Trends and Challenges in Cybercrime in Greece

Round 1

Reviewer 1 Report

The report is descriptive yet informative, which discards it as problem-oriented research. Furthermore, the absence of well-defined research questions or objectives taints it with ambiguity on what the study is supposed to prove apart from presenting an overview. In the literature review, the authors attempt longitudinal cybercrime trend synthesis by quoting both international and indigenous sources. This section, however, is marred by superficial engagement with literature. While related trends and reports are cited, the review does not systematically compare or categorize them critically such as typology, year or effect. The review contains little analysis of methodological gaps or theoretical models from existing literature. The paper tends to be more summary kind of background feel than an academic platform, negating its value toward establishing novelty or utility or any kind of exploration.

There is no stated methodological approach, and also no argument is given for the reconstruction of case categories over time that would cause difficulties in the internal validity of longitudinal comparisons. Data analysis is more descriptive and mainly illustrative, employing comparative figures and straightforward frequency distributions. While trends in financial fraud crimes, data crimes, and against children are emphasized, no inferential statistics, regression analysis, or other modes of analysis that can be employed to strengthen the argument or reveal deeper patterns are employed. For example, showing correlations between phases of legal reform and movement in crime could have added more analytical substance. The analysis is journalistic in nature rather than scientific.

With respect to presentation of results, findings are presented in thematic order, making it meaningful and straightforward for practitioners. The visual aids (tables and charts) are, however, not used to their full potential as there is no inferential data drawn from them, confidence intervals, nor statistical significance. Finally, percentages alone should be interpreted cautiously without reference population or baseline. The future work section is also reminiscent of a vision statement without any specific methodologies proposed to bridge the gaps studied.

Author Response

Dear Reviewer 1,

We wish to express our sincere gratitude for your detailed review and valuable comments. Your insights have greatly improved the structure, clarity, and scholarly contribution of our manuscript. Below, we address each of your concerns point by point.

1. Title and Alignment with Scope

Comment: The title did not clearly reflect the manuscript’s content or contribution.

Response:
We have changed the title to “New Trends and Challenges in Cybercrime: Addressing Emerging Threats in Greece” to better reflect the longitudinal, data-driven, and policy-oriented focus of the paper.

2. Overreliance on Descriptive Police Data

Comment: The manuscript was overly descriptive and relied too much on police data without analytical interpretation.

Response:
We fully acknowledge this point. In the revised version:

• We introduce a guiding research question: How has cybercrime evolved in Greece over the past 15 years, and what does this reveal about the country’s cybersecurity preparedness?

• We now include explicit discussions on key emerging trends (e.g., AI in fraud, anonymity in payments).

• A new Discussion section (Section 5) interprets the data's significance from a policy, institutional, and social perspective.

3. Absence of Theoretical Framing

Comment: There was a lack of theoretical engagement or reference to cybercrime models.

Response:
We have enhanced Section 2 (Related Works) by referencing Routine Activity Theory and Wall’s distinction between cyber-dependent and cyber-enabled crimes. While our approach remains empirical, this framing provides analytical depth.

4. Methodology and Data Clarity

Comment: The original manuscript lacked transparency in how the data were collected, processed, and categorized.

Response:
We significantly expanded Section 4 to:

• Disclose that two authors serve in the Cyber Crime Division and were directly involved in compiling the data.

• Describe how past and current datasets were harmonized across inconsistent categories (e.g., grouping phishing, investment scams, and fake commerce under "Internet Fraud").

• Acknowledge limitations, such as underreporting, lack of access to offender profiles, and absence of a formal research protocol.

5. Structure and Coherence

Comment: The structure (especially Results and Discussion) was unclear.

Response:
We have fully reorganized the manuscript. Key changes include:

• Separate and clearly titled sections for Methodology, Results, Discussion, and Conclusions.

• A new Discussion section addressing emerging threats and institutional challenges.

• Figures and tables were relabeled and their captions clarified.

6. Weak Discussion of Emerging Threats

Comment: Insufficient focus on recent trends such as deepfakes, AI, and cryptocurrencies.

Response:
We expanded Section 5 significantly to discuss:

• AI-based fraud and deepfake scams (5.2)

• Use of anonymous payment systems (5.3 and 5.5)

• Social engineering and encryption as concealment strategies (5.4)

These sections aim to provide a forward-looking view of cybercrime.

7. Policy and Practical Implications

Comment: The paper did not clearly state how its findings can inform policy or practice.

Response:
We have added recommendations in Section 5.7 (Actions to Improve Cybersecurity), including:

• Funding for law enforcement and SME training

• Establishing national KPIs

• Enhancing public-private cooperation

• Promoting citizen awareness

We are deeply grateful for your review, which significantly strengthened our work. We hope you find the revised manuscript meets the high standards of the journal.

Sincerely,
A. Papathanasiou, G. Germanos, V. Liagkou, V. Vlachos

Reviewer 2 Report

The manuscript is a comprehensive outlook of the cybercrime landscape in Greece. The authors analyzed data from open access databases, including database from the national police agency in Greece, and international sources such as the Europol and FBI. Compiling these databases, the authors present 15-year data of cyber incidents, demonstrating a steady rise of the use of cybercrime committed utilizing human manipulations techniques, harvesting user data from social media platforms, the increase of the use of artificial intelligence, cryptocurrency, and the creation of deepfakes. The manuscript goes on offering possible mitigation and prevention strategies attributed to public and private agency partnerships, inter-agency cooperation and flexible legal frameworks.

This report is a solid contribution to the cybercrime threat description, however, it needs to be amended according to the following recommendations before acceptance for publishing.

Detailed recommendations   

The manuscript describes Greece’s “cybersecurity posture” (page 2, line 55) as one of those facing challenges within the EU. Since Computers is an international journal, it would be great to see how Greece’s cybersecurity preparedness potentially affects European and international cybersecurity answers; what strategical, technical and legal consequences does the country’s preparedness (or the shortages of it) mean to the larger international community when it comes to cybersecurity preparedness and answers. 

On page 4, line 171, the authors assert: “The legislative framework in Greece also emphasizes the importance of public-private partnerships in addressing cybercrime. The government has initiated various measures to foster collaboration between public institutions and private sector entities, recognizing that a collective approach is necessary to enhance cybersecurity resilience” -> As a follow up of this claim later in the Discussion section, it would be important to elaborate on how such PPP manifest in the practice in Greece, highlighted with some practical examples.

 

Table 1 categorizes cases into 13 categories. However, the text right after does not reflect this, in fact, the authors use different titles (instead of Internet Fraud and Electronic Commerce, 4.1. lists Financial Fraud and Intellectual Property Theft, 4.2. Protection of Minors and Vulnerable Populations, etc.). Please provide an explanation and a clear outline in the text about these differing titles and why you follow a categorization different to what presented in Table 1.

In addition, I am not convinced that the categorization the authors use in Table 1 does not overlap; e.g., Internet Fraud and Electronic Commerce AND Assistance to Domestic Authorities can theoretically overlap, and this is only one example. Please provide a more detailed description as to how you created the categorization displayed in Table 1, and how you made sure there is no overlap in this categorization.

I recommend the authors to emphasize the limitations of the paper – the limitations section is nonexistent so far --; i.e., how police databases only reflect reported and detected cases, as opposed to victim surveys that include “hidden” or grey area cases, all the cases that victims do not report.

Similarly, and in line with the manuscript  (page 6, line 236), it should also be noted as well as listed within the recommendations, how important it would be to examine offender profiles (whether the offender acted a s a private person or in a criminal organization, what were the demographic details, etc.), techniques, tactics, in order to predict and better being able to fend off future cyberattacks. The authors could recommend conducting one-on-one interviews with offenders currently incarcerated.

I also recommend that the authors reflect on the limitations of police responses; i.e., inadequate responses to private victim reports, based on technological and personnel unpreparedness of local and regional police forces, which might be one staggering reason for so many cybercrimes being unreported.

It would also be important to highlight in the manuscript how some serious incidents affecting large businesses are never make it to official police statistics as businesses tend to choose to do their own crisis management and mitigation using their own resources instead of reporting to authorities which often make them face the risk of reputation loss and a lengthy incident management. (For such elaboration, please see Hawdon et al., 2023: https://www.tandfonline.com/doi/abs/10.1080/1478601X.2023.2254096; Kemp et al., 2021: https://journals.sagepub.com/doi/10.1177/17488958211062359 )

Author Response

Dear Reviewer 2,

We thank you for your constructive and insightful comments. Your detailed suggestions helped us improve the analytical depth and relevance of our manuscript. Below is a structured response to your feedback.

1. Lack of Theoretical and Academic Rigor

Comment: The original submission lacked theoretical references and engagement with the academic literature.

Response:
We expanded the Related Works section to include Routine Activity Theory and Wall’s cybercrime typology. We also synthesize prior studies on underreporting, institutional limitations, and EU-level challenges. While our contribution is empirical, these references help position the findings within a broader research context.

2. Structural Weakness

Comment: The results and discussion were poorly structured and difficult to follow.

Response:
We completely reorganized the manuscript:

• Methodology and limitations are clearly stated in Section 4.

• Section 5 now functions as a standalone Discussion with distinct subsections on emerging threats, fraud evolution, institutional challenges, and legislative gaps.

• The conclusion includes actionable policy and research directions.

3. Data Categorization and Methodological Transparency

Comment: It was unclear how data were classified or whether categories changed over time.

Response:
We now detail:

• How categories were harmonized across years using grouping logic (e.g., merging phishing, scams, and e-commerce fraud under one category).

• That each case was assigned only one dominant label to prevent overlap.

• Limitations in comparability due to historical inconsistency, but with trend robustness preserved.

4. Insufficient Discussion of Recent and Sophisticated Threats

Comment: No mention of AI-enhanced scams, encrypted apps, or cryptocurrency.

Response:
We directly address this in the new Discussion section:

• Section 5.2 explores AI in phishing, deepfakes, and targeted attacks.

• Section 5.3–5.5 discuss the use of cryptocurrency, anonymous transactions, and encrypted communications.

• We link these trends to the challenges facing Greek and EU law enforcement.

5. Weak Policy Recommendations

Comment: The manuscript should offer more than just problem description.

Response:
In Section 5.7, we now include detailed recommendations for:

• National policy (e.g., KPIs, better data sharing, legislation updates)

• Law enforcement (e.g., training, resources, digital forensics)

• Citizens and SMEs (e.g., public campaigns, subsidized training)

These points aim to translate our findings into actionable insights.

6. Relevance Beyond Greece

Comment: How does this apply to broader European cybersecurity challenges?

Response:
We highlight that Greece’s challenges (e.g., underreporting, fragmented infrastructure) mirror those in many EU states. Section 5.6 links our findings to broader concerns of NIS2 implementation, information sharing, and cross-border vulnerabilities.

We thank you again for your thorough review, which led to substantial improvements in our manuscript’s scope, rigor, and relevance. We hope the revised version meets your expectations.

Sincerely,
A. Papathanasiou, G. Germanos, V. Liagkou, V. Vlachos

Round 2

Reviewer 1 Report

The paper falls short in term of its analytical depth and practical applicability as its reliance on kind of fragmented official data that restrict its robustness and comprehension. There is also no strategy offered for its presentation of trends.

The comment provided above accordingly in details.

Author Response

We sincerely thank the reviewer for the thoughtful, rigorous, and constructive feedback. Your comments helped us substantially improve the conceptual clarity, methodological rigor, and theoretical depth of the manuscript. Below we provide detailed responses to each point raised, carefully explaining the revisions made and the rationale behind them. All changes are now reflected in the revised manuscript.

Title and Scope

Reviewer Comment:
The title could better reflect the unique emphasis of the research such as longitudinal analysis or police data. Although its broad terms such as emerging threats are expansive, there is a requirement for specifying its principal threats such as AI fraud or financial fraud, which would make it more impactful.

Response:
We appreciate the suggestion regarding the precision of the manuscript title. After careful consideration, we have chosen to retain the existing title, New Trends and Challenges in Cybercrime: Addressing Emerging Threats in Greece. This decision was made to preserve a balance between thematic breadth and clarity. The current title communicates both the forward-looking character of the study and its national relevance without overemphasizing a single threat category or methodological angle. We believe it effectively frames the paper’s longitudinal scope and the evolving nature of cybercrime in the Greek context. At the same time, detailed findings on specific threats such as financial fraud, data breaches, and online harassment are thoroughly addressed in the analysis sections of the manuscript.

Introduction and Motivation

Reviewer Comment:
The paper also contains too broad statements like "major threat to societies worldwide." There is repeated citation, and no motivation for why Greece is a critical case.

Response:
We fully agree with the reviewer that the original introduction contained overly general statements and lacked sufficient motivation for the choice of Greece as a case study. In response:

• We removed vague generalizations such as “a major threat to societies worldwide” and replaced them with precise, data-driven statements grounded in recent statistics. For example, we now refer to cybercrime-related damages in 2023 as exceeding €10 billion across the EU (Europol) and $12.5 billion in the US (FBI), providing a clearer quantitative basis for the problem’s global significance.

• The discussion of the literature has been improved to avoid redundancy. Specifically, we clarified that sources [1] and [2] offer distinct perspectives: one explores the intersection of cybercrime and civil protection, while the other examines legal and economic implications in developing contexts. The revised manuscript synthesizes their contributions rather than presenting them in parallel.

• Most importantly, we now provide a robust justification for the Greek case study. The revised introduction highlights Greece’s geopolitical importance, EU and NATO membership, historically limited cybersecurity resources, growing digital dependence, and its strategic exposure to hybrid threats in the Eastern Mediterranean region. We argue that these features make Greece a highly relevant national context for assessing emerging cybercrime threats—an area where empirical research remains sparse.

These revisions significantly improve the structure and specificity of the introduction while anchoring the study within both global and national debates.

Theoretical Framework and Methodology

Reviewer Comment:
Routine Activity Theory and Wall’s typologies are mentioned but not applied. The study is descriptive and lacks hypothesis testing. Underreporting is not quantified. Dataset is limited to official reports.

Response:
We are grateful for this critical and constructive feedback, which prompted us to expand the theoretical and methodological sections significantly.

• On theory integration: We have deepened the application of Routine Activity Theory (RAT) and Wall’s cybercrime typology. We now use RAT to interpret patterns in key categories such as financial fraud and personal data breaches, analyzing how the convergence of motivated offenders, suitable targets, and inadequate digital guardianship explains the rise of these threats. Similarly, Wall’s framework allows us to differentiate between cyber-enabled (e.g., harassment, fraud) and cyber-dependent (e.g., malware, intrusions) crimes, helping us better understand shifts in case composition. These discussions appear in the revised “Related Works” section and are reinforced in the Discussion.

• On descriptive design: The paper is indeed descriptive rather than hypothesis-driven, and we now explicitly state that this choice is a response to the lack of structured, longitudinal datasets in Greece. Our intention is to provide a foundational empirical mapping that can serve as a reference point for future hypothesis-testing research. We highlight this in the updated Introduction and Methodology sections.

• On underreporting: The paper already acknowledged underreporting, but we now expand on this issue in the revised “Methodology and Limitations” section. We explain that small businesses, marginalized communities, and certain crime types (e.g., blackmail, extortion) are likely underrepresented in police reports. While we cannot provide quantified estimates due to the absence of national victimization surveys, we suggest potential strategies for future studies: anonymous reporting systems, surveys, and inter-agency data sharing frameworks.

• On dataset scope: We explicitly clarify that the dataset comprises only officially recorded cases handled by the Cyber Crime Division of the Hellenic Police and does not include private-sector incident reports or cases resolved without law enforcement involvement. This limitation is now more prominently highlighted, along with its implications for generalizability.

Results and Interpretation

Reviewer Comment:
Comparisons across years are methodologically difficult due to changes in classification. There are no statistical analyses or regression models. No reference to geopolitical or national security implications. No estimate of economic losses.

Response:
We thank the reviewer for highlighting these important issues, which we have addressed as follows:

• On historical data harmonization: We explain in the Methodology section that comparisons across 2009, 2012, and 2023 are inherently limited by changes in classification systems. A harmonization effort was undertaken by regrouping original categories into broader, analytically consistent clusters, and we now explicitly state that direct comparability is constrained. Readers are advised to interpret time trends as indicative, not definitive.

• On statistical analysis (especially Figure 2):
  We acknowledge the reviewer’s point that statistical validation (e.g., regression, confidence intervals, significance tests) is absent. The underlying reason is methodological: the dataset includes only three time points over a 15-year period (2009, 2013, 2023), which precludes the use of formal time series analysis or trend testing due to lack of statistical power and non-equidistant observations.

Figure 2 is explicitly intended as a descriptive visualization of changes in the distribution of cybercrime categories over time, rather than as a basis for inferential conclusions. We have revised the Methods section to clearly define this limitation and included a cautionary note in the Results section. The Limitations section now reiterates that the study should be interpreted as exploratory.

• On national vulnerabilities and geopolitical context:
  We added new content in the Discussion section outlining Greece’s exposure to cybersecurity threats due to its geographic location, role in regional energy and communications infrastructure, and its position at the EU’s southeastern border. These vulnerabilities increase the risk of cross-border attacks, disinformation campaigns, and critical infrastructure breaches. We also reference the challenges Greece has faced in implementing the NIS and NIS2 Directives, including institutional fragmentation and underinvestment in SME compliance mechanisms.

• On economic impact:
  Although official national estimates are lacking, we now cite Anderson et al. to contextualize the global financial costs of cybercrime. We also call for the development of dedicated mechanisms in Greece for tracking the economic burden of cybercrime across public, private, and individual levels.

Novelty, Contribution to Literature, and References

Reviewer Comment:
The manuscript overstates the novelty of the dataset. It does not advance cybercrime theory. No policy evaluation of EU-level directives.

Response:
We appreciate this comment and have adjusted our claims accordingly.

• On dataset novelty:
  We revised the language in both the Introduction and Methodology to avoid overstatements. We no longer claim the dataset is “first” or “unprecedented.” Instead, we describe it as the most recent and longitudinally structured public dataset of cybercrime incidents handled by law enforcement in Greece. We now cite relevant prior studies (e.g., Vlachos et al., Papanikolaou et al.) to position our work as an extension and systematization of earlier efforts.

• On theoretical advancement:
  While the study does not refute or redefine cybercrime theory, it contributes to theory application by using RAT and Wall’s typology to interpret empirical findings in a national context that is typically underrepresented in the literature. These frameworks provide useful lenses to categorize and explain the empirical patterns revealed by the data.

• On policy evaluation:
  We have added a new subsection that discusses the status and challenges of implementing the NIS and NIS2 Directives in Greece. We highlight barriers such as limited inter-agency coordination, technical capacity gaps, and lack of standardized reporting obligations. This analysis supports the need for improved compliance monitoring and greater resource allocation at the national level.

Figures and Tables

Reviewer Comment:
Table 1 is based on irregular time points. The “Other” category is vague. Figure 1 lacks annotations. Figure 2 lacks statistical validation.

Response:
We carefully revised all visual elements in the manuscript:

• Table 1: We clarified the rationale for using 2009, 2013, and 2023 as reference years and added footnotes explaining the limitations of temporal comparison. We also restructured the “Other” category by merging smaller classifications into analytically meaningful groups. As a result, the residual "uncategorized" segment has been minimized.

• Figure 1: We improved its clarity by adding absolute values next to percentages, enhancing interpretability. We also adjusted the layout to eliminate label overlap and truncation issues (e.g., long category names like “Expressions of Intent to Commit Suicide”).

• Figure 2: As noted above, this figure is meant to illustrate exploratory trends, not produce statistically validated conclusions. We revised the text and methods accordingly and added a limitation note cautioning against over-interpretation.

Language Editing Statement

Reviewer Comment:
English style could be improved.

Response:
The manuscript has been linguistically reviewed and edited using ChatGPT (OpenAI) strictly for clarity and formatting, as the authors are not native English speakers. All content, interpretations, and analyses remain entirely the authors’ responsibility.

Final Remarks

We thank Reviewer 1 again for their valuable critique. The points raised were instrumental in helping us refine the manuscript, clarify our scope and methodology, and enhance its theoretical, empirical, and policy relevance. We hope the revised version now meets your expectations and contributes meaningfully to the ongoing discussion on cybercrime and digital security in Europe.

Reviewer 2 Report

Thank you for the opportunity to re-review this article. The authors have sufficiently amended and corrected the manuscript in accordance with the recommendations. I still recommend minor edits before acceptance, though, regarding structure. Please see Detailed comments.  

The structure of the manuscript needs attention and minor restructuring work. Currently, point 4 is entitled: 4. Methodology, Limitations, Results, and Discussion. AND 5. Discussion. 

I recommend changing these section titles to 4: Methodology and Results, and 5: Discussion and Limitations; respectively.

Additionally, to better align with the academic article structure, the current Limitations section should be moved to the end of 5. Discussion section.

Author Response

We sincerely thank the reviewer for their kind and constructive comments, which helped refine the manuscript. In response to the suggestion regarding structural clarity, we have revised the section titles to improve consistency. Specifically, we have removed “Discussion” from Section 4, which now appears as “Methodology, Limitations and Results.” Section 5 remains dedicated to the Discussion.
While we have retained the Limitations subsection within Section 4, we reviewed the organization carefully to ensure the manuscript remains coherent and clearly presented. We are grateful for the reviewer’s valuable input and supportive evaluation.

Round 3

Reviewer 1 Report

The introduction is broad, referencing global developments in cybercrime, but does not effectively set out why Greece represents a unique or urgent case study. There is little discussion of the research gap. The essay states that there is increasing cybercrime but does not clarify what is missing from existing Greek or EU literature. Research objectives are not clearly articulated, so that readers cannot predict the scope and contribution of the study. Some arguments depend on general descriptions for instance, cybercrime is a universal threat that lack solid empirical basis, making the first argument of the paper weak. On the other hand, the literature review is generic and draws on generic European or global reports, but does not include critical synthesis emphasizing convergences, divergences, or research gaps. Very few academic peer-reviewed journals are used; most of the quoted material appears to be policy documents and statistics, which is not enhancing academic depth. It is not adequately connecting international trends with the Greek reality, which feels like two parallel narratives, global trends and Greece that are not well consolidated.

Critical cybercrime theory from such fields as routine activity theory, deterrence theory, or socio-technical theories is excluded, restricting conceptual richness. While the paper presents Greek cybercrime descriptive statistics, findings are inconclusive and analytically thin. Most of the data remains secondary in origin without a clear methodological framework for synthesizing. It sets out the numbers and statistics in isolation, not much comparative or inferential analysis. The results therefore read more like a recitation of facts than closely analyzed evidence that produces definitive conclusions. There is no suggestion that it has any form of organized primary survey or empirical work on the ground but makes do with secondary reports and statistics. This limits originality and weakens the strength of its arguments.

The paper's title leads one to expect in-depth analysis of new trends and challenges of cybercrime in Greece. However, the context is occupied with general cybercrime issues at the European level before pinpointing Greece and therefore there is a degree of disconnect. Also, despite the title's suggestion of specialization in "emerging threats," a majority of the discussion rehashes already proven cybercrime trends rather than addressing truly innovative or emerging issues. The discussion section is also inclined to reprise descriptive findings without adding more in-depth theoretical or practical findings. The policy, law enforcement, and cybersecurity policy implications for Greece are briefly mentioned but not firmly attached to the conclusions.

The paper acknowledges the existence of challenges but lacks a rich enough exploration of potential defense and mitigation measures. Accordingly, the discussion is sub-elaborated relative to the aims outlined in the paper. The narrative flow is slightly uneven, oscillating between wide European contexts and Greece-specific views with clashing transitions. The use of words at times overemphasizes broadness, but the basis for evidence remains behind. The paper might be more effective with more precise definitions of emerging threats such that these can be easily distinguished from existing or prevailing cybercrime issues. The shortcomings in result presentation, data collection, title relevance, and discussion are all interconnected.

The paper is not founded on an apparent and coherent methodological segment. It does not appear apparent whether the study should either be empirical, conceptual, or a policy review. Data sources are not necessarily clarified. For instance, when quoting figures, the paper does not clarify how the data were collected, their range, and limitations. There is no formal research plan outlined consist of sampling frame, analysis procedures or validation plan, which creates doubt about the reliability of the findings. Of course, without method control, the findings or result provided here could be impressionistic or anecdotal rather than based on evidence. The absence of even a mini-primary survey, interviews, or case studies makes the study excessively reliant on secondary reports and, thus, confines originality.

The title promises new and Greece-related facts, but the discoveries are largely secondary and descriptive, hence the resultant discussion is shallow than critical. Without primary data or more rigorous analysis, the research risks being more of a collection of reports available rather than an original work of academia. To strengthen the paper, writers ought to (1) incorporate primary research or stronger empirical foundation, (2) focus the scope in order to better match the title, and (3) include stronger concrete recommendations for Greek policymakers, law enforcers, and cyber defense actors.

The tables and figures in this case complement the descriptive nature of the paper but somehow it does not elevate the analysis to a higher level. Rather than being windows of additional insight, it could be more likely to be proofs of what is already known as an increase in cybercrime. In fact, it could do better if followed by comparative or trend analysis (Greece/EU/global averages). Also, tables can be redesigned to highlight gaps, contradictions, or priorities and not just to present information. In addition, the numbers shown can be more into contextualized to be better in the text, especially to support research questions and implications.

Author Response

We would like to thank you and the reviewer for the constructive and detailed feedback on our manuscript. We carefully revised the paper to address the concerns raised. Below we provide a point-by-point response to the reviewer’s comments, showing the changes made. Reviewer comments appear in italics, followed by our responses.

Major Comments

1. “The introduction is broad, referencing global developments in cybercrime, but does not effectively set out why Greece represents a unique or urgent case study. There is little discussion of the research gap. Research objectives are not clearly articulated.”

Response:
The Introduction was rewritten to:

• Emphasize why Greece is a unique case: dominance of fraud, SME-heavy economy, systemic underreporting, and its position as an EU and NATO member in the Eastern Mediterranean.

• Explicitly state the research gap: very few peer-reviewed academic studies on Greek cybercrime exist, with most prior work limited to policy reports and descriptive accounts.

• Clearly articulate the objectives: (1) to analyze longitudinal trends (2009–2023) in Greek cybercrime, (2) to compare them with EU and global developments, and (3) to assess implications for legislation, law enforcement, and policy.

2. “The literature review is generic and draws on global reports but lacks critical synthesis. Very few academic peer-reviewed journals are used; it is not adequately connecting international trends with the Greek reality.”

Response:
We revised Section 2 (Literature Review) to:

• Add peer-reviewed academic sources, including Cohen & Felson (1979), Nagin (2013), Bada et al. (2019), Vlachos et al. (2011), Papanikolaou et al. (2014), and Papathanasiou et al. (2023).

• Introduce critical cybercrime theories: Routine Activity Theory, Deterrence Theory, and socio-technical perspectives.

• Provide synthesis: highlighting convergences (fraud as a global and Greek threat), divergences (ransomware/BEC dominant in EU/US vs. fraud in Greece), and identifying gaps (lack of offender/victim studies, underreporting).

3. “Critical cybercrime theory … is excluded, restricting conceptual richness.”

Response:
We addressed this by integrating Routine Activity Theory, Deterrence Theory, and socio-technical perspectives not only in the literature review, but also in the Results and Discussion, where theory is applied to interpret fraud persistence, underreporting, and the impact of AI/cryptocurrency.

4. “The paper presents descriptive statistics; findings are inconclusive and analytically thin. Data are secondary in origin without a clear methodological framework. Results read more like a recitation of facts than analyzed evidence.”

Response:

• In Section 3 (Methodology) we clarified that the data come from the Hellenic Police Cyber Crime Division, where two authors serve as officers. These are primary operational statistics, analyzed in aggregated form, not simply secondary reports.

• We described the dataset (2009, 2012, 2023), harmonization across inconsistent categories, and classification logic.

• We acknowledged limitations: underreporting, lack of offender profiles, small number of time points.

• In Section 4 (Results), numbers are now accompanied by comparative analysis (e.g., Greece’s fraud dominance vs. EU ransomware prevalence), theoretical framing (fraud through RAT; underreporting through deterrence theory; AI exploitation through socio-technical theory), and links to legislation (e.g., animal cruelty laws).

5. “The title leads one to expect emerging threats, but the context is occupied with general issues … disconnect between title and content.”

Response:
We changed the title to “Trends and Challenges in Cybercrime in Greece.”

• This avoids over-promising “emerging threats” and instead reflects the true scope of the paper: longitudinal trends and policy/operational challenges.

• It ensures closer alignment between the title and the actual content of the study, directly addressing the reviewer’s concern.

6. “The discussion section is inclined to reprise descriptive findings without in-depth theoretical or practical analysis. Policy implications are mentioned briefly but not attached to conclusions.”

Response:
The Discussion was fully rewritten to:

• Begin with explicit theory framing (RAT, deterrence, socio-technical).

• Tie each subsection to Greek findings (fraud dominance, minors/vulnerable groups, unauthorized access, institutional workload).

• Provide comparisons with EU and US trends (e.g., ransomware vs. Greek fraud).

• Expand policy implications, showing how Greece’s fraud persistence and underreporting require SME support programs, inter-agency cooperation, and real-time EU intelligence sharing.

• Explicitly connect conclusions to findings and theory.

7. “The paper acknowledges challenges but lacks exploration of defense and mitigation measures. Narrative flow uneven, oscillating between European context and Greece.”

Response:
We improved flow by consistently structuring results and discussion around Greece → EU/global comparison → theory → implications.
We expanded exploration of defense and mitigation measures, including:

• National-level KPIs (Legislative Compliance Rate, Incident Resolution Rate, Conviction Rate).

• SME-specific resilience measures (subsidized training, awareness campaigns).

• Law enforcement modernization (forensics, blockchain analysis).

• Civil society roles (NGO awareness, academic partnerships).

8. “The paper is not founded on a coherent methodological segment … data sources not clarified … no research plan … originality limited.”

Response:
We revised Section 3 to provide a coherent methodology:

• Defined the study as secondary analysis of primary operational statistics.

• Explained data sources, harmonization, and categorization.

• Explicitly acknowledged limitations (aggregation, underreporting).

• Outlined a future research plan: victimization surveys, offender interviews, case studies, and evaluation of laws like NIS2.
  This clarifies originality while being transparent about constraints.

Detailed Comments

“The title promises new Greece-related facts but the discoveries are secondary and descriptive.”

Response: Addressed by the title change and by adding theory, comparison, and analysis throughout the results and discussion.

“Tables and figures remain descriptive … could be improved by comparative analysis (Greece/EU/global).”

Response: Tables and figures are now contextualized against Europol IOCTA and FBI IC3 data, showing divergences and continuities.

“Numbers should be better contextualized to support research questions and implications.”

Response: Each results subsection now includes theoretical interpretation and policy implications tied directly to the numbers.

Conclusion

In revising the manuscript, we have:

• Refocused the title for accuracy.

• Strengthened the introduction with a clear research gap and objectives.

• Expanded the literature review with peer-reviewed sources and theory.

• Clarified the methodology and highlighted originality.

• Reframed the results with comparative, theoretical, and legislative insights.

• Deepened the discussion with policy implications and clearer flow.

• Added a future research agenda with KPIs, offender/victim studies, and evaluation of laws.

We believe the revised manuscript now meets the reviewer’s concerns by offering a more rigorous, theory-driven, and policy-relevant contribution.

We thank you again for your helpful comments, which have significantly improved our work.