Select your country

Not finding what you are looking for, select your country from our regional selector:


Inside the criminal mind - Applying criminology theories to Cy-X

Why do people convert to crime? Which thresholds might limit them and what “motivates” them into the wrong direction? Even though we have come a long way since Bonnie & Clyde, some of the same criminology principles can still be applied to cybercrime.   

In a previous article we took a closer look at the definition and victims of Cy-X, the crime of Cyber Extortion. In this article, we explore the application of the criminology theory called Routine Activity Theory (RAT) to the problem of Cy-X. It will help us to understand Cy-X and explore how we can work towards reducing it. 

Applying RAT to Cy-X

The RAT, developed by Cohen & Felson in 1979, states that there are three elements that, when put together, lead to crime: 

  • A motivated offender 

  • A suitable target, either a person or an object 

  • The absence of a capable guardian (which could also be a person or an object) 

So, let’s explore these three elements and the possibilities to reduce any of these factors.  

A motivated offender

According to the RAT, a motivated offender can either be an individual or a group 

that has both the tendency and the ability to commit a crime. It looks at the factors that contribute to a crime becoming a sufficiently attractive option to a ‘rational’ person. 

Most cybercrime activities involve several individuals working together as a group, each with their own set of specialised skills. An offender is therefore usually only a single part in a larger chain. Additionally, criminals are no longer looking their victims in the eyes while holding them at gunpoint, waiting for the teller to fill out the bags at the bank. Moral objections towards a “digital” victim are more easily set aside when they remain abstract.  

Reducing the motivation of the offender

We identify three opportunities to reduce the motivation of a potential offender. 

1. Targeted efforts to reduce criminals’ neutralization techniques 

Extortionists deploy a technique known to criminologists as “neutralization” – a means of overcoming the moral obstacles to perpetrating a crime. They present themselves favourable to the world. Appealing of course to those who are just a small operator in a large group.  

These neutralization techniques should be tackled as part of a broader strategy. 

2. Coordinated law enforcement effort 

The fear of being locked behind bars can set people off from committing a crime. Policing in cyberspace is challenging by nature, even more so as cybercrime isn’t limited to country borders. Effective international law enforcement cooperation will remain difficult until the global community collectively commits to a set of norms and standards that define the kinds of cyberattack activities that fall within the accepted realm of nation-on-nation competition, without having a detrimental impact on the broader civilian and business community. 

3. Reducing the flow of funds from victims 

Money is obviously a large motivator to commit a crime and the offender doesn’t have to wait for the teller anymore. In a previous blog we already mentioned that cryptocurrencies had helped turn ransomware into a viable cybercrime business model. 

Therefore, disrupting the channels of payment is an effective, maybe even the only effective, means of countering cybercrime. There are three broad levers that could be used to choke the flow of payments, namely: 

  • Regulation of payments by the victims. 

  • Regulation of crypto currency systems and service providers. 

  • Regulation of cyber insurance policies and payments. 

A suitable victim

RAT uses the acronym VIVA to describe the factors that make a victim suitable: Value, Inertia, Visibility and Access. These can all be applied to potential Cy-X victims, to which we added another V, namely Vulnerability.  

Reducing the suitability of a victim

Analyses of RAT with regards to real-world crime suggests that there are simple routine choices that can make you less vulnerable to attack. The more vulnerable the victim is, the 

more likely the offender is to commit the crime. 

The following steps can be taken to reduce the suitability of the victim in Cy-X 

based on the VVIVA variables:

  1. Decreasing visibility by reducing the attack surface. 
  2. Decreasing vulnerability by adapting routine practices and improving security hygiene.
  3. Decreasing the time available to an attacker after a compromise through detection and engagement to reduce available access. 
  4. Increasing inertia through encryption, Digital Rights Management and honeytokens to make a digital asset more difficult for a criminal to move.
  5. Decreasing the value of digital assets to the victim by reducing dependence on assets or ensuring resilience through backups and recovery processes. 

The absence of capable guardians

Guardians according to the RAT framework can be either a person or an object. Obvious guardians in the real world are the police and the lock on your front door. 

In the world of cybersecurity, it is easy to see a guardian as a technical instrument, such as a firewall. The security technologies we deploy are analogous to real-world controls like gates, locks, and cameras. 

The “absence” of a suitable guardian in this case would indicate a security controls failure, like patch management, but it can also refer to a shortage of cyber security experts, or to ordinary people who lack the security knowledge and awareness to be considered ‘capable’.  

Because guardianship is much more than technology. It also encompasses people and groups acting in a formal or informal capacity. 

Improving suitable guardians

In order to strengthen the guardianship in cyberspace we need to consider the technological element and the human factor.  

  1. Appreciate the limited potential of security technologies in the complexity of cyberspace. The security technologies we typically deploy are comfortably analogue to the controls we deploy in the physical world. However, the complexity in cyberspace scales exponentially and therefore technologies are not always able to fulfil its intended role.  
  2. Use the power of community in partnership with security service providers and law enforcement. Guardianship needs to emerge first and foremost from a community wanting to protect itself and willing to invest directly with time and effort to do so. From this place of community centered leadership, partnerships with law enforcement and professional service providers can emerge, and therein lies a particular role for the security industry. 


Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.