeholders in this digital landscape are essential to avert substantial public harm.If such a cybercrime were to occur, law enforcement officials should perform a three-fold role: (i) investigating and determining the vulnerability that led to the cybercrime; (ii) patching the vulnerability to prevent recurrence; and (iii) working with stakeholders on prevention measures.Given the seriousness of such crimes, it is also worthwhile to establish channels of communication and data-sharing between law enforcement agencies globally to facilitate the apprehension of perpetrators, but more on this below.
In Singapore, the protection and security of critical information infrastructure is overseen by the Cybersecurity Act 2018, primarily enforced by the Cybersecurity Agency of Singapore.The law clarifies the role of the Cybersecurity Agency of Singapore, provides a definition of critical information infrastructure, and gives the agency the authority to investigate incidents and license cybersecurity providers.

Strategies to Tackle Cybercrime
To implement the reconceptualization of cybercrime policing, it is imperative to identify strategies that address the evolving nature of cyber threats.It is also essential to address the five key differences identified earlier: the complex and evolving nature of cyberspace, the nature of cybercrimes and offenders, the characteristics of cybercrime victims, the critical role of intermediaries, and current attitudes within law enforcement.These differences highlight the need for innovative and adaptive strategies in cybercrime policing, moving away from the limitations of a strictly offense-centric approach.
The rapid advancement of technology and the adaptability of cybercriminals continually outpace traditional law enforcement responses.This mismatch often leads to reactive, disjointed, and rigid policing efforts that fail to address the dynamic nature of evolving threats (Sparrow 2008).A more effective response focuses on specific problems and capabilities, adaptable across various cybercrime scenarios.
The three strategies discussed-shared public-private responsibility, cross-jurisdictional partnerships, and targeted law enforcement training-are non-exhaustive but directly address these challenges.These strategies represent a concerted effort to move beyond traditional, often ineffective approaches, providing a nuanced and effective response to the multifaceted nature of cybercrime.For example, developing collaborative systems with public and private entities to recover illicit financial flows demonstrates a versatile approach.These systems can be deployed to counter a wide array of cybercrimes, from online scams and identity theft to money laundering and ransomware extortion, embodying the adaptability and effectiveness required in modern cybercrime law enforcement.
Importantly, their success can be measured by their effectiveness in mitigating the harm faced by the victims of cybercrime.While each of these strategies merits in-depth exploration beyond the scope of this paper, they collectively form the cornerstone of an effective response to the multifaceted challenges of cybercrime.

Shared Public-Private Responsibility
The critical role of private-sector stakeholders in addressing cybercrime is increasingly recognized.Collier et al. (2021) demonstrate that for certain cybercrimes like denial-ofservice attacks, targeting infrastructure administrators, known as 'infrastructural policing', is more effective than merely arresting individual offenders.Similarly, internet service providers play a pivotal role in coordinating cybersecurity efforts and can coordinate user security investments through rebates, penalties, and cost subsidies (Grossklags et al. 2010), as seen in their response to threats like the Conficker botnet (Asghari 2016).These examples underscore the efficacy of public-private partnerships, a concept Dupont (2016) describes as 'polycentric regulation', in managing complex, distributed cybercrimes and disrupting illicit financial flows (Chee 2022).The perceived risk of cybercrime can reduce the use of cyberspace for those with low confidence (Riek et al. 2016), for example, in online banking, shopping, and social media.This highlights the importance of encouraging good-faith actors to work with law enforcement to provide users with a safe and secure online environment.
Furthermore, shared public-private responsibility as a strategy addresses all the five differences highlighted earlier.It leverages the expertise of private sector technology and cybersecurity entities, enabling the development of flexible responses that adapt to the rapid changes in the digital landscape.This collaboration also counters the dynamic nature of cybercrimes and offenders, as the private sector's technology and methodologies complement public law enforcement's authority, allowing for a more dynamic response.In terms of supporting the victims of cybercrime, these partnerships are particularly effective in financial cybercrimes, facilitating quick and efficient actions to mitigate harm and recover losses.Additionally, the role of intermediaries in cybercrime is acknowledged through collaborative efforts with companies that operate online platforms, enhancing the monitoring and mitigation of cybercrimes.Lastly, integrating private-sector expertise positively impacts law enforcement attitudes, equipping them with additional tools and knowledge, thereby boosting their confidence and effectiveness in combating cybercrime.
For example, in 2022, Singapore's e-commerce marketplace transaction safety rating system was developed in collaboration with various stakeholders.By combining government oversight with industry expertise and academic research, the system aims to reduce the harm experienced by the victims of online scams and fraud, ensuring user authenticity, transaction safety, and effective anti-scam measures (EnterpriseSG 2022; MHA 2024).
There is an emerging consensus advocating the importance of collaboration between law enforcement agencies and the private sector (Collier et al. 2021;Akdemir et al. 2020), acknowledging that dealing with each cybercriminal individually may not be as effective.However, mere cooperation is insufficient.There is a pressing need to recognize the shared responsibility among public and private entities in this endeavor, including the role of education and the responsibility of laypersons.Further research is needed to map out a comprehensive map of stakeholders and relationships in each cybercrime category, to develop legislative and regulatory frameworks that enable data sharing, to evaluate the effectiveness of voluntary versus mandatory collaboration, and to assess the role and effectiveness of end-user education.

Cross-Jurisdictional Partnerships
Cybercrime transcends national borders, necessitating international cooperation to address its global impact (Akdemir et al. 2020;Coupe and Ariel 2019;Bregant and Bregant 2014;Cerezo et al. 2007;Broadhurst 2005).Cross-jurisdictional partnerships in combating cybercrime effectively address the five differences highlighted earlier.They help navigate the complex and evolving cyberspace by pooling international expertise, unifying efforts against the evolving tactics of cybercriminals, enhancing support systems for victims across national boundaries, improving engagement with intermediaries crucial for monitoring cybercrime, and positively influencing law enforcement attitudes through broader perspectives and shared resources.
There are various examples of effective cross-jurisdictional partnerships (Peters and Jordan 2020) and international instruments, most notably the Budapest Convention, which seeks to harmonize the legislative and policy positions of countries globally.In the realm of financial crimes, the Financial Action Task Force (FATF) serves as a prime example of effective international collaboration, including crimes that intersect with cybercrime.As a global money laundering and terrorist financing watchdog, the FATF establishes interna-tional standards and promotes the implementation of legal, regulatory, and operational measures.Its recommendations have been instrumental in shaping policies to counter financial flows related to cybercrimes, demonstrating the potency of global cooperation in this domain (Pucci 2016).
There is still a significant way to go, but it may help to begin with specific offenses of global interest and build structures through close cooperation, rather than waiting for all the countries to align on legislative and policy positions.One such example is the Global Alliance Against Child Sexual Abuse Online, which brings together 54 countries with a clear set of four policy targets and various structures for fast information sharing (EC n.d.).Key questions remain about harmonizing regulations and definitions and streamlining multilateral cooperation mechanisms for cybercrimes more broadly.

Training of Law Enforcement Officials
Equipping law enforcement officials with the necessary skills and equipment to confront cybercrime is paramount (Forouzan et al. 2018;Holt et al. 2018;Stephens and Induruwa 2007), especially to raise their self-confidence (Bossler et al. 2019;Burruss et al. 2019) and ensure public trust in their ability to tackle cybercrimes.While several studies have explored training methods and pedagogy (Cockcroft et al. 2018;Hadlington et al. 2018), there remains a need to establish the specific skills, knowledge, and technologies needed to best achieve prevention and harm-mitigation outcomes for law enforcement agencies.It is also worthwhile to consider whether law enforcement officials dealing with cybercrime should be the same officials dealing with physical crime, or whether specialized agencies should handle cybercrime.

Conclusions
In conclusion, the unique properties of cybercrime require a paradigm shift in policing objectives and methods.While identifying and prosecuting offenders should not be abandoned, over-emphasizing these risks exacerbates the bleak status quo.A harm-centric framework clarifies that law enforcement success should be measured primarily by tangible reductions in victim harm.Enhanced prevention, disruption, and harm mitigation must define the cyber policing model moving forward.This non-exhaustively requires shared public-private responsibility, cross-jurisdictional partnerships, and the upskilling of officials.With cybercrime projected to hit new highs, the need for conceptual clarity and coordinated action is urgent.