The Strategic Approach to Countering Cybercrime (SACC) framework

Cybercrime is a significant global problem that is escalating in frequency and severity, posing a serious threat not just to individuals and corporations, but to prosperity and security around the world. To illustrate the threat, the cost of cybercrime to the global economy is projected to reach $13.8 trillion by 2028. Incidents such as the ransomware attacks against Colonial Pipeline in 2021 and Costa Rica in 2022 have reinforced the need for better responses to cybercrime at both national and international levels. This research paper presents a framework for a strategic approach to countering cybercrime (SACC). The SACC framework is designed to aid countries in developing tailored interventions to address their specific cybercrime challenges, identify existing gaps and leverage international best practices and support. It is also intended to facilitate structured discussions among policymakers and relevant agencies – e.g. interior, security and information and communications technology ministries – seeking to tackle cybercrime comprehensively and strategically. The framework provides an adaptable tool for practitioners addressing the evolving landscape of cybercrime threats, and is designed to allow for ongoing refinement of strategies through regular assessments and adjustments to existing plans. The SACC framework comprises five stages: strategy development; establishing enablers; establishing operational capability; tasking and prioritization; and evaluation. Emphasizing the importance of context, it acknowledges the diverse needs of countries in addressing cybercrime and considers factors such as economic conditions, legislative frameworks and the resources available. As well as presenting the framework itself, this paper offers three options for its deployment, offering flexibility to accommodate different contexts and preferences. These options include focus group methodology facilitated by independent experts; self-assessment by countries; and simulation exercises framing strategic dilemmas for stakeholders to address. During the framework’s development, the project team conducted a simulation exercise in Singapore, which explored ASEAN responses to cybercrime, the gaps and successes. The SACC framework has also been deployed by the Oceania Cyber Security Centre (OCSC), using focus group methodology, as part of the cyber maturity assessment for Fiji in February 2024. The framework helped OCSC to enhance data collection and broaden the investigative scope of its assessment.