Cybersecurity Law: Legal Preventions Against Cybercrimes

As one of the most famous businessmen in the United States, Warren Buffet said: "Cybercrimes are the number one problem with mankind, and cyberattacks are a bigger threat to humanity than nuclear weapons"(Olcott, 2017). In the 21st century, we live in a digitalized world where individuals do most of their daily activities online. This digitalized system that individuals are the subject of is highly complex: it includes mobile devices, websites, social media, e-commerce, online banking, and other online management systems. On the other hand, there is an allocation of data and information for companies and states in the digital world, which is born from this system, and in order to keep governance and order safe they need to protect this data. In brief, individuals, organizations, companies, and governments can be victims of cybercrime, and it can cause severe damage. These points demonstrate the accuracy of the statement of Warren Buffet, and, because of that, keeping cyberspace secure is extremely important for everyone, for whole establishments and institutions.

'Cybersecurity' can be defined as protecting digital systems, computers, networks, programs, and personal data from dangerous threats. It is also identified as information technology security (Oruj, 2023). 'Cybersecurity' has three objectives: to secure confidentiality, integrity, and availability. In other words, by cybersecurity applications, data has to be protected from unauthorized access and modification by cybercriminals. These necessities have to be ensured by authorities, management, and administration. The document published to explain cybersecurity strategies by authorities is called cyber strategy. It includes tools, tactics, guidelines, and risk management approaches (Oruj, 2023). Law and regulations play an essential role in the protection of cybersecurity around the world. This article explores various types of cybercrimes and the tools for committing them. Then, we will demonstrate which legal actions are taken against them and which legal actions have been taken.

Ventures For Cybercrimes

'Cybercrimes' are criminal activities that directly attack the targeted computers or network resources and cause several infringements (Ajayi, 2015). Fraudulent activities, unauthorized access, and cyberstalking can be the different types of these infractions (Gordon&Ford, 2006). There are no universally accepted 'cybercriminal classes'. However, hacktivists, cyber terrorists, or state-sponsored hackers can be defined as the generally existing categories in whole countries (Saini et al., 2012). These people can have several motivations to act unlawfully: the balance of cost and benefits is the most important one of these encouragements (Ajayi, 2015). At the same time, feelings such as curiosity or satisfaction can be other incentives for cybercriminals to infringe the law. Cybercrimes can cause colossal damage to the victims. They can corrupt software systems, destroy third-party systems, make websites slower, etc. (Lucas, 2021). They can also cause substantial financial damage from fraud and theft, loss of consumer confidence and reputation, and a risk of birth for several litigations.

There are various types of 'cyberattacks' and several tools to perpetrate these crimes. The first of them is 'malware'. Malicious software can harm the data and devices of people and establishments. There are several forms of malware: Trojan, Spam, Spyware, Adware Viruses, and so on. These softwares seem harmless, but they get into the computer or computer network system without the user's consent, and it can create fallacious network traffic, delete the files in the system or encrypt personal data. Cybercrimes such as cyber espionage and botnets can be realized with malware. The second type of cybercrime is 'identity theft'. This cybercrime makes the perpetrator act like someone else for financial gain and fraud. Criminals act like a different person, like a third party for the targeted users, and they cause business bankruptcy, financial identity theft, or money laundering (Sabillon et al., 2016). Cybercrime, such as phishing and man-in-the-middle attacks, can be defined as versions of identity theft.

Legislations About Cybersecurity

Cybercrimes can cause massive damage to individuals, establishments, countries, and governments. In 2021, the predicted damage for real cybercrimes worldwide was 6 trillion dollars, increasing by 15% yearly. Until this time, governments and individuals have faced several crimes like those. The WannaCry attack, Bronze Soldier Attack, and fraudulent activities in the Presidential Elections of 2016 in the United States of America are among the most popular cyberattacks worldwide, and they cause immense damage. In 2025, it is predicted that the damage that they cost is going to be 10.5 trillion dollars around the world. Taking technical precautions is essential to be protected from these attacks. However, taking legal precautions is as important as technical ones - there must be legal barriers and applications to prevent these attacks worldwide. We can count various countries with legislations about cybercrimes and cybersecurity: Argentina, Australia, European Union, India, Japan, Pakistan, Romania, Singapore, Turkey, and others (Ajayi, 2015).

International Legislations and Treatments

Cybersecurity strategies are viewed as the expression of the high-level vision, goals, principles, and priorities. They can also be commented on as a description of measures, programs, and initiatives of the countries that will implement to protect cyber infrastructure (Oruj, 2023). In the international area, there are several treaties between states for cybersecurity, and there are also declarations of strategies and policies against cybercriminals that international organizations publish. Among them, European Union, NATO, United Nations (UN), OECD have determined strategies against these crimes (Oruj, 2023).

United Nations is the number one organization among states to take global actions against a universal threat, and they also have taken some precautions against cyberattacks. In 1990, the UN adopted a solution for striving against computer crimes and passed legislation about the issue in 2000 (Ajayi, 2015). In addition to UN, Asia-Pacific Economic Cooperation (APEC) declared a Cybersecurity Strategy document in 2002 and included it in their Shanghai Declaration. On the other hand, 34 countries that are members of the OECD came together in the same year, and they published a guideline about cybersecurity called “Guidelines for Security of Information Technology” (Ajayi, 2015).

Until this time, European countries have suffered a lot from cybercrimes, and because of that reason, the European Union has taken several measures for cybersecurity. Convention of Cybercrime (Budapest Convention) is the first legislation of the EU about cybersecurity to deal with infringements and copyrights, fraudulent activities, and network security violations (Ajayi, 2015). In addition to the Budapest Convention, in 2013, the European Union launched a cybersecurity strategy to increase cyber resilience, develop the EU’s cyberdefense strategies and legislations, and establish an international cybersecurity policy (Lucas, 2021). In 2016, the European Council published Cyber Security Directive, including legal measures to help network and information systems (Lucas, 2021).

National Regulations: USA, United Kingdom and Israel

International treaties, legislation, and precautions are fundamental to the fight against cybercriminals. However, there is a term called 'State Sovereignty', so each state has to take measures to keep its citizens secure. The United States and the United Kingdom are the number one countries that take several measures against cybercrimes. On the other hand, European countries, Israel, Germany, China, and Russia also created strict regulations about cybersecurity.

Until now, the US has faced severe cyberattacks and has been the target of criminals in cyberspace worldwide. Research has demonstrated that one out of five online consumers in the United States has become a victim of cybercrime between 2010 and 2012 (Saini et al., 2012). Because of that reason, the US administration has legislated federal statutes and regulations about cybersecurity law. Several establishments are responsible for cybercrimes. For instance, Federal Trade Commission (FTC) is the federal agency that is associated with data security regulations the most. One of the commission's responsibilities is to secure individuals' and establishments' data under section 5 of their act. Health Insurance Portability and Accountability Act can be another example of federal cybersecurity legislation (Kosseff, 2017). In addition to these points, the country has state-based acts of cybersecurity. Arkansas, California, Indiana, Utah, and many other states have security plans and regulations. The strict legislation is based in Massachusetts, which has the most detailed data security regulation in the US and makes companies take the required steps to train their employees about safeguarding their service providers (Kosseff, 2017).

United Kingdom’s damages from cyberattacks are as severe as the damages the US has faced. The government survey in 2020 demonstrates that 80% of businesses in the UK have a priority for the management of cybersecurity. The National Cybersecurity Center has published guidelines for these management and small businesses to keep cyberspace safe (Lucas, 2021). In 19990, the UK legislated the Computer Misuse Act to protect computer users against cyber-attacks and information theft. It was the first regulation of the UK about cybersecurity. In 2016, the British parliament regulated the Investigatory Powers Act to investigate powers, converting interception, data surveillance, and protecting personal data (Lucas, 2021). Counter Terrorism and Security Act 2015, GDPR of the EU, Data Protection Act, Privacy and Electronic Communications Regulation, and Regulation of Investigatory Powers Act are other legislations of the UK about cybersecurity.

Israel is one of the leading countries in cybersecurity, like the US and the United Kingdom. It is the most computerized country in the Middle East, and they have an intelligent institution for cybercrimes called SHABAK (Oruj, 2023). The country has strict legislation about cybersecurity inside its borders, and to enhance this field more, they are expanding overseas. Today, Israel’s cybersecurity system is the infrastructure of 150 companies worldwide.

Lawful Necessities to Be Protected from Cybercrimes in Future

Cyber attacks will continue to be a problem in the future, and they will cause more severe damage to individuals, businesses, and states. In the future, it can lead to data loss and the death of critical systems. According to the Cisco Company, by 2024 the number of devices connected to the internet will be three times more than the number of humans worldwide. So, when communication becomes easier via the internet, it will also be easier for crime organizations to merge and cooperate with their activities (Saini et al., 2012). For instance, a survey in England demonstrated that 82% of individuals predict IoT devices will cause huge problems with cybersecurity issues (Lucas, 2021). Thus, with the development of IoT technologies, individuals and establishments have become more dependent on the digitalized world. When they suffer from a cyberattack, it can cause more severe problems for them if we compare them to today. No legal barriers exist to be protected from these digital criminal activities worldwide. States have their legislations and strategies for cybersecurity, but because of some important reasons, these regulations cannot be enough to prevent cybercrimes. Firstly, criminals can hide their identity easily under the freedom of communication and by using telecommunication gadgets. Especially by changing IP addresses, they can deactivate these legislations. Secondly, Cyberspace is a borderless area, and state sovereignty and territorial integrity cannot be functional here. So, we cannot discuss binding on a single law here (Ajayi, 2015). No instrument can be used for sovereign nations to take criminals for trial. Protecting global cybersecurity is vital to protect these devices and the data of individuals and establishments. However, today, there is even no definition of cybercrimes that is universally accepted legally (Ajayi, 2015).

The 21st century is going to be the century of digitalization. Especially by the development of blockchain and IoT technologies will erase the borders among nations and make people, states, and companies more dependent on their cyberspace. As Warren Buffet says, in the 21st century, cyber threats will be more dangerous than nuclear weapons. So, more than regional legislation is needed. The corporation among states and activities of international organizations like the UN will be significant to keep the digitalized world safe. During the pandemic of Covid-19, the world has seen cooperation among countries that have never been seen before. Like the corporation against the pandemic, a corporation against cybercrimes is significant for our future. By establishing new institutions under the UN or publishing new universal rules against cybercrimes that whole states must implement, our cyberspace will be secure in the 21st century.