De Montfort University Dubai

Name: Ismail Limbada

Student No: P2768549
Topic : The Role of Routine Activity Theory
in Understanding the Surge of Cybercrime
During COVID-19
Introduction

The COVID-19 pandemic has acted as a catalyst for a surge in cybercrime activities globally.
This unprecedented event has not only reshaped societal norms and routines but has also
introduced new vulnerabilities in the digital landscape, leading to an increase in cyber threats.
Understanding the dynamics of this surge requires a comprehensive analysis that integrates
both theoretical frameworks and empirical evidence. One such theoretical lens that offers
valuable insights into the rise of cybercrime during COVID-19 is the Routine Activity Theory
(RAT).

Theoretical Framework: Routine Activity Theory

Proposed by Cohen and Felson in 1979, the Routine Activity Theory (RAT) provides a
framework for understanding the occurrence of crime based on the convergence of three key
elements: a motivated offender, a suitable target, and the absence of a capable guardian
(Cohen & Felson, 1979). According to this theory, crime is not solely determined by
individual characteristics or motivations but is also influenced by the routine activities and
daily patterns of individuals and society at large.

Application of Routine Activity Theory to Cybercrime

When applying the Routine Activity Theory to cybercrime, it is essential to adapt the
framework to the unique characteristics of the digital environment. In the context of the
COVID-19 pandemic, the widespread adoption of remote work, increased reliance on digital
communication platforms, and shifts in online behaviors have altered routine activities,
creating new opportunities for cybercriminals.

1. Motivated Offender: In the digital realm, motivated offenders encompass a diverse range
of actors, including individual hackers, organized cybercrime groups, and state-sponsored
entities. The COVID-19 pandemic has exacerbated existing motivations for cybercrime, such
as financial gain, ideological motives, and geopolitical tensions. For example, the economic
downturn caused by the pandemic has driven individuals and groups to engage in
cybercrimes, such as phishing scams and ransomware attacks, as a means of financial
survival (Baele et al., 2020).

2. Suitable Target: The suitability of targets for cybercrime is influenced by factors such as
the availability of valuable information, weak cybersecurity measures, and vulnerabilities in
digital infrastructure. During the COVID-19 pandemic, the rapid transition to remote work
and online learning has expanded the attack surface for cybercriminals. Home networks,
often less secure than corporate environments, have become prime targets for cyber attacks,
ranging from malware infections to identity theft (UNODC, 2021).

3. Absence of Capable Guardian: Traditional guardianship mechanisms, such as physical

security measures and law enforcement presence, are less applicable in the digital realm.
Instead, the role of capable guardianship in preventing cybercrime falls primarily on
cybersecurity measures, awareness programs, and regulatory frameworks. However, the
COVID-19 pandemic has strained these guardianship mechanisms, as organizations grapple
with resource constraints, workforce disruptions, and increased cyber threats (Baele et al.,
2020).

Key Factors Contributing to the Surge of Cybercrime During COVID-19

The application of Routine Activity Theory to cybercrime during the COVID-19 pandemic
reveals several key factors that have contributed to the surge in cyber threats:

1. Remote Work and Digital Transformation

The widespread adoption of remote work and digital transformation initiatives has
fundamentally altered the way individuals and organizations conduct their routine activities.
While these changes have brought about numerous benefits in terms of flexibility and
efficiency, they have also introduced new vulnerabilities in cybersecurity. Remote workers
often use personal devices and unsecured networks, making them more susceptible to cyber
attacks such as phishing and malware infections (UNODC, 2021).
2. Heightened Fear and Uncertainty

The COVID-19 pandemic has generated widespread fear and uncertainty, providing fertile
ground for cybercriminals to exploit. Phishing attacks, in particular, have capitalized on
themes related to the pandemic, such as fake vaccine offers, COVID-19 information scams,
and fraudulent charity appeals (APWG, 2021). The emotional and psychological impact of
the pandemic has made individuals more susceptible to social engineering tactics used by
cybercriminals to manipulate and deceive their victims.

3. Overwhelmed Healthcare Systems

Healthcare institutions and medical research facilities have been prime targets for cyber
attacks during the COVID-19 pandemic. Ransomware attacks on hospitals, clinics, and
pharmaceutical companies have disrupted critical healthcare services and delayed medical
research efforts (Check Point Research, 2021). The overwhelming demands placed on
healthcare systems by the pandemic have made it challenging for organizations to allocate
resources to cybersecurity measures, leaving them vulnerable to exploitation by
cybercriminals.

4. Disruption of Supply Chains

The COVID-19 pandemic has caused widespread disruption to global supply chains, creating
opportunities for cybercriminals to exploit vulnerabilities in logistics and distribution
networks. Ransomware attacks targeting supply chain companies have led to disruptions in
the delivery of essential goods and services, exacerbating the socio-economic impact of the
pandemic (Check Point Research, 2021). The interconnected nature of modern supply chains
has magnified the ripple effects of cyber attacks, highlighting the need for enhanced
cybersecurity measures across industries.

Strengths and Limitations of Routine Activity Theory in Explaining the

Surge of Cybercrime During COVID-19
Strengths:

Situational Analysis: The Routine Activity Theory provides a comprehensive framework for
conducting situational analyses of cybercrime, taking into account the interactions between
offenders, targets, and guardians in specific contexts (Holt & Bossler, 2021).

Practical Applications: The theory offers practical insights for developing preventive
measures and interventions to mitigate cyber threats, such as improving cybersecurity
awareness, strengthening regulatory frameworks, and enhancing organizational resilience
(Holt & Bossler, 2021).

Limitations:

Technological Complexity: The digital landscape is characterized by rapid technological

advancements and evolving cyber threats, which may not always align with the assumptions
and premises of the Routine Activity Theory (Holt & Bossler, 2021).

Human Factor: The theory tends to oversimplify the role of human factors, such as cognitive
biases, social dynamics, and cultural influences, in shaping cybercriminal behavior (Holt &
Bossler, 2021).

Conclusion

In conclusion, the surge of cybercrime during the COVID-19 pandemic can be attributed to a
complex interplay of factors, including changes in routine activities, heightened fear and
uncertainty, overwhelmed healthcare systems, and disruption of supply chains. By applying
the Routine Activity Theory to cybercrime, we gain valuable insights into the dynamics of
cyber threats and the vulnerabilities introduced by the pandemic-induced changes in daily
routines. However, it is essential to recognize the limitations of the theory and complement it
with a broader understanding of the socio-technical factors influencing cybercriminal
behavior. Moving forward, policymakers, organizations, and individuals must adopt a
multifaceted approach to cybersecurity that integrates both theoretical frameworks and
empirical evidence to effectively mitigate the risks posed by cybercrime in the post-pandemic
era.

Recommendations for Mitigating Cyber Threats in the Post-Pandemic Era

The surge of cybercrime during the COVID-19 pandemic has underscored the critical need
for robust cybersecurity measures to protect individuals, organizations, and society at large.
As we navigate the post-pandemic era, it is imperative to implement proactive strategies and
interventions to mitigate cyber threats effectively. Drawing on insights from the Routine
Activity Theory and empirical evidence, the following recommendations are proposed to
address the escalating cyber risks:

1. Enhance Cybersecurity Awareness and Education

Investing in cybersecurity awareness and education programs is essential for empowering

individuals to recognize and respond to cyber threats effectively. By educating employees,
students, and the general public about common cyber risks, best practices for online safety,
and the importance of cybersecurity hygiene, we can strengthen the human firewall against
cyber attacks (Singer & Friedman, 2020). Moreover, incorporating cybersecurity training into
school curricula and professional development programs can cultivate a cyber-aware
workforce capable of identifying and mitigating emerging cyber threats.

2. Strengthen Cyber Resilience and Incident Response Capabilities

Organizations must prioritize the development of cyber resilience and incident response
capabilities to effectively detect, respond to, and recover from cyber attacks. This involves
establishing robust cybersecurity policies and procedures, conducting regular risk
assessments and vulnerability scans, and implementing incident response plans (NIST, 2020).
By investing in advanced threat detection technologies, such as intrusion detection systems
and security information and event management (SIEM) solutions, organizations can enhance
their ability to detect and mitigate cyber threats in real-time (NIST, 2020). Additionally,
fostering collaboration and information sharing among public and private sector entities can
facilitate a coordinated response to cyber incidents and enhance collective cyber resilience.

3. Implement Multi-Layered Defense Mechanisms

Adopting a multi-layered approach to cybersecurity is critical for mitigating cyber threats

across multiple attack vectors. This involves deploying a combination of preventive,
detective, and corrective security controls to safeguard critical assets and infrastructure
(NIST, 2020). For example, organizations can implement endpoint protection solutions, such
as antivirus software and endpoint detection and response (EDR) platforms, to prevent
malware infections and unauthorized access to endpoints (NIST, 2020). Additionally,
leveraging network segmentation, encryption, and access controls can help minimize the
impact of cyber attacks and limit lateral movement within IT environments (NIST, 2020).

4. Foster Public-Private Partnerships

Collaboration between government agencies, industry partners, and cybersecurity experts is

essential for addressing complex cyber threats and enhancing national cybersecurity
resilience. By fostering public-private partnerships, governments can leverage the expertise
and resources of the private sector to develop and implement effective cybersecurity policies,
regulations, and initiatives (Singer & Friedman, 2020). Moreover, establishing information-
sharing mechanisms, such as threat intelligence sharing platforms and cyber fusion centers,
can facilitate timely exchange of actionable threat intelligence and enhance collective cyber
defense capabilities (Singer & Friedman, 2020).

5. Promote International Cooperation and Cyber Diplomacy

Cyber threats are inherently transnational in nature, requiring coordinated international efforts
to effectively address them. Through diplomatic channels and multilateral frameworks,
governments can engage in cyber diplomacy to promote norms of responsible state behavior
in cyberspace and deter malicious cyber activities (Singer & Friedman, 2020). Additionally,
participating in international cybersecurity initiatives, such as the Budapest Convention on
Cybercrime and the Paris Call for Trust and Security in Cyberspace, can help build consensus
around shared cybersecurity principles and norms (Singer & Friedman, 2020).

Conclusion

The rise of cybercrime during the COVID-19 pandemic has highlighted the urgent need for
comprehensive strategies and interventions to mitigate cyber threats in the post-pandemic era.
By leveraging insights from the Routine Activity Theory and empirical evidence, the
recommendations outlined above offer practical guidance for strengthening cybersecurity
resilience and enhancing collective defense against cyber attacks. Moving forward,
policymakers, organizations, and individuals must prioritize cybersecurity as a strategic
imperative and invest in proactive measures to safeguard digital infrastructure, protect
sensitive data, and preserve the integrity of cyberspace.

References

1. Anti-Phishing Working Group. (2021). Global phishing survey: Trends and domain
name use in 2020. Retrieved from
https://apwg.org/reports/APWG_Global_Phishing_Report_2020-2021.pdf
2. Check Point Research. (2021). Cyberattack trends: Mid-year report 2021. Retrieved
from
https://research.checkpoint.com/wp-content/uploads/2021/07/CPR_2021_MidYear_R
eport.pdf
3. Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine
activity approach. American Sociological Review, 44(4), 588-608.
https://www.researchgate.net/publication/286923434_Applying_Routine_Activity_Th
eory_to_Cybercrime_A_Theoretical_and_Empirical_Analysis
4. Holt, T. J., & Bossler, A. M. (2021). Cybercrime in progress: Theory and prevention
of technology-enabled offenses (2nd ed.). Routledge.
https://www.researchgate.net/publication/258189987_Routine_Activity_Theory_and_
the_Determinants_of_High_Cybercrime_Countries
5. (No date a) Routine activity theory factsheet. Available at:
https://www.crimeprevention.nsw.gov.au/Documents/routine_activity_factsheet_nov2
014.pdf (Accessed: 25 February 2024).
6. (No date b) Examining the applicability of lifestyle-routine activities theory ...
Available at: https://www.tandfonline.com/doi/abs/10.1080/01639620701876577
(Accessed: 25 February 2024).
7. (No date c) Routine activity theory and the determinants of high cybercrime ...
Available at: https://journals.sagepub.com/doi/abs/10.1177/0894439311422689
(Accessed: 25 February 2024).
8. (No date d) Full article: Applying routine activity theory to cybercrime: A ... Available
at: https://www.tandfonline.com/doi/full/10.1080/01639625.2015.1012409 (Accessed:
25 February 2024).
9. Understanding the cyber-victimization of young people: A test of routine activities
theory, Telematics and Informatics Reports. Available at:
https://www.sciencedirect.com/science/article/pii/S2772503023000026 (Accessed: 25
February 2024).
10. Hawdon, J., Parti, K. and Dearden, T.E. (2020) Cybercrime in America amid covid-
19: The initial results from a natural experiment, American journal of criminal
justice : AJCJ. Available at: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7286417/
(Accessed: 25 February 2024).
11. (No date a) Radware bot manager Captcha. Available at:
https://iopscience.iop.org/article/10.1088/1742-6596/1828/1/012107/pdf (Accessed:
25 February 2024).