Abstract
Cybercrime is rising rapidly in India. Developing economies such as India face unique cybercrime risks. This paper examines cybercrime and cybersecurity in India. The literature on which this paper draws is diverse, encompassing the work of economists, criminologists, institutionalists and international relations theorists. We develop a framework that delineates the relationships of formal and informal institutions, various causes of prosperity and poverty and international relations related aspects with cybercrime and cybersecurity and apply it to analyze the cybercrime and cybersecurity situations in India. The findings suggest that developmental, institutional and international relations issues are significant to cybercrime and cybersecurity in developing countries.
Similar content being viewed by others
Notes
It is important to recognize that, as is the case of any underground economy [17], estimating the size of a country’s cybercrime industry and its ingredients such as reporting rate is a challenging task. Cybercrime-related studies and surveys are replete with methodological shortcomings, conceptual confusions, logical challenges and statistical problems [18].
References
KPMG (2014).Cybercrime survey report 2014. Retrieve from www.kpmg.com/in.
indolink.com (2012). India battles against cyber crime. Retrieved from http://www.indolink.com/displayArticleS.php?id=102112083833.
Rid, T. (2012). Think again: cyberwar. Foreign Policy, 192, 1–11.
bbc.co.uk (2012). ‘Spam capital’ India arrests six in phishing probe. Retrieved from http://www.bbc.co.uk/news/technology-16392960.
King, R. (2011). Cloud, mobile hacking more popular: Cisco. Retrieved from http://www.zdnet.com/cloud-mobile-hacking-more-popular-cisco-1339328060/.
Aaron, G., & Rasmussen, R. (2012). Global phishing survey: Trends and domain name use in 2H2011, APWG, Retrieved from http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H2011.pdf.
Kshetri, N. (2010). The economics of click fraud. IEEE Security and Privacy, 8(3), 45–53.
Internet Crime Complaint Center (2011). 2010 internet crime report. Retrieved from http://www.ic3.gov/media/annualreport/2010_ic3report.pdf.
Kshetri, N. (2009). Positive externality, increasing returns and the rise in cybercrimes. Communications of the ACM, 52(12), 141–144.
cio.de (2014). India’s biometric ID project is back on track. Retrieve from http://www.cio.de/index.cfm?pid=156&pk=2970283&p=1.
Thomas, T.K. (2012). Govt will help fund buys of foreign firms with high-end cyber security tech. Retrieved from http://www.thehindubusinessline.com/industry-and-economy/info-tech/article3273658.ece?homepage=true&ref=wl_home.
Chockalingam, K. (2003). Criminal victimization in four major cities in southern India. Forum on Crime and Society, 3(1/2), 117–126.
Holtfreter, K., VanSlyke, S., & Blomberg, T. G. (2005). Sociolegal change in consumer fraud: from victim-offender interactions to global networks. Crime Law and Social Change, 44, 251–275.
Kumar, J. (2006). Determining jurisdiction in cyberspace. The Social Science Research Network (SSRN). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=919261.
Sharma, V. D. (2002). International crimes and universal jurisdiction. Indian Journal of International Law, 42(2), l39–l55.
Benson, M. L., Tamara D. M & John E. E. (2009). White-collar crime from an opportunity perspective. In S. S. Simpson & D. Weisburd (Eds.) The criminology of white-collar crime (pp 175–193). Heidelburg: Springer International Publishing.
Naylor, R. T. (2005). The rise and fall of the underground economy. Brown Journal of World Affairs, 11(2), 131–143.
Kshetri, N. (2013). Reliability, validity, comparability and practical utility of cybercrime-related data, metrics, and information. Information, 4(1), 117–123.
Hindustan Times (2006). Securing the web.
Aggarwal, V. (2009). Cyber crime’s rampant. Express Computer. Retrieved 27 October, 2009,from http://www.expresscomputeronline.com/20090803/market01.shtml.
Narayan, V. (2010). Cyber criminals hit Esc key for 10 yrs.. Retrieved from http://timesofindia.indiatimes.com/city/mumbai/Cyber-criminals-hit-Esc-key-for-10-yrs/articleshow/6587847.cms.
Hagan, J., & Parker, P. (1985). White-collar crime and punishment: class structure and legal sanctioning of securities violations. American Sociological Review, 50, 302–316.
Pontell, H. N., Calavita, K., & Tillman, R. (1994). Corporate crime and criminal justice system capacity. Justice Quarterly, 11, 383–410.
Shapiro, S. (1990). Collaring the crime, not the criminal: reconsidering the concept of white-collar crime. American Sociological Review, 55, 346–365.
Tillman, R., Calavita, K., & Pontell, H. (1996). Criminalizing white-collar misconduct: determinants of prosecution in savings and loan fraud cases. Crime Law and Social Change, 26(1), 53–76.
Kshetri, N. (2010). The global cybercrime industry: Economic, institutional and strategic perspectives. New York, Berlin and Heidelberg: Springer.
Kshetri, N. (2010). Diffusion and effects of cybercrime in developing economies. Third World Quarterly, 31(7), 1057–1079.
UNDP (2006). Country evaluation: Assessment of development results Honduras, New York: United Nations Development Programme Evaluation Office. Retrieved from http://web.undp.org/evaluation/documents/ADR/ADR_Reports/ADR_Honduras.pdf.
Tanaka, V. (2010). The ‘informal sector’ and the political economy of development. Public Choice, 145(1/20), 295–317. 23.
Kshetri, N. (2015). India’s cybersecurity landscape: the roles of the private sector and public-private partnership. IEEE Security and Privacy, 13(3), 16–23.
Bures, O. (2013). Public-private partnerships in the fight against terrorism? Crime Law and Social Change, 60(4), 429–455.
Salifu, A. (2008). Can corruption and economic crime be controlled in developing economies - and if so, is the cost worth it? Journal of Money Laundering Control, 11(3), 273–283.
Granovetter, M. (1985). Economic action and social structure: The problem of embeddedness. American Journal of Sociology, 91(3), 481–510.
Parto, S. (2005). Economic activity and institutions: Taking Stock, Journal of Economic Issues, 39(1), 21–52.
Baumol, W. J. (1990). Entrepreneurship: Productive, unproductive, and destructive. Journal of Political Economy 98(5), 893–921.
North, D. C. (1990). Institutions, institutional change and economic performance. Cambridge: Harvard University Press.
Lewis, A. (1954). Economic development with unlimited supplies of labour. Manchester School of Economic and Social Studies, XXII (May 1954), 139–91.
Chenery, H. B. (1975). The structuralist approach to development policy. The American Economic Review, 65(2), Papers and Proceedings of the Eighty-seventh Annual Meeting of the American Economic Association, 310–316.
Acemoglu, D. (2005). Political economy of development and underdevelopment, Gaston Eyskens Lectures, Leuven, Department of Economics, Massachusetts Institute of Technology, Retrieved from http://economics.mit.edu/files/1064.
Acemoglu, D., Johnson,S., & Robinson.A.J. (2005). Institutions as a fundamental cause of long-run Growth, Handbook of Economic Growth, IA. Edited by Philippe Aghion and Steven N. Durlauf Elsevier B.V., Retrieved from http://baselinescenario.files.wordpress.com/2010/01/institutions-as-a-fundamental-cause.pdf.
de Laiglesia, J. R. (2006). Institutional bottlenecks for agricultural development a stock-taking exercise based on evidence from Sub-Saharan Africa. OECD Development Centre Working Paper No. 248, Research programme on: Policy Analyses on the Institutional Requirements for Advancing Peace and Development in Sub-Saharan Africa, Retrieved from http://www.oecd.org/dev/36309029.pdf.
Greif, A. (1994). Cultural beliefs and the organization of society: a historical and theoretical reflection on collectivist and individualist societies. Journal of Political Economy, 102, 912–950.
Jones, E. L. (1981). The European miracle: Environments, economies, and geopolitics in the history of Europe and Asia. New York: Cambridge University Press.
Andreas, P. (2011). Illicit globalization: myths, misconceptions, and historical lessons. Political Science Quarterly, 126(3), 403–425.
Kshetri, N. (2005). Pattern of global cyber war and crime: a conceptual framework. Journal of International Management, 11(4), 541–562.
Roland, G. (2004). Understanding institutional change: fast-moving and slow-moving institutions. Studies in Comparative International Development, 28(4), 109–131.
Cohen, W., & Levinthal, D. (1990). Absorptive capacity: a new perspective on learning and innovation. Administrative Science Quarterly, 35, 128–152.
Dahlman, L., & Nelson, R. (1995). Social absorption capability, national innovation systems and economic development. In B. H. Koo & D. H. Perkins (Eds.), Social capability and long-term growth (pp. 82–122). Basingstoke: Macmillan Press.
Niosi, J. (2008). Technology, development and innovation systems: an introduction. Journal of Development Studies, 44(5), 613–621.
Kim, S. H., Wang, Q., & Ullrich, J. B. (2012). A comparative study of cyberattacks. Communications of the ACM, 55(3), 66–73.
Hawser, A. (2011). Hidden threat. Global Finance, 25(2), 44.
Kirk, J. (2012). Microsoft finds new PCs in China preinstalled with malware. Retrieve from http://www.pcworld.com/article/262308/microsoft_finds_new_computers_in_china_preinstalled_with_malware.html.
Benson, M., Cullen, F., & Maakestad, W. (1990). Local prosecutors and corporate crime. Crime and Delinquency, 36, 356–372.
Andreas, P., & Price, R. (2001). From war fighting to crime fighting: transforming the American National Security State. International Studies Review, 3(3), 31–52.
Collins, A. (2003). Security and Southeast Asia: domestic, regional, and global issues. Lynne Rienner Pub
Wenping, H. (2007). The balancing act of China’s Africa policy. China Security, 3 (3), summer, 32–40.
Kshetri, N. (2013). Cybercrime and cybersecurity in the global south. Houndmills, Basingstoke: Palgrave Macmillan.
Kshetri, N. (2013). Cybercrimes in the former Soviet Union and Central and Eastern Europe: current status and key drivers. Crime Law and Social Change, 60(1), 39–65.
Kshetri, N., & Dholakia, N. (2009). Professional and trade associations in a nascent and formative sector of a developing economy: a case study of the NASSCOM effect on the Indian offshoring industry. Journal of International Management, 15(2), 225–239.
Oxley, J. E., & Yeung, B. (2001). E-commerce readiness: institutional environment and international competitiveness. Journal of International Business Studies, 32(4), 705–723.
Sobel, A. C. (1999). State institutions, private incentives, global capital. Ann Arbor: University of Michigan Press.
Lancaster, J. (2003). In India’s creaky court system, some wait decades for justice; 82- year-old man still fighting charges dating to 1963. The Washington Post 27.
Edelman, L. B., & Suchman, M. C. (1997). The legal environments of organizations. Annual Review of Sociology, 23, 479–515.
Greenwood, R., & Hinings, C. R. (1996). Understanding radical organizational change: bringing together the old and the new institutionalism. Academy of Management Review, 21(4), 1022–1054.
catindia.gov.in (2014). History, Retrieve September 22, 2014, Retrieve from http://catindia.gov.in/History.aspx. Cyber Appellate Tribunal, Government of India.
Singh, S.R. (2014). India’s only cyber appellate tribunal defunct since 2011. Retrieve from http://www.hindustantimes.com/india-news/india-s-only-cyber-appellate-tribunal-defunct-since-2011/article1-1235073.aspx.
Duggal, P. (2004). What’s wrong with our cyber laws? Retrieved from http://www.expresscomputeronline.com/20040705/newsanalysis01.shtml.
Anand, J. (2011). Cybercrime up by 700% in Capital. Retrieved from http://www.hindustantimes.com/India-news/NewDelhi/Cyber-crime-up-by-700-in-Capital/Article1-766172.aspx.
Nolen, S. (2012). India’s IT revolution doesn’t touch a government that runs on paper. The Globe and Mail (Canada), A1.
indiatimes.com (2011b). Most Gurgaon IT, BPO companies victims of cybercrime: survey. Retrieved from http://timesofindia.indiatimes.com/city/gurgaon/Most-Gurgaon-IT-BPO-companies-victims-of-cybercrime-Survey/articleshow/10626059.cms.
Rahman, F. (2012). Views: Tinker, tailor, soldier, cyber crook. Retrieved from http://www.livemint.com/2012/04/06111007/Views--Tinker-tailor-soldie.html?h=A1.
timesofindia.com (2009). Nigerians held for internet fraud, May 28. Retrieved March 1, 2011 from http://articles.timesofindia.indiatimes.com/2009-05-28/kolkata/28212706_1_kolkata-police-prize-moneyracket/2.
indiatimes.com (2011a). Two including Nigerian held for job fraud. Retrieved from http://articles.timesofindia.indiatimes.com/2011-02-16/gurgaon/28551786_1_nigerian-gang-job-racket-bank-account.
Saha, T., & Srivastava, A. (2014). Indian women at risk in the cyber space: a conceptual model of reasons of victimization. International Journal of Cyber Criminology, 8(1), 57–67.
timesofindia.indiatimes.com (2013). Government releases national cyber security policy 2013. Retrieve from http://timesofindia.indiatimes.com/tech/it-services/Government-releases-National-Cyber-Security-Policy-2013/articleshow/20874965.cms.
Doval, P. (2013). Govt orders security audit of IT infrastructure. Retrieve from http://timesofindia.indiatimes.com/tech/tech-news/Govt-orders-security-audit-of-IT-infrastructure/articleshow/38398644.cms.
De Mooij, M. K. (1998). Global marketing and advertising: Understanding cultural paradoxes. CA: Sage.
The Economist. (2005). Business: busy signals; Indian call centres. The Economist, 376(8443), 66.
Mishra, B.R. (2010). Wipro unlikely to take fraud accused to court, business-standard.com. Retrieved March 1, 2011, from http://www.business-standard.com/india/news/wipro-unlikely-to-take-fraud-accused-to-court/386181/.
Phukan, S. (2002). IT ethics in the Internet age: New dimensions. InSITE. Retrieved October 27,2005, from http://proceedings.informingscience.org/IS2002Proceedings/papers/phuka037iteth.pdf.
Sawant, N. (2009).Virtually speaking, crime in the city on an upward spiral, Times of India. Retrieved from http://timesofindia.indiatimes.com/news/city/mumbai/Virtually-speaking-crime-in-the-city-on-an-upward-spiral/articleshow/5087668.cms, accessed 27 October 2009.
PRLog (2011). India Plans to set-up state-of-the-art information technology institute to combat cybercrime: India requires 2.5 lakh cyber specialists to deal with the menace of cybercrime. Retrieved from http://www.prlog.org/11302019-india-plans-to-set-up-state-of-the-art-information-technology-institute-to-combat-cybercrime.html.
Saraswathy, M. (2012). Wanted: ethical hackers. Retrieved from http://www.wsiltv.com/news/three-states/Protect-Yourself-from-Cyber-Crime-139126239.html.
ciol.com (2012). Most Indians unaware of security solns: study. Retrieved from http://www.ciol.com/Infrastructure-Security/News-Reports/Most-Indians-unaware-of-security-solns-study/161905/0/.
foxnews.com (2012). Indian lawmakers filmed ‘watching porn on phone during assembly’ resign. Retrieved from http://www.foxnews.com/world/2012/02/08/indian-lawmakers-filmed-watching-porn-on-phone-during-assembly-resign/.
The World Bank Group (2014). Researchers in R&D (per million people). Retrieve from http://data.worldbank.org/indicator/SP.POP.SCIE.RD.P6?page=2.
rediff.com (2008). Researchers? Only 156 per million in India. Retrieved from http://www.rediff.com/money/2008/mar/12rnd.htm.
Economictimes (2005). R&D in India: The curtain rises, the play has begun, August 24. Retrived August 11, 2011 from: http://economictimes.indiatimes.com/rd-in-india-the-curtain-rises-the-play-hasbegun/articleshow/1207024.cms.
Shaftel, D., & Narayan, K. (2012). Call centre fraud opens new frontier in cybercrime. Retrieved September 1, 2016, from http://www.livemint.com/2012/02/26225530/Call-centre-fraud-opens-new-fr.html.
Gardner, T. (2012). Indian call centres selling your credit card details and medical records for just 2p. Retrieved from http://www.dailymail.co.uk/news/article-2116649/Indian-centres-selling-YOUR-credit-card-details-medical-records-just-2p.html.
Economist.com (2007). Imitate or die. http://www.economist.com/node/10053234/ .
Robinson, G. E. (1998). Elite cohesion, regime succession and political instability. Syria Middle East Policy, 5(4), 159–179.
Kshetri, N. (2011). Cloud computing in the global south: drivers, effects and policy measures. Third World Quarterly, 32(6), 995–1012.
Borland, J . (2010). A Four-Day Dive Into Stuxnet’s Heart, December 27. Retrieved 1 September 2016 from https://www.wired.com/2010/12/a-four-day-dive-into-stuxnets-heart/.
Halsey, M. (2011). How is IE6 contributing to China’s growing Cyber-Crimewave? Retrieved from http://www.windows7news.com/2011/12/30/ie6-contributing-chinas-growing-cybercrimewave/.
Greenberg, A. (2007). The top countries for cybercrime. Forbes.com. Retrieved April 9, 2008, from http://www.forbes.com/2007/07/13/cybercrime-world-regions-tech-cx_ag_0716cybercrime.html.
Arnott, S. (2008). Cyber crime stays one step ahead. Retrieved October 27,2009, from http://www.independent.co.uk/news/business/analysis-and-features/cyber-crime-stays-one-step-ahead-799395.html.
Paget, F. (2010). McAfee helps FTC, FBI in case against ‘scareware’ outfit. Retrieved January 26, 2011, from http://blogs.mcafee.com/mcafee-labs/mcafee-helps-ftc-fbi-in-case-against-scareware-outfit.
Fest, G. (2005). Offshoring: feds take fresh look at India BPOs; major theft has raised more than a few eyebrows. Bank Technology News, 18(9), 1.
Engardio, P., Puliyenthuruthel, J., & Kripalani, M. (2004). Fortress India? Business Week, 3896, 42–43.
King, A. A., & Lenox, M. J. (2000). Industry self-regulation without sanctions: the chemical industry’s responsible care program. Academy of Management Journal, 43(4), 698–716.
Vinogradova, E. (2006). Working around the state: contract enforcement in the Russian context. Socio-Economic Review, 4(3), 447–482.
Walzer, M. (1993). Between nation and world: welcome to some new ideologies. The Economist, 328(7828), 49–52. September 11.
Greenwood, R., Suddaby, R., & Hinings, C. R. (2002). Theorizing change: the role of professional associations in the transformation of institutionalized fields. Academy of Management Journal, 45(1), 58–80.
Marshall, R. S., Cordano, M., & Silverman, M. (2005). Exploring individual and institutional drivers of proactive environmentalism in the US wine industry. Business Strategy and the Environment, 14(2), 92–109.
Ahlstrom, D., & Bruton, G. D. (2001). Learning from successful local private firms in China: establishing legitimacy. Academy of Management Executive, 15(4), 72–83.
Scott, W.R. (1992). Organizations: Rational, natural and open systems. Prentice Hall.
Trombly, M. (2006). India tightens security. Insurance Networking & Data Management, 10(1), 9.
Dickson, M., BeShers, R., & Gupta, V. (2004). The impact of societal culture and industry on organizational culture: Theoretical explanations. In R. J. House, P. J. Hanges, M. Javidan, P. W. Dorfman, & V. Gupta (Eds.), Culture, leadership, and organizations: the GLOBE study of 62 societies. Thousand Oaks: Sage Publications.
Lawrence, T. B., Winn, M. I., & Jennings, P. D. (2001). The temporal dynamics of institutionalization. Academy of Management Review, 26(4), 624–644.
Audretsch, D., & Stephan, P. (1996). Company scientist locational links: the case of biotechnology. American Economic Review, 30, 641–652.
Feldman, M. (1999). The new economics of innovation, spillovers and agglomeration: a review of empirical studies. Economics of Innovation and New Technology, 8, 5–25.
Niosi, J., & Banic, M. (2005). The evolution and performance of biotechnology regional systems of innovation. Cambridge Journal of Economics, 29, 343–357.
Rao, H.S. (2006). Outsourcing thriving in Britain despite India bashing. Retrieve from http://www.rediff.com/money/2006/oct/07bpo.htm.
AFX News (2006). India could process 30 pct of US bank transactions by 2010 - report. Retrieve from http://www.finanznachrichten.de/nachrichten-2006-09/7050839-india-could-process-30-pct-of-us-bank-transactions-by-2010-report-020.htm.
Hazelwood, S. E., Hazelwood, A. C., & Cook, E. D. (2005). Possibilities and pitfalls of outsourcing. Healthcare Financial Management, 59(10), 44–48.
Das, G. (2011). Panel to advise govt, IT cos on cloud security on the cards. Retrieved from http://www.financialexpress.com/news/Panel-to-advise-govt--IT-cos-on-cloud-security-on-the-cards/809960/.
Schwartz, K. D. (2005). The background-check challenge. InformationWeek, 59–61.
Indo-Asian News Service (2006). Nasscom to set up self-regulatory organization. September 26.
Cone, E. (2005). Is offshore BPO running aground? CIO Insight, 53, 22.
COMMWEB (2007). India will train police to catch cybercriminals.
DSCI (2014). Cyber Labs. Retrieve from http://www.dsci.in/cyber-labs.
Tribuneindia.com (2005). Outsourcing crime call centre expose can wreak havoc, June 25. Retrieved from http://www.tribuneindia.com/2005/20050625/edit.htm.
Jaishankar, K. (2008). Identity related crime in the cyberspace: examining phishing and its impact. International Journal of Cyber Criminology, 2(1), 10–15.
Segal, A. (2012). Chinese computer games. Foreign Affairs, 91(2), 14–20. 7.
dhs.gov (2011). United States and India Sign Cybersecurity Agreement. Retrieved from http://www.dhs.gov/ynews/releases/20110719-us-india-cybersecurity-agreement.shtm.
Bhaumik, A. (2012). India, allies to combat cybercrime. Retrieved from http://www.deccanherald.com/content/249937/india-allies-combat-cybercrime.html.
Riley, M. (2011). Stolen Credit Cards Go for $3.50 at Amazon-Like Online Bazaar. Retrieved on 1 September 2016 from http://www.bloomberg.com/news/articles/2011-12-20/stolen-creditcards-go-for-3-50-each-at-online-bazaar-that-mimics-amazon.
Trend Micro Incorporated (2011). Trend micro third quarter threat report: Google and oracle surpass microsoft in most vulnerabilities. Retrieved from http://www.sacbee.com/2011/11/14/4053420/trend-micro-third-quarter-threat.html.
Vidyasagar, N. (2004). India’s secret army of online ad ‘clickers’. Retrieved October 27,2008, from http://timesofindia.indiatimes.com/articleshow/msid-654822,curpg-1.cms.
Kehaulani, S. (2006). ‘Click Fraud’ threatens foundation of web ads; Google faces another lawsuit by businesses claiming overcharges. The Washington Post, A.1.
Frankel, R. (2006). Associations in China and India: An overview, European Society of Association Executives. Retrieved from http://www.esae.org/articles/2006_07_004.pdf.
Tandon, N. (2007). Secondary victimization of children by the media: an analysis of perceptions of victims and journalists. International Journal of Criminal Justice Sciences, 2(2), 119–135.
Halder, D., & Jaishankar, K. (2011). Cyber gender harassment and secondary victimization: a comparative analysis of US, UK and India. Victims and Offenders, 6(4), 386–398.
Halder, D., & Jaishankar, K. (2015). Irrational coping theory and positive criminology: A frame work to protect victims of cyber crime. In N. Ronel & D. Segev (Eds.), Positive criminology (pp. 276–291).
Wiesenfeld, B. M., Wurthmann, K. A., & Hambrick, D. C. (2008). The stigmatization and devaluation of elites associated with corporate failures: a process model. Academy of Management Review, 33(1), 231–251.
Hettigei, N.T. (2005). The Auditor’s role in IT development projects. Retrieve from http://www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/The-Auditors-Role-in-IT-Development-Projects1.aspx.
Bradbury, D. (2013). India’s Cybersecurity challenge. Retrieve from http://www.infosecurity-magazine.com/view/34549/indias-cybersecurity-challenge/.
Acknowledgments
The author thanks four anonymous CRIS reviewers for their insightful comments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kshetri, N. Cybercrime and cybersecurity in India: causes, consequences and implications for the future. Crime Law Soc Change 66, 313–338 (2016). https://doi.org/10.1007/s10611-016-9629-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10611-016-9629-3