Prof EFG Ajayi Urges The United Nations To Put In Place Cybercrimes Convention

To : Asian Law Students’ Association (ALSA).

Date : 22^nd January 2021.

Topic : Digital Information Security: The Prevention from Cybercrimes.

Dear Learning Colleagues,

Introduction:

Prof. EFG Ajayi,

One monstrous crime which the modern man cannot evade, is cybercrime; it is ubiquitous and so pervasive to the extent that, it is unavoidable at individual, corporate and governmental levels of the society.

Even though there is no globally acceptable definition for cybercrime, however, for the sake of ease of understanding, cybercrime is any illegal act perpetrated through the instrumentality of the Internet, in other words, it has been defined as crime committed over the Internet which might include hacking, defamation, copyright infringement and fraud.^[1]

Cybercrime also means any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them. [2]

What then is the Internet? It refers to the large system of connected computers around the world which people use to communicate with each other.[3] Such communications are between individuals, organizational or corporate and at, governmental levels.

The apposite question which a reasonable mind would ask at this juncture is: Can the modern man do without the Internet? The answer is affirmatively, in the negative. No.

In the light of foregoing introduction, it is necessary to state that in so far as mankind cannot do without the Internet, that is, the super highway of global communication, there is no way cybercrimes can be totally avoided. The internet and cybercrimes are like Siamese twins.

From the beginning, it is important to draw a line of distinction between computer crimes and cybercrimes, this is because, the two concepts are often used interchangeably, yet, they are distinctly different.

Computer crimes, are the criminal acts perpetrated with the use of a computer; stated in other words, computer crimes includes crimes committed against the computer hardware, the materials contained or associated with the computer which includes the software and data; typical examples of computer crimes includes but not limited to embezzlement, fraud, financial scams and hacking etc.

Cybercrimes is the umbrella term used to describe two distinct, but closely related criminal activities: cyber-dependent and cyber-enabled crimes,[4] the former are offences that can only be committed by using a computer, computer networks, or other form of ICT. These acts include the spread of viruses and other malicious software, and distributed denial of service (DDoS) attacks. Cyber-dependent crimes are primarily acts directed against computers or network resources, although there may be secondary outcomes from the attacks, such as fraud and the latter, cyber-enabled crimes, are traditional crimes that are increased in their scale or reach by the use of computers, computer networks or other ICT; this includes but not limited to fraud (including mass-marketing frauds, ‘phishing’ e-mails and other scams; online banking and e-commerce frauds); theft (including theft of personal information and identification-related data); and sexual offending against children (including grooming, and the possession, creation and / or distribution of sexual imagery).

From historical perspective, cybercrime was first recorded in year 1820, that is, over two centuries ago when one textile manufacturer, by name Joseph-Marie Jacquard of French extraction, invented the weaving loom; the machine made it possible for the serial steps duplication for special fabrics weaving. The said invention occasioned a reasonable trepidation of job loss on the part of Jacquard’s employees, and which said development, prompted the premeditated sabotage of the machine, so as to preserve their means of livelihood, and consequently prevent a further use of the invention, by Jacquard.[5]

Given the foregoing introduction and taking into cognizance when the first cybercrime was experienced, that is, over two hundred (200) years ago, it is manifestly clear that we cannot do without cybercrimes for computer usage and the internet are, indispensable to humanity. In other words, cybercrimes are akin to malignant growth (cancer) in human beings which are incurable, but can only be managed.

Motivation for cybercrimes

Aside from the global economic loss associated with cybercrimes, other consequences of cybercrimes includes but not limited to loss of intellectual property and sensitive data, opportunity costs, including service and employment disruptions, damages to the brand image and company reputation, penalties and compensatory payments to customers (for inconvenience or consequential loss), or contractual compensation (for delays, etc.), cost of countermeasures and insurance, cost of mitigation strategies and recovery from cyber-attacks, the loss of trade and competitiveness, distortion of trade and job loss. [6]

Having in the foregoing section brought to the fore, the impact of cybercrimes in terms of economic effects, as well as, other consequences, the apposite question that would naturally agitate the mind of a discerning person is: what are the motivations of cybercriminals regarding why they persist in their acts? This germane question is briefly addressed as hereunder:

2.1 The profit motive: Apparently is the first and main incentive which prompts cybercriminals to persist in their nefarious activities of infiltration or unauthorized interference with computers and network systems; profits accruing to cybercriminals are indeed huge; these losses to individuals, corporates, organizations and governments, are profits to cyber criminals, hence, profits arising from cybercrimes, is a very serious motivation.

2.2 Anonymity issue: The near impossibility or the difficulty associated with detection of cybercriminals is another major motivation; the Internet presents a wide range of freedom for all citizens of the world; and the lack of prerequisite of identification as to who is doing what, in the use of the telecommunications via the cyberspace, continue to thwart global efforts, targeted at tracking criminals and bringing them to justice; put differently, the likelihood of identifying cybercriminals when they have perpetrated their illegal activities, continue to be a motivation and same further embolden cybercriminals, to persist in their unlawful activities.

2.3 Competitors: Competitors provides a boost to cybercriminal activities by sponsoring attacks on one another, either by way of espionage to steal critical information relating to trade secrets, or the paralysis of competitor’s services, through distributed denial of service (DDoS).

2.4 Pleasure derivation: It should be stated that some cybercriminals are motivated not for pecuniary advantage, but purely for satisfaction or pleasure they derive in gaining unauthorized access into computers and computer networks; the mere fact that cybercriminals are able to gain access into computer systems believed to be safe and secure by the owners and operators, thereby revealing vulnerability, gives some cybercriminals, a triumphant feeling.

2.5 Protest manifestation. Finally, another variant of motivation for cybercriminals is a challenge or protest against computer systems, which is the outward manifestation of registration of disagreement or disapproval against owners or operators of computer system or network; this form or motivation is also more often than not, aimed at getting profit out cybercriminal activities.

Losses attributable to cybercrimes

3.1 Financial loss

A casual observer, might not easily understand the severity and financial implications of cybercrimes on global economy, however, it is interesting to note that the situation has been aptly described by Billionaire businessman and philanthropist Warren Buffet, as the number one problem with mankind, and cyber-attacks, a bigger threat to humanity, than nuclear weapons.

Further, it has been asserted by the World Economic Forum’s 2020 Global Risk Report that organized cybercrime organisations are working unison, and the probability of detection and prosecution is almost nil, but nonetheless estimated to be as negligible as 0.05 % in the United States, nay, it has been submitted that If cybercrimes were measured as a country, it is predicted that cybercrime would inflict damages totaling USD 6 Trillion globally in 2021, and that would be the world’s third-largest economy after the U.S. and China.[7]

A concise analytical submission has been offered with respect to time regarding cost of cybercrime globally as USD 190,000 a second, USD 11.4 Million a minute, USD 684.9 Million an hour, USD 16.4 Billion a day, USD 115.4 Billion a week, USD 500 Billion a month and USD 6 Trillion a year.[8]

A sectorial analysis of cost of cybercrime has been offered to the effect that, loss of information and disruption to businesses, emanating from cyber-attacks were found as fundamental cost drivers, irrespective of the cyber-attack type:

Malware: major consequence: Information Loss, average cost: $1.4M (54% of total losses); web-based attacks major consequence: Information Loss average cost: $1.4M (61% of total losses), Denial-of-Service (DOS) major consequence: Business Disruption
Average cost: $1.1M (65% of total losses); Malicious insiders, major consequences: Business Disruption and Information Loss, average cost: $1.2M ($0.6M each, 75% of total losses). In the year 2018, information loss and business disruption combined for over 75% of total business losses from cybercrime.[9]

3.2: Loss of goodwill

The losses attributable to cybercrimes by businesses occasioned by loss of goodwill, and the impact thereof, might not be easily discernable to a casual observer, but when a beneath-the-surface analysis is undertaken, it would be manifestly clear that this brand of loss is indeed colossal, though not immediately apparent.

Goodwill, is simply a reputation by a company that is built over a period of time, having consistently being a going concern; it is also the probability that old clients would come back as a result of good services offered by a company. Thus, the reputation a business builds over time, is an asset classified as intangible, since it cannot be physically seen or touched.

A definition of goodwill has been offered as the primary intangible asset of a company, generally comprised of reputation, contact networks, intellectual property, and branding. Although the assets have value, they cannot be physically inspected and are extremely illiquid.^[10] Goodwill in accounting terms, has been defined as the nontangible value of business, that is, the value of business over and above its tangible assets [11]

Whenever a going concern falls a victim of cybercrime, the effect that is immediately felt on the goodwill, that has been built over the years, is reputational damage; this is quickly noticeable by “consumer turn-away” evident by loss of current clientele and in some cases, the prospective ones, depending on the severity of the cyber-attack and the industry concerned; for example, it is on record that organizations in financial services and energy, feel the impact of cybercrime more than those in agriculture and healthcare, other effects of cyber-attacks with particular reference to loss of goodwill, includes drop in the stock market share as prospective investors, feel a natural apathy to invest in such companies or businesses; business trust and confidence are lost, ditto loss of competitive advantage . Even agents, contractors and job seekers etc. are dissuaded from associating with businesses publicly known, to have suffered from cyber incursions.

With particular reference to fall in share prices as a result of loss of goodwill after a cyber-attack, it has been opined that while companies fear reputational damage after cyber-attack, there has been little work to quantify it. Companies suffer reduced valuation after public reporting of their being hacked, usually in the form of a drop in stock prices. These losses can be significant – ranging from 1% to 5% – but appear not to be permanent. Stock prices usually recover by the next quarter. Recovery of stock prices may not be so quick if investors decide that there has been significant damage to a company’s intellectual property portfolio or if it sees a significant outflow of customers as a result. [12]

3.3: Loss of intellectual property

Intellectual property in the view of this conference, is the “brain child and product of endeavor, of the inventor,” more often than not, it is the final stage or outcome of concerted efforts whereof considerable amount of fund, time, energy and research is undertaken, to solve a specific human problem, or a challenge.

The World Intellectual Property Organization (WIPO) has defined intellectual property, hereinafter referred to as (IP) as the creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. IP is protected in law by, for example, patents, copyright and trademarks, which enable people to earn recognition or financial benefit from what they invented, or created. By striking the right balance between the interests of innovators and the wider public interest, the IP system aims to foster an environment, in which creativity and innovation could flourish. [13]

The infringement of intellectual property rights is not new; same started with books and later extended to practically all aspects of human endeavor, for a detailed account regarding piracy of books, see: The story of St. Columba: A modern copyright battle in sixth (6th) century Ireland. [14] See also attempts directed at codification of copyright laws by coming into force of The Statute of Anne [15] and the cases decided thereof such as Midwinter v. Hamilton, [16] which precipitated a period known as the Battle of the booksellers and case of Tonson v. Collins. [17]

At the international level, The Benne Convention [18] established One Hundred and Forty Nine (149) Years ago, is the first legal instrument and which document, has undergone several amendments.

To underscore the importance accorded to IP by sovereign nations at the global arena, was what culminated in the series of negotiations and the eventual coming into force, of the Trade Related Intellectual Property Rights (TRIPS) Agreement [19]

With reference to the impact of cybercrimes on IP, it is a settled fact that hitherto, various forms of infringements occur at personal, corporate, organization, multinational and sovereign states’ level, however, with the introduction of the Internet which makes access to information limitless and borderless, cyber criminals have capitalized on easy accessibility of the global information highway, the low cost involved thereof, anonymity of users and the inherent weaknesses of the extant laws, ditto the lack of enforcement of cyber laws, to wreak havoc on the IP rights of others.

One school of thought opines that: IP crime causes significant financial losses for rights holders and legitimate businesses around the world; undermines key U.S. comparative advantages in innovation and creativity and, where it involves products such as medicines or car parts, can pose risks to consumer health and safety. As with cybercrime, trade in counterfeit and pirated products fuels cross-border organized criminal networks and hinders the sustainable economic development of many countries. [20]

While the above view brings to the fore, the synopsis of the consequences of cybercrimes on IP, another school submits that cybercrime damages innovation. IP theft can range from paint formulas to rockets. The loss from IP theft is also the most difficult component of the cost of cybercrime to estimate. The actual value of intellectual property can be quite different from the research and development costs incurred, in creating it. Hackers can take a company’s product plans, its research results, and its customer lists, but the company may not even know that it has suffered loss. [21]

All the foregoing views, appears to encapsulate the effects of cybercrime on IP, but quantitatively, it has been documented that the most important loss from cybercrime is in the theft of IP and business confidential information, as this has the most significant economic implications. IP theft is a central problem for the information economy and is not limited to cybercrime. A US Department of Commerce report found that IP theft (all kinds, not just cybercrime) costs US companies $200 to $250 billion annually [22] while the Organization for Economic Development (OECD) estimated that counterfeiting and piracy, costs companies as much as $638 billion per year. [23]

At this juncture, it is necessary to remark that while the concept of state terrorism appears to have occupied the cynosure of international politics, little is heard of state sponsored IP theft, a practice that was at one time restricted to national boundaries, specifically targeting commercial outfits, but of late, it appears another flavor has been added to the theft of IP, thus the focus has shifted beyond states’ confines, and assumed international dimension whereby sovereign states, are now actively involved in state sponsored IP theft.

It has been alleged that more recently, some countries seem to use cyber espionage as a normal part of business. Cyber espionage by nation states to benefit their companies is a kind of state aid to those companies that is cheaper than traditional subsidies. This privatized espionage can be deployed against a much broader swath of companies. [24] One interview with intelligence officials told of a US furniture company being hacked and losing its IP, only to see furniture made from its designs, is being offered online to wholesalers.

There are similar stories involving efforts to use cyber techniques in attempts to acquire breakfast cereal recipes, running shoe designs, automobile part technologies, and soft drink formulas. These are not “strategic industries,” but their losses from cyber espionage can still be significant. The victim company still has access to the intellectual property. It has not lost the ability to make the product; what has in fact happened is that the hacked company, now faces a new competitor. The risk of this competition is increased if the new foreign competitor have access to other government subsidies that allow it to sell at a lower price, or if it is supported in its domestic market by barriers, that hamper outside companies, from competing.

In order draw curtains on the nexus between cybercrimes and IP, it is necessary to refer to the submission of Center for Strategic and International Studies, to the effect that, hacking to steal IP is an outgrowth of two larger problems: the vulnerable nature of the Internet and weak protections for IP in many countries. Putting the two together creates, a global problem. IP is a major source of competitive advantage for companies and for countries. The loss of IP means fewer jobs and fewer high-paying jobs in victim countries. The effect of IP theft is to subsidize competitors and hurt competitiveness. IP theft from cybercrime works against innovation and slows the global rate, of technological improvement.

3.4: Loss of confidential information and sensitive data

Business confidential information, is that which gives a competitive edge and is held as a trade secret, [25] it is private and more often than not, entrusted to the top management, such information is of high economic value and are not divulged to the public except where statutorily mandatory. Business confidential information, has been copiously defined as information which concerns or relates to the trade secrets, processes, operations, style of works, or apparatus, or to the production, sales, shipments, purchases, transfers, identification of customers, inventories, or amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or other organization, or other information of commercial value… The term “confidential business information” includes “proprietary information” [26]

3.5: Loss of sensitive data

Sensitive data, classified under business information refers to privileged or proprietary information that only certain people are allowed to see and that is therefore, not accessible to everyone. If sensitive information is lost or used in any way other than intended, the result can cause severe damages to the people or organization to which that information, belongs. Sensitive information may also be called a sensitive asset; examples of sensitive information with reference to going concerns are system vulnerability reports, pre-solicitation procurement documentation, including work statements, computer security deficiency reports. [27]

Like other facets of life, cybercriminals have infiltrated the data base of most companies and made illicit gains out of that enterprise; that the world has gone digital brooks no controversy, as a result, businesses rely on data lawfully generated from several sources, but these data, unfortunately, are illegally hacked whereof cybercriminals benefits by smiling their ways to the banks, while the hacked companies and global economy, suffer severe losses.

It is necessary to remark that data breaches – a variant of cybercrime, is not new in the cyber clime, it is just that same has recently attracted attention, given the huge losses arising thereof, it has been documented to the effect that, data breaches was tagged corporate account takeover, [28] an easily discernable concept, suggesting cybercriminals taking control and displacing legitimate management, and that same is costly and ranks among the fastest and most stealthy type of attack. Cybercriminals engaging in this activity, surreptitiously obtain an entity’s financial banking credentials, use software to hijack one of its computers remotely and steal funds from the entity’s bank account, often costing the entity thousands of dollars. [29]

Aside from the above generalization, it is on record as reported by AICPA that according to David Nelson, FDIC Cyber Fraud and Financial Crimes Section specialist, small – and mid-size businesses (SMBs) and their financial institutions, suffered about $120 million in losses due to electronic funds transfer fraud in the third quarter of 2009, up from about $85 Million from two years earlier. According to the FBI, November 2009 losses alone were about $100 Million. [30]

In summary, to underscore the negative consequences of data breaches on global trade and commerce, as well as, put same in perspicuity, it is pertinent to make reference to extracts of a research [31] which inter alia stated as hereunder that, 2014 will be remembered for such highly publicized mega breaches as Sony Pictures Entertainment and JPMorgan Chase & Co. Sony suffered a major online attack that resulted in employees’ personal data and corporate correspondence, being leaked. The JPMorgan Chase & Co. data breach affected 76 Million households and seven (7) Million small businesses.

In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber-attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices, of their organizations.

In one year’s study, 350 companies representing the following 11 countries participated: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia), and for the first time, Canada. All participating organizations experienced a data breach ranging from a low of approximately 2,200 to slightly more than 101,000 compromised records.

The three major reasons contributing to a higher cost of data breach in 2015: Cyber-attacks have increased in frequency and in the cost to remediate the consequences. The cost of data breaches due to malicious or criminal attacks increased from an average of $159 in last year’s study to $170 per record. Last year, these attacks represented 42 percent of root causes of a data breach and this increased to 47 percent of root causes in this year’s study.

The consequences of lost business are having a greater impact on the cost of data breach. Lost business has potentially the most severe financial consequences for an organization. The cost increased from a total average cost of $1.33 Million last year to $1.57 Million in 2015. This cost component includes the abnormal turnover of customers, increased customer acquisition activities, reputational losses and diminished goodwill. The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach, has contributed to the increase in lost business.

Data breach costs associated with detection and escalation increased. These costs typically include forensic and investigative activities, assessment and audit services, crisis team management and communications to executive management and board of directors. This total average cost increased from $.76 million last year to $.99 million in this year’s report.

Finally, the study under discuss found that the average global cost of data breach per lost or stolen record is $154. Hackers and criminal insiders cause the most data breaches and that Forty-seven (47) percent of all breaches in this year’s study, were caused by malicious or criminal attacks.

3.6: Opportunity cost of cybercrimes.

The term opportunity cost, is an economics term which calculates the cost of alternatives forgone, out of choices open to a business decision maker.

There are hosts of explanations as well as definitions of opportunity cost, but this conference adopts the business approach definition as: A benefit, profit, or value of something that must be given up to acquire or achieve something else. Since every resource (land, money, time, etc.) can be put to alternative uses, every action, choice, or decision has an associated opportunity cost.

Opportunity costs are fundamental costs in economics, and are used in computing cost- benefit analysis (CBA) of a project. Such costs, however, are not recorded in the account books but are recognized in decision making by computing the cash outlays, and their resulting profit or loss. [32]

When cybercriminals carry out their attacks on businesses, costs arising thereof are variously categorized, but this conference adopts three, namely, direct, indirect and opportunity costs; the last one which is the focus of this section, is not easily determinable, due to a host of factors, such as, lack of reliable data, [33] over and under reporting etc.

Conceptually, the opportunity cost of cybercrime could be viewed as a stone thrown into a still pool of water which generates ripples, in effect, when there is cyber-attack on a going concern, many consequences naturally follow – none of which is in the interest of the business owner, or the global trade and commerce.

Opportunity cost of cyber-attacks includes but not limited to slowed down or outright cessation of productivity, lost income and or profit which would have accrued to the business or a commercial outfit, had the cyber-attack not happened, the man-hour loss occasioned by truncated productivity which must be paid for by the business, the expenses, which as a matter of must, that must be committed to securing the network and which said cost or expenses, should have been usefully expended elsewhere, insurance costs, as well as, other incidental costs, arising out of the cyber-attack.

Another opportunity costs resulting from cyber-attacks is the erosion of the clienteles’ confidence in the victim company, which in turn engenders customer turn away [34]

The erosion of the Internet economy has been posited as fallout of cybercrimes and thus represents opportunity cost; it is submitted that the global telecommunications vehicle otherwise known as the Internet, generates about USD 3 Trillion in a year, a trend and share of the global economy that is expected to grow rapidly. It is estimated, cybercrimes extracts between 15% and 20% of the value created by the Internet, a heavy tax on the potential for economic growth and job creation and a share of revenue that is significantly larger than any other transnational criminal activity. [35]

Further, based on statistical evidence, it is contended that business demand for cyber security products is on the increase arising out of increased awareness of cyber security risks among firms; it is thus submitted that judging from the growth in cyber security spending, a sum of about USD 10 Billion is expended annually, this is beside the monetary losses from cybercrimes. [36] This is a preventive measure cost, which should have spent elsewhere.

At this juncture, it is pertinent to mention that one fundamental opportunity cost that is not given prominence in literature is the research and development drive by entrepreneurs’ that are dampened or lost, as a result of cyber-criminal activities. This particular sub-head of opportunity cost is a double edge sword that does global trade and commerce no good; on one hand, investors are highly discouraged to fund research because of theft by cybercriminals, of course, when there is absence of research and development, the society will most likely experience a state of stagnation, and rather than make advancements towards a better life for the overall good of the society, the cost of living skyrockets, and Human Development Index [37] plummets.

The other edge of stolen research and development efforts by cyber criminals, is that the recipient country, especially if cyber espionage is state sponsored, more often than not, rely entirely on stolen intellectual property and thus refuse to commit fund and efforts to independent research; by and large, this development serves as a discouragement and creates apathy towards innovative drives by the recipient country; in effect, the scale or proportion of opportunity cost with respect to research and development, escalates.

Recovery costs to put telecommunications systems back on track, after a cyber-attack represents a huge loss to businesses worldwide and same stands alone, because of its huge costs as a crucial setback to global trade and commerce; the theme, that is, recovery costs, shall be separately considered hereinafter, however, it is necessary to briefly mention that same constitute opportunity cost and which said cost, should ordinarily have been spent by going concerns for more useful purposes across the globe, were it that this a cybercrime free world.

3.7: Loss of employment opportunities.

The number of people who work to earn a living across the globe is reputed to be about half of the global population; with the world population estimated to be 7.3 Billion, [38] about 3 Billion people are said to be employed while 205 Million are unemployed. [39]

It is rather unfortunate that cybercrimes send more people to unemployment and the view held by this conference paper is that, the increased number of unemployed people in the world is harbinger to the explosion of crimes in the society. The foregoing assertion is justified by the reasoning that, when cyber criminals launch attacks at business organizations, the operations of the businesses are truncated and depending on the severity of the cyber-attacks, especially if it persists, most employers would naturally severe the contractual employment relationship, with their employees.

It is pertinent to state that loss of job or employment opportunities, have overwhelming social-economic implications; on one hand, the employers are obligated to pay agreed salaries and or wages during the subsistence of cyber-attack, irrespective of the fact that they are denied the man-hours they are legally entitled from the employees, and contemporaneously, they are liable to provide work to a certain category of employees who might be robbed of the exercise of their distinctive competences, as a result of non-provision of work to the concerned employee(s). See William Hill Organization Limited v Tucker [40] and Blackadder v Ramsey Butchering Services Pty Ltd [41] where the courts respectively held that, under certain conditions, especially where the affected employee is highly trained, provision of work is invariably mandatory.

In other words, a somewhat onerous duty is imposed on the employer, in cases where employer(s) are under obligation to disclose and prevent cyber-attacks, as statutorily provided in some jurisdictions. [42]

In developing economies, the near-to or precise impact of cybercrimes on employment and its attendant implications on trade and commerce, might not be easily discernable or appreciated in terms of negative consequences, due to a myriad of factors, such as, low level of literacy, dearth of requisite data, low penetrate rate of e-commerce and the lack of wholesale adoption of telecommunications technologies, in business transactions.

For the developed countries, inter alia, it has been submitted that the germane issue of cybercrimes, has serious implications for employment. [43]

Further, that the effect of cybercrime is to shift employment away from jobs that create the most value. Even small changes in GDP can affect employment. In the United States alone, studies of how employment varies with export growth suggest that, the losses from cybercrime could cost as many as 200,000 American jobs, roughly a third of 1% decrease in employment for the US. [44]

Using European Union data, which found that 16.7 workers were employed per Million Euros in exports to the rest of the world, Europe could lose as many as 150,000 jobs due to cybercrime (adjusting for national differences in IP-intensive jobs), or about 0.6% of the total unemployed. [45]

These are not always a “net” loss if workers displaced by cyber espionage find other jobs, but if these jobs do not pay as well or better. If lost jobs are in manufacturing (and “the main engine for job creation”) [46] or other high-paying sectors, the effect of cybercrime is to shift workers from high-paying to low-paying jobs or unemployment. While translating cybercrime losses directly into job losses is not easy, the employment effect cannot be ignored.

The most important cost of cybercrime, however, comes from its damage to company performance and to national economies, [47] thus, if the foregoing assertion is unassailable, it means that cybercrimes have negative consequences, for global trade and commerce.

3.8: Cost of countermeasures and insurance

Like with other areas of human life whereof challenges and or problems arises, and means are found to mitigate such, countermeasures against cybercrimes are actions directed at containing the scourge of cybercrimes and cyber-espionage; and usually, such actions are mainly preventive. It should be added that while countermeasures are basically preventive, the taking of insurance cover against cybercrimes, is restorative based on the well settled principle of restituo intergrum [48]

A countermeasure against cybercrimes could take any form, and the underlying issue being that, a business concern must be security conscious and plan ahead for such known risks that are likely to happen. A robust definition has been ascribed to cyber-countermeasures as an action, process, technology, device, or system that serves to prevent or mitigate the effects of a cyber-attack against a computer, server, network or associated device. [49]

Countermeasures against cybercrimes, when critically assessed and or examined, could be seen as representing opportunity costs to businesses across the globe; the reason being that, the funds channeled into this venture, save the threats posed by cyber criminals in the form of network attacks, network abuse and malicious codes, ought to be used to address more useful and profitable alternatives, that are open to businesses.

Be that as it may, preventive measures against cybercrimes takes many forms and same can be broadly categorized as economic, technical, behavioral and legal; the economic countermeasures deals principally with Cost-Benefit Analysis (CBA) of increased security in relation to benefits derivable by putting cybercrimes at bay; technical measures are network based array of technological and systems engineering, targeted at securing a computer system, so that cyber criminals do not infiltrate a network; the behavioral measures is geared towards public enlightenments which educates the people and awakens their consciousness, to take precautionary measures against cybercrimes and finally, the legal measures, is the use of the instrumentality of the law to cause investigation, arrest, prosecution and prescription of punishment for cyber criminals.

With respect to costs incurred by businesses towards cybercrimes, which said costs are either classified as preventive or defense, several accounts exists; one published literature states that: Cyber-criminal infrastructure (including anti-virus expenditures, software patching, and ISP and end-user cleanup, anti-cybercrime defense cost to business generally and law enforcement services) amounts to USD 24.8 Billion. [50]

In the first quarter of 2014, Allied Business Intelligence (ABI) Research, a world leading technology and innovation outfit estimated that cyber security spending for critical infrastructure – the segments of defence, energy, financial, healthcare, ICT, public security, transport, and water and waste management – hit USD 46 Billion globally last year. [51]

According to a cyber-security report, security professionals are being hammered by a powerful combination of forces: As IT systems get more difficult to defend – more open, mobile and shared-cyber-threats are also evolving to more swiftly penetrate enterprise defenses.

Losses are occurring despite increased resources being directed at the security challenge -security budgets averaged $4.3 Million this year, a gain of 51 percent over 2012.

The 11th annual Global Information Security Survey, conducted by Pricewaterhouse Coopers and CSO found that despite many of the more than 9,600 execs surveyed saying that their organizations have increased IT security spending, the number of attacks they’re enduring and the costs of those attacks keeps rising. And not only are attacks increasing, but so are the costs per incident, with the average losses per incident up 23 percent year over year. The number of those reporting losses of greater than 10 million per incident is up 75 percent from just two years ago. [52]

In not too distant a past, a staggering 90% of large businesses in the United Kingdom have reported they have suffered an information security breach, alongside 74% of small and medium-sized businesses. The average cost of the most severe online security breaches for big business can now reach £3.14 million ($4.8 million). It starts at £1.46 Million, up from £600,000 in 2014, according to published government to raise awareness of the growing cyber threat.

The average cost of security breaches for companies with more than 500 employees is between £1.46 Million and £3.14 Million, says the U.K.’s Department of Business, Innovation and Skills (BIS). For small and medium-sized businesses (SMEs), the average cost of the worst breach is between £75,000 and £310, 800. This is up from a worst case scenario on costs for SMEs of cyber security breaches of just £115,000 in 2014. [53]

For the current year, it is on record that as organizations worldwide become more and more aware of the risks posed by the lack of protection against cyber threats, information security spending will continue to increase. According to the IT research and advisory firm, global IT security spending will reach $71.1 Billion this year, which represents an increase of 7.9% compared to 2013. Next year, spending will grow even more, reaching $76.9 billion. [54]

All the foregoing accounts of efforts directed by businesses at securing networks, and the associated costs undoubtedly show that the challenges posed by cybercriminals is more than met the eyes; as the business world is devising strategies to contain the illegal activities of network intrusions, so are cybercriminals strengthening and perfecting their unlawful activities.

Given that all the technical preventive measures against cybercrimes are not infallible, at this juncture, it is necessary to address the issue of insurance cover, which is taken to mitigate the losses incidental with cybercrimes.

Insurance is used as instrument to cushion or lessen the effects of losses which are incidental to life; it provides financial protection against losses arising out of happening of uncertain events. The basic assumption is that insurance works on the principle of spreading risks or sharing of risks, such that the person insured is restored to his original position as much as possible (restituo intergrum). [55]

Conceptually, insurance can be viewed as an umbrella that provides shade in extreme tropical sun or as a protective covering against rain, thus in adverse climatic conditions, a person with an umbrella is better than others without umbrella, the analogy being drawn is that, a person who is insured is in a better position than a person who is not, in case uncertain event(s) happens. [56]

In cybercrime, any loss is a result of two factors: a cyber-attack and the failure of prevention mechanisms. Commercial general liability insurance protect against potential losses, such as, property damage, workers’ injury, or natural disasters but do not cover cybercrime risk for a few reasons: the concept of cybercrime risk is relatively new, and the majority of commercial insurance provides coverage for tangible assets. Therefore, insurers must offer a specialized insurance policy, to allow companies to transfer the risk arising from cybercrime. In order to calculate premium rates and process claims after a cybercrime attack, an insurer needs to estimate the cost of loss from a cybercrime incidence. Since it is not easy to estimate non-financial losses such as reputation loss, companies who purchase cybercrime insurance can only transfer the calculable financial loss risk to the insurer. [57]

At this juncture having delved into definitional concepts of cybercrimes, the motivation and costs incurred as a result of cybercrimes, it is necessary to turn to the theme of this conference to the effect that, what is digital information security?

Digital information describes information, music, an image, etc. that is recorded or broadcast using computer technology.[58] For the fact we are in the information age,[59] the concern across the globe, has to do with security of digital information.

In a bid to ensure the security of digital information since mankind cannot do without same, the prevention from cybercrimes could generally be broken down, for ease of analysis into:

Individual
Corporate / Organisational and
Governmental

At Individual level:

The following measures should carefully be taken into serious consideration to prevent cybercrimes:

The first and most important step is, online education
Use strong encrypted password, preferably not associated with your names or pets.
Ensure security of password and share same, with no one
Comply with ISP or Internet carrier instructions especially, in case of security breaches
Regularly update security information
Install strong well tested and trusted anti-virus
Install virtual private network (VPN)
Always use a full-service internet security site
As a precaution, always update your software
Ensure that private / personal information are locked down to avoid infiltration
Be alert and conscious of security breaches
Take immediate steps in case of security breaches such as alert companies and police
As a rule, do not download songs, videos or software from untrusted websites.
Click not on links received on random emails for possibility of being misdirected
Refuse to download attachments from suspicious emails

Corporate / Organizational level

At this level, practically all the measures advocated above are applicable but in addition, the following tips should be adopted.

Careful recruitment, selection and placement of employees
Constant training and development
Fair pay
Attractive and retaining terms and conditions of employment
Loyalty and or commitment incentives
Segment, encrypt, and have a backup for all sensitive data in case of breaches
Regularly update and patch all software
Put in place stringent nonnegotiable rules on corporate hard and software.
Implement system security plan (SSP)
Use additional security measure of Two-Factor Authentication
Implement invariable Sign-Off Policy
Outsource cyber security to experts
Invest in cyber security insurance

Governmental level

At this level, sovereign governments are saddled with:

Conceptualization, the development of cybercrime policy as well as the establishment of national cybercrime strategy
Policies and strategies coordination
Partake in international harmonization of cybercrime laws
Implementation of cybercrime policy
Coordination of cybercrime efforts at both regional and global levels for policy implementation
Identification of gaps in legislations and the remedying of the said gaps
Building of capacities and awareness of cybercrime-related issues and cybercrime prevention strategies
Foster global, regional and sub-regional cooperation and most importantly
Enactment and enforcement of cybercrime laws, standards and regulations

Of all the foregoing, the last role by governments, that is, the legislation and enforcement of cybercrime laws, is the most important, unfortunately, this obligatory role has not been well carried out by governments across the globe.

According to United Nations sources, there are 195 countries in the world today, out of the number, 193 countries are member states of the United Nations and 2 countries that are non-member observer countries are the Holy See and the State of Palestine.[60]

With respect to cybercrime legislation worldwide, it is on record that 80% have cybercrime legislation, 5% of the countries have draft legislation, 13% have no legislation whatsoever and 2% have no data at all. In the face of inadequate legislation regarding cybercrimes aside other issues, it has been asserted by UNCTAD that the evolving cybercrime landscape and resulting skills gaps are a significant challenge for law enforcement agencies and prosecutors, especially for cross-border enforcement.[61]

This speaker / author is of the view that, the absence of cybercrime laws in some countries given the sufferings incidental to same, at individual, corporate and governmental levels of the society, is a tactical endorsement and tantamount to aiding and abetting cybercrimes.

At the global level, there are fragmented laws dealing with cybercrimes. Examples includes but not limited to:

Council of Europe (CoE): Convention on Cybercrime 2001.

The Commonwealth: Model Law on Computer and Computer Related Crime, 2002

Draft Stanford Convention: International Convention to Enhance Protection from Cyber Crime and Terrorism, 2001

UN General Assembly resolution dealing with computer crime legislation 1990.

UN General Assembly resolution on combating the criminal misuse of information technology 2000 & 2002.

Geneva Declaration of Principles and the Geneva Plan of Action highlighting the importance of measures in the fight against cybercrime 2003.

Tunis Commitment and the Tunis Agenda for the Information Society 2005.

Currently, there is no one body of law specifically directed at cybercrimes regulation and of worldwide applicability.

Conclusion

To date, there are over 560 treaties[62] administered by the United Nations, covering different subjects which includes but not limited to human rights, environmental protection, disarmament etc., and in particular, crimes that are transnational in nature, such as, drug trafficking, arms trafficking, human trafficking; some crimes as a matter of fact, have not only treaties but permanent courts to try offenders, such as, genocide, crimes against humanity and war crimes.

The question posed by this conference as well as by other well-meaning individuals and organisations across the globe is: Why is it that there is no treaty for cybercrime given the consequences of same on humanity? It is heart breaking to note that the modern man cannot do without the computer and the Internet; the use of the computer and Internet lately has become indispensable because of Covid 19 pandemic, ravaging the whole world, unfortunately, there is no treaty to regulate these important human activities.

This conference paper notes that it is now nineteen (19) years when the “UN General Assembly resolution on combating the criminal misuse of information technology 2002” came into effect; the United Nations is hereby urged to expedite action and put in place a global treaty, that would regulate cybercrime worldwide.

This paper further notes that it is only a global treaty that could frontally address cybercrimes on the ground that, the Internet is only one jurisdiction and from anywhere around the world, any Internet user could sign on and gain access. In other words, no nation or region no matter how populous or powerful, could possibly legislate on the use of the Internet effectively.

While the United Nations is being called upon to quicken the coming into force, a global law that would govern the Internet, one crucial factor that must be borne in mind carefully is the identity of the cybercriminals.

The intractable anonymity issue:

The above has to do with the identity of cybercriminals, and remains one of the greatest hurdles militating against global efforts towards addressing the whirlwind of cybercrimes. As at today, there is no easy means of identifying who is doing what, and where a user of the Internet is situate at any point in time; the global information system is free and there is no prerequisite that needs to be fulfilled, before a user can login to connect with anyone on the Internet across the globe. Thus, the unfettered freedom of information and communication enables the cybercriminals to hide their identity using different telecommunications gadgets so as to make it impossible to trace the online Internet Protocol (IP) address of any user. Further, if the IP address of a cybercriminal were traced to a particular location, the next hurdle cannot be scaled as the identity of a cybercriminal is undisclosed to the owner or operator of Internet service provider. Several telecommunications gadgets, such as Psiphon, The Onion Router (Tor) etc. are used to shield the identity of Internet users and communication are often routed via many servers which further compounds the possibility of cybercriminals being traced. In effect, if the identities of criminals are incapable of being traced, how can the laws enacted to address cybercrimes work? The dictum of law Lord Denning in a celebrated case[63] to the effect that, it is a cardinal principle of Law that “You cannot place something on nothing and expect it to stand.” The point being emphasized here is that, in so far as the identities of cybercriminals remains elusive, no law, however well-crafted or intended can work, because the law does not work in vacuum; stated in another way, cybercrime laws were principally enacted to apprehend and prosecute cybercriminals, so, if the criminals are not identifiable, any law(s) put in place, is nothing but a nullity.

The treaty advocated for by this conference paper, should make it mandatory that whoever uses the Internet should disclose his/her identity and by so doing, the issue of anonymity would be a thing of the past.

This speaker / author is not persuaded by the campaign of human rights activists that the disclosure of identity of Internet user, is a violation of privacy rights; the unrepentant position taken here is that, if anyone is strongly opposed to his identity being disclosed, then, such person(s) should not use the Internet.

With profound respect to the conveners of this conference, I hereby declare that the world cannot achieve Digital Information Security without a treaty; this conference therefore strongly appeal to sovereign state governments of the world, the non-state actors, the NGOs, the International Law Commission of the United Nations, all stakeholders and United Nations President Hon. Volkan Bozkir, to timeously do the needful, in terms of making a treaty that would regulate the Internet and as a result, minimize cybercrimes.

Dear learning colleagues, I thank you for inviting me to this conference, for listening and remain

Yours faithfully

(Signed)

Prof. EFG Ajayi, BSc (Hons), MBA, MA, M. Intl Law, LL B, LL M, PhD, BL, FIIU.

Director of Academic Affairs

[1] Oxford Dictionary of Law, 5^th Edition p. 132

[2] Electronic Communications and Transactions Amendment Bill, 2012 South Africa

[3] Online Cambridge English Dictionary

[4] Mike McGuire (University of Surrey) and Samantha Dowling (Home Office Science): Cyber-crime: A review of the evidence. Summary of key findings and implications Home Office Research Report 75, Home Office, United Kingdom, October 2013

[5] https://www.coursehero.com/file/p49dnb8/In-1820-Joseph-Marie-Jacquard-a-textile-manufacturer-in-France-produced-the/

[6] Pierluigi Paganini: InfoSec Institute 2013 Cost of cybercrimes

[7] Steve Morgan Sausalito, California. – Nov. 13, 2020 /PRNewswire/. See generally https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/.

[8] Source Cyber-security ventures. Also see https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/.

[9] Iman Ghosh https://www.weforum.org/agenda/2019/11/cost-cybercrime-cybersecurity/.

[10] Black’s Law Dictionary Free Online Legal Dictionary 2nd Ed.

[11] Microsoft Encarta Dictionary

[12] The economic impact of cybercrime and cyber espionage Report Center for Strategic and International Studies See: www.mcafee.com/mx/…/reports/rp-economic-impact-cybercrime.pdf

[13] See http://www.wipo.int/about-ip/en/. Accessed 26^th May 2016

[14] Ruth Suehle: Red Hat’s Open Source http://opensource.com/law/11/6/story-st-columba-modern-copyright-battle-sixth-century-ireland.

[15] The Statute of Anne (Copyright Act) 1710 Laws of United Kingdom.

[16] (1743-1748) Arts & Humanities Research Council Primary Sources on Copyrights 1450-1900.

[17] (1762) 1 Black W. 321.

[18] (1886). The said Convention was thereafter re-negotiated in 1896 (Paris), 1908 (Berlin), 1928 (Rome),

1948 (Brussels), 1967 (Stockholm) and 1971 (Paris).

[19] The TRIPS Agreement signed in Marrakesh, Morocco on 15 April 1994.

[20] United States of America, Department of State: Cybercrime and Intellectual Property. See for full account: http://www.state.gov/j/inl/focus/combatting/cybercrime/.

[21] Net Losses: Estimating the Global Cost of Cybercrime. Economic impact of cybercrime II Center for Strategic and International Studies June 2014 p.12 www.mcafee.com/mx/resources/…/rp-economic-impact-cybercrime2.pdf

[22] “Stolen Intellectual Property Harms American Businesses Says Acting Deputy Secretary Blank,” The Commerce Blog, U.S. Department of Commerce, November 29, 2011, http://www.commerce.gov/blog/2011/11/29/stolen-intellectual-property-harms-american-businesses-says-acting-deputy-secretary-

[23] Robert J. Shapiro and Kevin A. Hassett, “The Economic Value of Intellectual Property,” Sonecon,

http://www.sonecon.com/docs/studies/IntellectualPropertyReport-October2005.pdf: 3.

[24] The economic impact of cybercrime and cyber espionage Report Centre for Strategic and International

Studies July 2013 p. 9-10.

[25] See Leontaritis v Nigerian Textile Mills Ltd (1967) NCLR 114 where trade secrets was explained as unique technique used by an employer to further and protect his business while a business connection consists of the clientele, their details among others. See also Plowman (GW) & Son v Ash (1964) 1 W.L.R. 568 where covenant in restraint of trade was granted with respect of trade secrets.

[26] 19 Code of Federal Regulations Section 201.6 Laws of USA.

[27] Techopedia https://www.techopedia.com/definition/25260/sensitive-information Accessed 31/11/2015.

See also Business Dictionary where business information has been defined as information which, if compromised through alteration, corruption, loss, misuse, or unauthorized disclosure, could cause serious harm to the organization owning it. It is also called sensitive asset
See: http://www.businessdictionary.com/definition/sensitive-information.html#ixzz3rL6SB63s.

[28] Singleton & Ursillo Jr., “Guard Against Cybertheft,” Journal of Accountancy, Vol. 210, No. 4 (October 2010), pp. 42-44, 46, 48-49.

[29] American Institute of Certified Public Accountant “The top five crimes” October 2013 p 9 See https://www.aicpa.org/…/ElectronicDataAnalysis/…/Top-5-CyberCrimes…

[30] Savage, Marcia, “FDIC: ACH Fraud Losses Climb Despite Drop in Overall Cyberfraud Losses,” Financial Security, March 8, 2010.

[31] 2015 Cost of Data Breach Study: Global Analysis Ponemon Institute, May 2015 Document Number: SEW03053WWEN See www.ibm.com/security/data-breach/.

[32] Opportunity cost http://www.businessdictionary.com/definition/opportunity-cost.html#ixzz3rYtSCXKR.

[33] The Economist “Measuring the cost of cybercrime” – The Economist Insights

See www.economistinsights.com/technology…cost-cybercrime/custom.

[34] See the European Commission Cybersecurity Strategy Document which inter alia found that almost a

third of Europeans are not confident in their ability to use the internet for banking or purchases and avoid

revealing personal information because of security concerns (the greatest fear is over identity theft for the

purposes of financial fraud). 2012 Special Eurobarometer 390 on Cybersecurity, http://ec.europa.eu/ public_opinion/archives/ebs/ebs_390_en.pdf See also A 2006 global survey taken by the International Telecommunication Union (ITU) as part of its campaign to play a greater role in cybersecurity, based on 400 respondents, which found at that time, that more than 40% of Internet users avoided some online transactions because of security concerns. The above stated references cited in Economic impact of cybercrime and cyber espionage. Center for Strategic and International Studies June 2013 pp. 21-13.

[35] Op cit. Net Losses: Estimating the Global Cost of Cybercrime. p.17 Seewww.mcafee.com/mx/resources/…/rp-economic-impact-cybercrime2.pdf

[36] Ibid 17

[37] The Human Development Index (HDI) is a statistical tool used to measure a country’s overall achievement in its social and economic dimensions.

Definition: The Human Development Index (HDI) is a statistical tool used to measure a country’s overall achievement in its social and economic dimensions. The social and economic dimensions of a country are based on the health of people, their level of education attainment and their standard of living.
Description: Pakistani economist Mahbub ul Haq created HDI in 1990 which was further used to measure the country’s development by the United Nations Development Program (UNDP). Calculation of the index combines four major indicators: life expectancy for health, expected years of schooling, mean of years of schooling for education and Gross National Income per capita for standard of living.
Every year UNDP ranks countries based on the HDI report released in their annual report. HDI is one of the best tools to keep track of the level of development of a country, as it combines all major social and economic indicators that are responsible for economic development.

See http://economictimes.indiatimes.com/definition/human-development-index. Accessed 17/11/2015.

[38] United Nations, Department of Economic and Social Affairs, Population Division. See http://esa.un.org/unpd/wpp/publications/files/key_findings_wpp_2015.pdf.

[39] International Labour Organization (ILO) See www.theguardian.com › News › Global economy.

[40] (1998) IRLR 313 where the Court of Appeal held that in considering the right to work, the court must look at the construction of the contract and the surrounding circumstances. In that particular case the court found that there was a right to work looking at the unique nature of the employee’s role, the skills involved in his job and whether those skills would atrophy through lack of use and the provisions of the particular contract of employment.

[41] (2005) HCA 22; here the decision of the court is that where a reinstatement order subsists, an employer must allocate work to the reinstated employee, further that, it was not sufficient to pay the employee the agreed emoluments without giving or requiring that employee to actually perform work.

[42] Australia, Canada, France, United Kingdom, United States of America etc.

[43] Economist Arthur Okun found that for every 1% increase in unemployment, GDP will be roughly 2%

lower and the law is named after him being the first person who measured the relationship between the two variables in the early 1960s. For full account, see Okun, Arthur M. ‘‘Potential GNP: Its Measurement and Significance,” in Proceedings of the Business and Economic Statistics Section of the American Statistical Association. Alexandria, VA: American Statistical Association, 1962, pp. 89-104. The law no longer holds sway as same appears to have changed since the Great Depression of the 1930s.

[44] International Trade Administration, “Jobs Supported by Exports: An Update,” March 12 2012,

http://www.trade.gov/mas/ian/build/groups/public/@tg_ian/documents/webcontent/tg_ian_003639.pdf

[45] N. Sousa, J. M. Rueda-Cantuche, I. Arto, and V. Andreoni, “Extra: EU Exports and Employment,”

Chief Economists Note, European Commission, Trade, Issue 2, 2012,

http://trade.ec.europa.eu/doclib/docs/2012/may/tradoc_149511.%202_24.05.2012.pdf. See also:

“Unemployment Statistics,” European Commission: Euro Stat, http://epp.eurostat.ec.europa.eu/statistics_

explained/index.php/Unemployment_statistics;epp.eurostat.ec.europa.eu/cache/3-31012014-AP-EN.PDF

[46] “Extra – EU Exports and Employment,” trade.ec.europa.eu/doclib/html/149511.htm

[47] Net Losses: op cit. p.3 References number 70-73 above also cited in the paper

[48] Latin: Restoration to original position per Oxford Dictionary of Law p. 431

[49] Course Hero: Unit 1 Discussion Common Data Threats and Cybercrimes IS4670 May 8 2015 https://www.coursehero.com/file/11449305/Unit-1-Discussion-1Common-Data-Threats-and-Cybercrimes/

[50] Peter Goldmann CFE The Fraud Examiner “Important new insights into the cost of cybercrime” July 2012. USD 24.8 figure is based on “Measuring the Cost of Cybercrime” by Ross Anderson University of Cambridge; Chris Barton; Rainer Boehme, University of Munster; Richard Clayton, University of Cambridge; Michel J.G. Van Eeten, Delft University of Technology; Michael Levi, Cardiff University; Tyler Moore, Southern Methodist University; and Stefan Savage, University of California, for details see:

http://www.acfe.com/fraud-examiner.aspx?id=4294974053.

[51] Stuart Corner, “Billions spent on cyber security and much of it “wasted”” The Sydney Morning Heraild IT Pro, April 3 2014 See http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140402-zqprb.html.

Art Gilliland, HP’s Senior Vice-President and General Manager, Enterprise Security, in view of apparent failure of defensive strategies against cybercrimes, commented that “We’re spending something like $US46 billion a year on cyber security but the percentage of breaches is increasing by 20 per cent per year and the cost of those breaches is increasing by 30 per cent.”

“We are not winning. We need to think about where we are spending our money and what we should be investing in.”

Gilliland said further that it was necessary to understand the “life cycle” of cyber-attacks and how they related to the cyber-crime ecosystem. He said attacks came in five stages: research, infiltration, discovery, capture, and exfiltration of information.

“Inevitably they will get in, but we’re spending 86 per cent of our security budget trying to stop them doing that and only 14 percent on the other stages of the attack life cycle.”

[52] George V. Hulme “Survey finds breaches and associated costs continue to rise” 5^th Nov. 2015.

See www.csoonline.com/…protection/cybersecurity-2014-breaches-and-costs.

[53] Dina Medland “U.K. Government Urges Action as Cost of Cyber Security Breaches Doubles” Forbes June 2 2015 See www.forbes.com/…/uk-government-urges-action-as-cost-of-cyber-securi.

[54] Eduard Kovacs “Global Cybersecurity Spending to Reach $76.9 Billion in 2015” Gartner August 25, 2014 See www.securityweek.com › Management & Strategy.

[55] EFG, Ajayi, Law of Insurance p.1.

[56] ibid p. 2

[57] Capgemini, Insurance “Using Insurance to mitigate cybercrime risk” p.9

[58] Online Cambridge Advanced Learners Dictionary, 3^rdEdition.

[59] The modern age regarded as a time in which information has become a commodity that is quickly and widely disseminated and easily available especially through the use of computer technology. See www.merriam-webster.com/dictionary/Information. Accessed 9^th January, 2021.

[60] See https://www.worldometers.info/geography/how-many-countries-are-there-in-the-world/.

[61] See https://unctad.org/page/cybercrime-legislation-worldwide

[62] Generally see United Nations website and in particular: https://www.google.com/search?q=total+number+of+united+nations+treaties&rlz=1C1RLNS_enKE696KE696&oq=total+number+of+united+nations+treaties.

[63] Benjamin Macfoy v United Africa Company Limited (1961) 3 All ER 1169.