Abstract
The popularity of the deterrence perspective across multiple scientific disciplines has sparked a lively debate regarding its relevance in influencing both offenders and targets in cyberspace. Unfortunately, due to the invisible borders between academic disciplines, most of the published literature on deterrence in cyberspace is confined within unique scientific disciplines. This chapter therefore provides an interdisciplinary review of the issue of deterrence in cyberspace. It begins with a short overview of the deterrence perspective, presenting the ongoing debates concerning the relevance of deterrence pillars in influencing cybercriminals’ and cyberattackers’ operations in cyberspace. It then reviews the existing scientific evidence assessing various aspects of deterrence in the context of several disciplines: criminology, law, information systems, and political science. This chapter ends with a few policy implications and proposed directions for future interdisciplinary academic research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akers, R. (2017). Social learning and social structure: A general theory of crime and deviance. New York: Routledge.
Anderson, L. S., Chiricos, T. G., & Waldo, G. P. (1977). Formal and informal sanctions: A comparison of deterrent effects. Social Problems, 25(1), 103–114.
Atzeni, A., & Lioy, A. (2006). Why to adopt a security metric? A brief survey. In Quality of Protection (pp. 1–12). Springer, Boston, MA.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Computers and Security, 39, 145–159.
Beccaria, Cessare. (1963). On crimes and punishments (H. Paolucci, Trans.). Indianapolis: Bobbs-Merrill. (Original work published 1764).
Bentham, J. (1789). The principles of morals and legislation. Amherst: Prometheus Books.
Blakely, B. (2002) Consultants Can Offer Remedies to Lax SME Security. TechRepublic, 6 February 2002, http://techrepublic.com.com/5100-6329-1031090.html.
Boss, S., Galletta, D., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly (MISQ), 39(4), 837–864.
Braga, A. A., & Weisburd, D. L. (2012). The effects of focused deterrence strategies on crime: A systematic review and meta-analysis of the empirical evidence. Journal of Research in Crime and Delinquency, 49(3), 323–358.
Brenner, S. (2001). Cybercrime investigation and prosecution: The role of penal and procedural law. Murdoch University Electronic Journal of Law, 8(2), 2–42.
Chen, Y., Ramamurthy, K., & Wen, K. W. (2012). Organizations’ information security policy compliance: Stick or carrot approach? Journal of Management Information Systems, 29(3), 157–188.
Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers and Security, 39, 447–459.
Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational information security policies: A review and research framework. European Journal of Information Systems, 26(6), 605–641.
D’Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20, 643–658.
D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20, 79–98.
Denning, D., & Baugh, W. (2000). Hiding crimes in cyberspace. In D. Thomas & D. Loader (Eds.), Cybercrime: Law enforcement, security and surveillance in the information age (pp. 105–132). London: Routledge.
Dupont, B. (2017). Bots, cops, and corporations: On the limits of enforcement and the promise of polycentric regulation as a way to control large-scale cybercrime. Crime, Law, and Social Change, 67, 97–116.
Farinholt, B., Rezaeirad, M., Pearce, P., Dharmdasani, H., Yin, H., Le Blond, S., McCoy, D., & Levchenko, K. (2017). To catch a ratter: Monitoring the behavior of amateur darkcomet rat operators in the wild. In 2017 IEEE symposium on Security and Privacy (SP) (pp. 770–787).
Farrington, D. P., & Burrows, J. N. (1993). Did shoplifting really decrease? The British Journal of Criminology, 33, 57–69.
Geerken, M. R., & Gove, W. R. (1974). Deterrence: Some theoretical considerations. Law and Society Review, 9, 497.
Gibbs, J. (1975). Crime, punishment, and deterrence. New York: Elsevier Scientific Publishing Company.
Goodman, W. (2010). Cyber-deterrence: Tougher in theory than in practice? Strategic Studies Quarterly Fall, 102–135.
Gorwa, R., & Smeets, M. 2019. Cyber Conflict in Political Science: A Review of Methods and Literature. SocArXiv. July 25. https://doi.org/10.31235/osf.io/fc6sg
Guitton, C. (2012). Criminals and cyber attacks: The missing link between attribution and deterrence. International Journal of Cyber Criminology, 6(2), 1030.
Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers and Security, 32, 242–251.
Harknett, R. (1996). Information warfare and deterrence. Parameters, 26, 93–107.
Harknett, R., Callaghan, J., & Kauffman, R. (2010). Leaving deterrence behind: War-fighting and national cybersecurity. Journal of Homeland Security and Emergency Management, 7(1), 1–24.
Herath, T., & Rao, H. R. (2009a). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154–165.
Herath, T., & Rao, H. R. (2009b). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18, 106–125.
Holt, T. J. (2017). On the value of honeypots to produce policy recommendations. Criminology and Public Policy, 16(3), 739–747.
Holt, T. J., Kilger, M., Chiang, L., & Yang, C. (2017). Exploring the correlates of individual willingness to engage in ideologically motivated cyberattacks. Deviant Behavior, 38, 356–373.
Hovav, A., & D’Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the US and South Korea. Information and Management, 49, 99–110.
Hu, Q., Xu, Z., Dinev, T., & Ling, H. (2011). Does deterrence work in reducing information security policy abuse by employees? Communications of the ACM, 54, 54–60.
Hui, K. L., Kim, S. H., & Wang, Q. H. (2017). Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks. MIS Quarterly, 41(2), 497.
Iasiello, E. (2014). Is cyber-deterrence an illusory course of action? Journal of Strategic Security, 7(1), 54–67.
Jeffrey, C. R., Hunter, R. D., & Griswold, J. (1987). Crime prevention and computer analysis of convenience store robberies in Tallahassee. Florida Police Journal, 34, 65–69.
Jervis, R. (1979). Deterrence theory revisited. World Politics, 31(2), 289–324.
Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34, 549–566.
Kigerl, A. C. (2009). CAN SPAM act: An empirical analysis. International Journal of Cyber Criminology, 3(2), 566.
Kigerl, A. C. (2015). Evaluation of the CAN SPAM ACT: Testing deterrence and other influences of e-mail spammer legal compliance over time. Social Science Computer Review, 33(4), 440–458.
Kigerl, A. C. (2016). Deterring spammers: Impact assessment of the CAN SPAM act on email SPAM rates. Criminal Justice Policy Review, 27(8), 791–811.
Kigerl, A. C. (2018). Email SPAM origins: Does the CAN SPAM act shift spam beyond United States jurisdiction? Trends in Organized Crime, 21(1), 62–78.
Kostyuk, N., & Zhukov, Y. M. (2019). Invisible digital front: Can cyberattacks shape battlefield events? Journal of Conflict Resolution, 63(2), 317–347.
Krebs, B. (2014). Spam nation: The inside story of organized cybercrime-from global epidemic to your front door. Naperville: Sourcebooks, Inc.
Lessig, L. (2009). Code 2.0. Seattle: Amazon CreateSpace Publishing.
Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635–645.
Libicki, M. C. (2009). Cyber-deterrence and cyberwar. Santa Monica: Rand Corporation.
Lupovici, A. (2011). Cyber warfare and deterrence: Trends and challenges in research. Military and Strategic Affairs, 3(3), 49–62.
Maimon, D., & Louderback, E. R. (2019). Cyber-dependent crimes: an interdisciplinary review. Annual Review of Criminology. 1–26
Maimon, D., Antonaccio, O., & French, M. T. (2012). Severe sanctions, easy choice? Investigating the role of school sanctions in preventing adolescent violent offending. Criminology, 50(2), 495–524.
Maimon, D., Alper, M., Sobesto, B., & Culkier, M. (2014). Restrictive deterrent effects of a warning banner in an attacked computer system. Criminology, 52, 33–59.
Maimon, D., Becker, M., Patil, S., & Katz, J. (2017). Self-protective behaviors over public WiFi networks. In The {LASER} workshop: Learning from authoritative security experiment results ({LASER} 2017) (pp. 69–76). Usenix Association.
Maimon, D., Testa, A., Sobesto, B., Cukier, M., & Ren, W. (2019). Predictably Deterrable? The case of system trespassers. In International conference on security, privacy and anonymity in computation, communication and storage (pp. 317–330). Cham: Springer.
Mayer, J. (2015). Cybercrime litigation. University of Pennsylvania Law Review, 164, 1453.
McGuire, M., & Dowling, S. (2013). *Cyber-crime: A review of the evidence summary of key findings and implications [https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/246749/horr75-summary.pdf]*. Home Office Research Report 75, Home Office, United Kingdom.
Milne, S., Sheeran, P., & Orbell, S. (2000). Prediction and intervention in health-related behavior: A meta-analytic review of protection motivation theory. Journal of Applied Social Psychology, 30(1), 106–143.
Mohammadzadeh, H., Mansoori, M., & Welch, I. (2013). Evaluation of fingerprinting techniques and a windows-based dynamic honeypot. In Proceedings of the eleventh Australasian information security conference-Volume 138 (pp. 59–66). Australian Computer Society, Inc.
Morris, R. G., & Blackburn, A. G. (2009). Cracking the code: An empirical exploration of social learning theory and computer crime. Journal of Crime and Justice, 32(1), 1–34.
Nagin, D. S. (1998). Criminal deterrence research at the outset of the twenty-first century. Crime and Justice, 23, 1–42.
Nagin, D. S. (2013). Deterrence: A review of the evidence by a criminologist for economists. Annual Review of Economy, 5(1), 83–105.
Nye, J. S., Jr. (2017). Deterrence and dissuasion in cyberspace. International Security, 41(3), 44–71.
Paternoster, R. (1987). The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues. Justice Quarterly, 4(2), 173–217.
Paternoster, R. (2010). How much do we really know about criminal deterrence. Journal of Criminal Law and Criminology, 100, 765.
Pratt, T. C., Cullen, F. T., Blevins, K. R., Daigle, L. E., & Madensen, T. D. (2006). The empirical status of deterrence theory: A meta-analysis. Taking Stock: The Status of Criminological Theory, 15, 367–396.
Quackenbush, S. L. (2011). Deterrence theory: Where do we stand? Review of International Studies, 37(2), 741–762.
Rezaeirad, M., Farinholt, B., Dharmdasani, H., Pearce, P., Levchenko, K. & McCoy, D. (2018). Schrödinger’s {RAT}: Profiling the stakeholders in the remote access trojan ecosystem. In 27th {USENIX} security symposium ({USENIX} Security 18) (pp. 1043–1060).
Rid, T., & Buchanan, B. (2015). Attributing cyberattacks. Journal of Strategic Studies, 38(1–2), 4–37.
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Personality, 91, 93–114.
Rogers, R. W. (1983). Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protection motivation. In Social psychophysiology: A sourcebook (pp. 153–176). New York: Guilford Press.
Schelling, T. C. (1966). Arms and influence. New Haven: Yale University Press.
Schelling, T. (1980). The Strategy of Conflict, 1960. Harvard University.
Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management 46.5: 267–270.
Siponen, M., Pahnila, S., & Mahmood, M. A. (2010). Compliance with information security policies: An empirical investigation. Computer, 43, 64–71.
Skinner, W. F., & Fream, A. M. (1997). A social learning theory analysis of computer crime among college students. Journal of Research in Crime and Delinquency, 34, 495–518.
Sloan-Howitt, M., & Kelling, G. L. (1990). Subway graffiti in new York City: Gettin’up vs. meanin’it and cleanin’it. Security Journal, 1, 131–136.
Snyder, G. H. (1961). Deterrence and defense. Princeton: Princeton University Press.
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance: A systematic review of quantitative studies. Information Management and Computer Security, 22(1), 42–75.
Stafford, M. C., & Warr, M. (1993). A reconceptualization of general and specific deterrence. Journal of Research in Crime and Delinquency, 30(2), 123–135.
Stockman, M., Heile, R., & Rein, A. (2015). An open-source honeynet system to study system banner message effects on hackers. In Proceedings of the 4th annual ACM conference on research in information technology (pp. 19–22).
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. NIST Special Publication, 800, 30.
Taddeo, M. (2018). The limits of deterrence theory in cyberspace. Philosophy and Technology, 31(3), 339–355.
Testa, A., Maimon, D., Sobesto, B., & Cukier, M. (2017). Illegal roaming and file manipulation on target computers: Assessing the effect of sanction threats on system trespassers’ online behaviors. Criminology and Public Policy, 16, 687–724.
Tor, U. (2017). Cumulative deterrence as a new paradigm for cyber-deterrence. Journal of Strategic Studies, 40(1–2), 92–117.
Torres, J. M., Sarriegi, J. M., Santos, J., & Serrano, N. (2006, August). Managing information systems security: critical success factors and indicators to measure effectiveness. In International Conference on Information Security (pp. 530-545). Springer, Berlin, Heidelberg.
Valeriano, B., & Maness, R. C. (2014). The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research, 51(3), 347–360.
Waldrop, M. M. (2016). How to hack the hackers: The human side of cybercrime. Nature News, 533(7602), 164.
Willison, R., Lowry, P. B., & Paternoster, R. (2018). A tale of two deterrents: Considering the role of absolute and restrictive deterrence to inspire new directions in behavioral and organizational security research. A Tale of two deterrents: Considering the role of absolute and restrictive deterrence in inspiring new directions in behavioral and organizational security. Journal of the Association for Information Systems (JAIS), 19(12), 1187–1216.
Wilner, A. S. (2019). US cyber-deterrence: Practice guiding theory. Journal of Strategic Studies, 1–36.
Wilson, T., Maimon, D., Sobesto, B., & Cukier, M. (2015). The effect of a surveillance banner in an attacked computer system: Additional evidence for the relevance of restrictive deterrence in cyberspace. Journal of Research in Crime and Delinquency, 52, 829–855.
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24, 2799–2816.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Author(s)
About this entry
Cite this entry
Maimon, D. (2020). Deterrence in Cyberspace: An Interdisciplinary Review of the Empirical Literature. In: Holt, T., Bossler, A. (eds) The Palgrave Handbook of International Cybercrime and Cyberdeviance. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-78440-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-78440-3_24
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-319-78439-7
Online ISBN: 978-3-319-78440-3
eBook Packages: Law and CriminologyReference Module Humanities and Social SciencesReference Module Business, Economics and Social Sciences