Crime, Law and Social Change

, Volume 66, Issue 3, pp 313–338 | Cite as

Cybercrime and cybersecurity in India: causes, consequences and implications for the future

  • Nir Kshetri


Cybercrime is rising rapidly in India. Developing economies such as India face unique cybercrime risks. This paper examines cybercrime and cybersecurity in India. The literature on which this paper draws is diverse, encompassing the work of economists, criminologists, institutionalists and international relations theorists. We develop a framework that delineates the relationships of formal and informal institutions, various causes of prosperity and poverty and international relations related aspects with cybercrime and cybersecurity and apply it to analyze the cybercrime and cybersecurity situations in India. The findings suggest that developmental, institutional and international relations issues are significant to cybercrime and cybersecurity in developing countries.


Secondary Victimization Trade Association Informal Institution International Political Economy Money Mule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The author thanks four anonymous CRIS reviewers for their insightful comments.


  1. 1.
    KPMG (2014).Cybercrime survey report 2014. Retrieve from
  2. 2. (2012). India battles against cyber crime. Retrieved from
  3. 3.
    Rid, T. (2012). Think again: cyberwar. Foreign Policy, 192, 1–11.Google Scholar
  4. 4. (2012). ‘Spam capital’ India arrests six in phishing probe. Retrieved from
  5. 5.
    King, R. (2011). Cloud, mobile hacking more popular: Cisco. Retrieved from
  6. 6.
    Aaron, G., & Rasmussen, R. (2012). Global phishing survey: Trends and domain name use in 2H2011, APWG, Retrieved from
  7. 7.
    Kshetri, N. (2010). The economics of click fraud. IEEE Security and Privacy, 8(3), 45–53.CrossRefGoogle Scholar
  8. 8.
    Internet Crime Complaint Center (2011). 2010 internet crime report. Retrieved from
  9. 9.
    Kshetri, N. (2009). Positive externality, increasing returns and the rise in cybercrimes. Communications of the ACM, 52(12), 141–144.CrossRefGoogle Scholar
  10. 10. (2014). India’s biometric ID project is back on track. Retrieve from
  11. 11.
    Thomas, T.K. (2012). Govt will help fund buys of foreign firms with high-end cyber security tech. Retrieved from
  12. 12.
    Chockalingam, K. (2003). Criminal victimization in four major cities in southern India. Forum on Crime and Society, 3(1/2), 117–126.Google Scholar
  13. 13.
    Holtfreter, K., VanSlyke, S., & Blomberg, T. G. (2005). Sociolegal change in consumer fraud: from victim-offender interactions to global networks. Crime Law and Social Change, 44, 251–275.CrossRefGoogle Scholar
  14. 14.
    Kumar, J. (2006). Determining jurisdiction in cyberspace. The Social Science Research Network (SSRN).
  15. 15.
    Sharma, V. D. (2002). International crimes and universal jurisdiction. Indian Journal of International Law, 42(2), l39–l55.Google Scholar
  16. 16.
    Benson, M. L., Tamara D. M & John E. E. (2009). White-collar crime from an opportunity perspective. In S. S. Simpson & D. Weisburd (Eds.) The criminology of white-collar crime (pp 175–193). Heidelburg: Springer International Publishing.Google Scholar
  17. 17.
    Naylor, R. T. (2005). The rise and fall of the underground economy. Brown Journal of World Affairs, 11(2), 131–143.MathSciNetGoogle Scholar
  18. 18.
    Kshetri, N. (2013). Reliability, validity, comparability and practical utility of cybercrime-related data, metrics, and information. Information, 4(1), 117–123.CrossRefGoogle Scholar
  19. 19.
    Hindustan Times (2006). Securing the web. Google Scholar
  20. 20.
    Aggarwal, V. (2009). Cyber crime’s rampant. Express Computer. Retrieved 27 October, 2009,from
  21. 21.
    Narayan, V. (2010). Cyber criminals hit Esc key for 10 yrs.. Retrieved from
  22. 22.
    Hagan, J., & Parker, P. (1985). White-collar crime and punishment: class structure and legal sanctioning of securities violations. American Sociological Review, 50, 302–316.CrossRefGoogle Scholar
  23. 23.
    Pontell, H. N., Calavita, K., & Tillman, R. (1994). Corporate crime and criminal justice system capacity. Justice Quarterly, 11, 383–410.CrossRefGoogle Scholar
  24. 24.
    Shapiro, S. (1990). Collaring the crime, not the criminal: reconsidering the concept of white-collar crime. American Sociological Review, 55, 346–365.CrossRefGoogle Scholar
  25. 25.
    Tillman, R., Calavita, K., & Pontell, H. (1996). Criminalizing white-collar misconduct: determinants of prosecution in savings and loan fraud cases. Crime Law and Social Change, 26(1), 53–76.CrossRefGoogle Scholar
  26. 26.
    Kshetri, N. (2010). The global cybercrime industry: Economic, institutional and strategic perspectives. New York, Berlin and Heidelberg: Springer.CrossRefGoogle Scholar
  27. 27.
    Kshetri, N. (2010). Diffusion and effects of cybercrime in developing economies. Third World Quarterly, 31(7), 1057–1079.CrossRefGoogle Scholar
  28. 28.
    UNDP (2006). Country evaluation: Assessment of development results Honduras, New York: United Nations Development Programme Evaluation Office. Retrieved from
  29. 29.
    Tanaka, V. (2010). The ‘informal sector’ and the political economy of development. Public Choice, 145(1/20), 295–317. 23.CrossRefGoogle Scholar
  30. 30.
    Kshetri, N. (2015). India’s cybersecurity landscape: the roles of the private sector and public-private partnership. IEEE Security and Privacy, 13(3), 16–23.CrossRefGoogle Scholar
  31. 31.
    Bures, O. (2013). Public-private partnerships in the fight against terrorism? Crime Law and Social Change, 60(4), 429–455.CrossRefGoogle Scholar
  32. 32.
    Salifu, A. (2008). Can corruption and economic crime be controlled in developing economies - and if so, is the cost worth it? Journal of Money Laundering Control, 11(3), 273–283.CrossRefGoogle Scholar
  33. 33.
    Granovetter, M. (1985). Economic action and social structure: The problem of embeddedness. American Journal of Sociology, 91(3), 481–510.Google Scholar
  34. 34.
    Parto, S. (2005). Economic activity and institutions: Taking Stock, Journal of Economic Issues, 39(1), 21–52.Google Scholar
  35. 35.
    Baumol, W. J. (1990). Entrepreneurship: Productive, unproductive, and destructive. Journal of Political Economy 98(5), 893–921.Google Scholar
  36. 36.
    North, D. C. (1990). Institutions, institutional change and economic performance. Cambridge: Harvard University Press.CrossRefGoogle Scholar
  37. 37.
    Lewis, A. (1954). Economic development with unlimited supplies of labour. Manchester School of Economic and Social Studies, XXII (May 1954), 139–91.Google Scholar
  38. 38.
    Chenery, H. B. (1975). The structuralist approach to development policy. The American Economic Review, 65(2), Papers and Proceedings of the Eighty-seventh Annual Meeting of the American Economic Association, 310–316.Google Scholar
  39. 39.
    Acemoglu, D. (2005). Political economy of development and underdevelopment, Gaston Eyskens Lectures, Leuven, Department of Economics, Massachusetts Institute of Technology, Retrieved from
  40. 40.
    Acemoglu, D., Johnson,S., & Robinson.A.J. (2005). Institutions as a fundamental cause of long-run Growth, Handbook of Economic Growth, IA. Edited by Philippe Aghion and Steven N. Durlauf Elsevier B.V., Retrieved from
  41. 41.
    de Laiglesia, J. R. (2006). Institutional bottlenecks for agricultural development a stock-taking exercise based on evidence from Sub-Saharan Africa. OECD Development Centre Working Paper No. 248, Research programme on: Policy Analyses on the Institutional Requirements for Advancing Peace and Development in Sub-Saharan Africa, Retrieved from
  42. 42.
    Greif, A. (1994). Cultural beliefs and the organization of society: a historical and theoretical reflection on collectivist and individualist societies. Journal of Political Economy, 102, 912–950.CrossRefGoogle Scholar
  43. 43.
    Jones, E. L. (1981). The European miracle: Environments, economies, and geopolitics in the history of Europe and Asia. New York: Cambridge University Press.Google Scholar
  44. 44.
    Andreas, P. (2011). Illicit globalization: myths, misconceptions, and historical lessons. Political Science Quarterly, 126(3), 403–425.CrossRefGoogle Scholar
  45. 45.
    Kshetri, N. (2005). Pattern of global cyber war and crime: a conceptual framework. Journal of International Management, 11(4), 541–562.CrossRefGoogle Scholar
  46. 46.
    Roland, G. (2004). Understanding institutional change: fast-moving and slow-moving institutions. Studies in Comparative International Development, 28(4), 109–131.CrossRefGoogle Scholar
  47. 47.
    Cohen, W., & Levinthal, D. (1990). Absorptive capacity: a new perspective on learning and innovation. Administrative Science Quarterly, 35, 128–152.CrossRefGoogle Scholar
  48. 48.
    Dahlman, L., & Nelson, R. (1995). Social absorption capability, national innovation systems and economic development. In B. H. Koo & D. H. Perkins (Eds.), Social capability and long-term growth (pp. 82–122). Basingstoke: Macmillan Press.CrossRefGoogle Scholar
  49. 49.
    Niosi, J. (2008). Technology, development and innovation systems: an introduction. Journal of Development Studies, 44(5), 613–621.CrossRefGoogle Scholar
  50. 50.
    Kim, S. H., Wang, Q., & Ullrich, J. B. (2012). A comparative study of cyberattacks. Communications of the ACM, 55(3), 66–73.CrossRefGoogle Scholar
  51. 51.
    Hawser, A. (2011). Hidden threat. Global Finance, 25(2), 44.Google Scholar
  52. 52.
    Kirk, J. (2012). Microsoft finds new PCs in China preinstalled with malware. Retrieve from
  53. 53.
    Benson, M., Cullen, F., & Maakestad, W. (1990). Local prosecutors and corporate crime. Crime and Delinquency, 36, 356–372.CrossRefGoogle Scholar
  54. 54.
    Andreas, P., & Price, R. (2001). From war fighting to crime fighting: transforming the American National Security State. International Studies Review, 3(3), 31–52.CrossRefGoogle Scholar
  55. 55.
    Collins, A. (2003). Security and Southeast Asia: domestic, regional, and global issues. Lynne Rienner PubGoogle Scholar
  56. 56.
    Wenping, H. (2007). The balancing act of China’s Africa policy. China Security, 3 (3), summer, 32–40.Google Scholar
  57. 57.
    Kshetri, N. (2013). Cybercrime and cybersecurity in the global south. Houndmills, Basingstoke: Palgrave Macmillan.CrossRefGoogle Scholar
  58. 58.
    Kshetri, N. (2013). Cybercrimes in the former Soviet Union and Central and Eastern Europe: current status and key drivers. Crime Law and Social Change, 60(1), 39–65.CrossRefGoogle Scholar
  59. 59.
    Kshetri, N., & Dholakia, N. (2009). Professional and trade associations in a nascent and formative sector of a developing economy: a case study of the NASSCOM effect on the Indian offshoring industry. Journal of International Management, 15(2), 225–239.CrossRefGoogle Scholar
  60. 60.
    Oxley, J. E., & Yeung, B. (2001). E-commerce readiness: institutional environment and international competitiveness. Journal of International Business Studies, 32(4), 705–723.CrossRefGoogle Scholar
  61. 61.
    Sobel, A. C. (1999). State institutions, private incentives, global capital. Ann Arbor: University of Michigan Press.CrossRefGoogle Scholar
  62. 62.
    Lancaster, J. (2003). In India’s creaky court system, some wait decades for justice; 82- year-old man still fighting charges dating to 1963. The Washington Post 27.Google Scholar
  63. 63.
    Edelman, L. B., & Suchman, M. C. (1997). The legal environments of organizations. Annual Review of Sociology, 23, 479–515.CrossRefGoogle Scholar
  64. 64.
    Greenwood, R., & Hinings, C. R. (1996). Understanding radical organizational change: bringing together the old and the new institutionalism. Academy of Management Review, 21(4), 1022–1054.Google Scholar
  65. 65. (2014). History, Retrieve September 22, 2014, Retrieve from Cyber Appellate Tribunal, Government of India.
  66. 66.
    Singh, S.R. (2014). India’s only cyber appellate tribunal defunct since 2011. Retrieve from
  67. 67.
    Duggal, P. (2004). What’s wrong with our cyber laws? Retrieved from
  68. 68.
  69. 69.
    Nolen, S. (2012). India’s IT revolution doesn’t touch a government that runs on paper. The Globe and Mail (Canada), A1.Google Scholar
  70. 70. (2011b). Most Gurgaon IT, BPO companies victims of cybercrime: survey. Retrieved from
  71. 71.
    Rahman, F. (2012). Views: Tinker, tailor, soldier, cyber crook. Retrieved from
  72. 72. (2009). Nigerians held for internet fraud, May 28. Retrieved March 1, 2011 from
  73. 73. (2011a). Two including Nigerian held for job fraud. Retrieved from
  74. 74.
    Saha, T., & Srivastava, A. (2014). Indian women at risk in the cyber space: a conceptual model of reasons of victimization. International Journal of Cyber Criminology, 8(1), 57–67.Google Scholar
  75. 75. (2013). Government releases national cyber security policy 2013. Retrieve from
  76. 76.
    Doval, P. (2013). Govt orders security audit of IT infrastructure. Retrieve from
  77. 77.
    De Mooij, M. K. (1998). Global marketing and advertising: Understanding cultural paradoxes. CA: Sage.Google Scholar
  78. 78.
    The Economist. (2005). Business: busy signals; Indian call centres. The Economist, 376(8443), 66.Google Scholar
  79. 79.
    Mishra, B.R. (2010). Wipro unlikely to take fraud accused to court, Retrieved March 1, 2011, from
  80. 80.
    Phukan, S. (2002). IT ethics in the Internet age: New dimensions. InSITE. Retrieved October 27,2005, from
  81. 81.
    Sawant, N. (2009).Virtually speaking, crime in the city on an upward spiral, Times of India. Retrieved from, accessed 27 October 2009.
  82. 82.
    PRLog (2011). India Plans to set-up state-of-the-art information technology institute to combat cybercrime: India requires 2.5 lakh cyber specialists to deal with the menace of cybercrime. Retrieved from
  83. 83.
    Saraswathy, M. (2012). Wanted: ethical hackers. Retrieved from
  84. 84. (2012). Most Indians unaware of security solns: study. Retrieved from
  85. 85. (2012). Indian lawmakers filmed ‘watching porn on phone during assembly’ resign. Retrieved from
  86. 86.
    The World Bank Group (2014). Researchers in R&D (per million people). Retrieve from
  87. 87. (2008). Researchers? Only 156 per million in India. Retrieved from
  88. 88.
    Economictimes (2005). R&D in India: The curtain rises, the play has begun, August 24. Retrived August 11, 2011 from:
  89. 89.
    Shaftel, D., & Narayan, K. (2012). Call centre fraud opens new frontier in cybercrime. Retrieved September 1, 2016, from
  90. 90.
    Gardner, T. (2012). Indian call centres selling your credit card details and medical records for just 2p. Retrieved from
  91. 91. (2007). Imitate or die. .
  92. 92.
    Robinson, G. E. (1998). Elite cohesion, regime succession and political instability. Syria Middle East Policy, 5(4), 159–179.CrossRefGoogle Scholar
  93. 93.
    Kshetri, N. (2011). Cloud computing in the global south: drivers, effects and policy measures. Third World Quarterly, 32(6), 995–1012.CrossRefGoogle Scholar
  94. 94.
    Borland, J . (2010). A Four-Day Dive Into Stuxnet’s Heart, December 27. Retrieved 1 September 2016 from
  95. 95.
    Halsey, M. (2011). How is IE6 contributing to China’s growing Cyber-Crimewave? Retrieved from
  96. 96.
    Greenberg, A. (2007). The top countries for cybercrime. Retrieved April 9, 2008, from
  97. 97.
    Arnott, S. (2008). Cyber crime stays one step ahead. Retrieved October 27,2009, from
  98. 98.
    Paget, F. (2010). McAfee helps FTC, FBI in case against ‘scareware’ outfit. Retrieved January 26, 2011, from
  99. 99.
    Fest, G. (2005). Offshoring: feds take fresh look at India BPOs; major theft has raised more than a few eyebrows. Bank Technology News, 18(9), 1.Google Scholar
  100. 100.
    Engardio, P., Puliyenthuruthel, J., & Kripalani, M. (2004). Fortress India? Business Week, 3896, 42–43.Google Scholar
  101. 101.
    King, A. A., & Lenox, M. J. (2000). Industry self-regulation without sanctions: the chemical industry’s responsible care program. Academy of Management Journal, 43(4), 698–716.CrossRefGoogle Scholar
  102. 102.
    Vinogradova, E. (2006). Working around the state: contract enforcement in the Russian context. Socio-Economic Review, 4(3), 447–482.MathSciNetCrossRefGoogle Scholar
  103. 103.
    Walzer, M. (1993). Between nation and world: welcome to some new ideologies. The Economist, 328(7828), 49–52. September 11.Google Scholar
  104. 104.
    Greenwood, R., Suddaby, R., & Hinings, C. R. (2002). Theorizing change: the role of professional associations in the transformation of institutionalized fields. Academy of Management Journal, 45(1), 58–80.CrossRefGoogle Scholar
  105. 105.
    Marshall, R. S., Cordano, M., & Silverman, M. (2005). Exploring individual and institutional drivers of proactive environmentalism in the US wine industry. Business Strategy and the Environment, 14(2), 92–109.CrossRefGoogle Scholar
  106. 106.
    Ahlstrom, D., & Bruton, G. D. (2001). Learning from successful local private firms in China: establishing legitimacy. Academy of Management Executive, 15(4), 72–83.CrossRefGoogle Scholar
  107. 107.
    Scott, W.R. (1992). Organizations: Rational, natural and open systems. Prentice Hall.Google Scholar
  108. 108.
    Trombly, M. (2006). India tightens security. Insurance Networking & Data Management, 10(1), 9.Google Scholar
  109. 109.
    Dickson, M., BeShers, R., & Gupta, V. (2004). The impact of societal culture and industry on organizational culture: Theoretical explanations. In R. J. House, P. J. Hanges, M. Javidan, P. W. Dorfman, & V. Gupta (Eds.), Culture, leadership, and organizations: the GLOBE study of 62 societies. Thousand Oaks: Sage Publications.Google Scholar
  110. 110.
    Lawrence, T. B., Winn, M. I., & Jennings, P. D. (2001). The temporal dynamics of institutionalization. Academy of Management Review, 26(4), 624–644.Google Scholar
  111. 111.
    Audretsch, D., & Stephan, P. (1996). Company scientist locational links: the case of biotechnology. American Economic Review, 30, 641–652.Google Scholar
  112. 112.
    Feldman, M. (1999). The new economics of innovation, spillovers and agglomeration: a review of empirical studies. Economics of Innovation and New Technology, 8, 5–25.CrossRefGoogle Scholar
  113. 113.
    Niosi, J., & Banic, M. (2005). The evolution and performance of biotechnology regional systems of innovation. Cambridge Journal of Economics, 29, 343–357.CrossRefGoogle Scholar
  114. 114.
    Rao, H.S. (2006). Outsourcing thriving in Britain despite India bashing. Retrieve from
  115. 115.
    AFX News (2006). India could process 30 pct of US bank transactions by 2010 - report. Retrieve from
  116. 116.
    Hazelwood, S. E., Hazelwood, A. C., & Cook, E. D. (2005). Possibilities and pitfalls of outsourcing. Healthcare Financial Management, 59(10), 44–48.PubMedGoogle Scholar
  117. 117.
    Das, G. (2011). Panel to advise govt, IT cos on cloud security on the cards. Retrieved from
  118. 118.
    Schwartz, K. D. (2005). The background-check challenge. InformationWeek, 59–61.Google Scholar
  119. 119.
    Indo-Asian News Service (2006). Nasscom to set up self-regulatory organization. September 26.Google Scholar
  120. 120.
    Cone, E. (2005). Is offshore BPO running aground? CIO Insight, 53, 22.Google Scholar
  121. 121.
    COMMWEB (2007). India will train police to catch cybercriminals.Google Scholar
  122. 122.
    DSCI (2014). Cyber Labs. Retrieve from
  123. 123. (2005). Outsourcing crime call centre expose can wreak havoc, June 25. Retrieved from
  124. 124.
    Jaishankar, K. (2008). Identity related crime in the cyberspace: examining phishing and its impact. International Journal of Cyber Criminology, 2(1), 10–15.Google Scholar
  125. 125.
    Segal, A. (2012). Chinese computer games. Foreign Affairs, 91(2), 14–20. 7.Google Scholar
  126. 126. (2011). United States and India Sign Cybersecurity Agreement. Retrieved from
  127. 127.
    Bhaumik, A. (2012). India, allies to combat cybercrime. Retrieved from
  128. 128.
    Riley, M. (2011). Stolen Credit Cards Go for $3.50 at Amazon-Like Online Bazaar. Retrieved on 1 September 2016 from
  129. 129.
    Trend Micro Incorporated (2011). Trend micro third quarter threat report: Google and oracle surpass microsoft in most vulnerabilities. Retrieved from
  130. 130.
    Vidyasagar, N. (2004). India’s secret army of online ad ‘clickers’. Retrieved October 27,2008, from,curpg-1.cms.
  131. 131.
    Kehaulani, S. (2006). ‘Click Fraud’ threatens foundation of web ads; Google faces another lawsuit by businesses claiming overcharges. The Washington Post, A.1.Google Scholar
  132. 132.
    Frankel, R. (2006). Associations in China and India: An overview, European Society of Association Executives. Retrieved from
  133. 133.
    Tandon, N. (2007). Secondary victimization of children by the media: an analysis of perceptions of victims and journalists. International Journal of Criminal Justice Sciences, 2(2), 119–135.MathSciNetGoogle Scholar
  134. 134.
    Halder, D., & Jaishankar, K. (2011). Cyber gender harassment and secondary victimization: a comparative analysis of US, UK and India. Victims and Offenders, 6(4), 386–398.CrossRefGoogle Scholar
  135. 135.
    Halder, D., & Jaishankar, K. (2015). Irrational coping theory and positive criminology: A frame work to protect victims of cyber crime. In N. Ronel & D. Segev (Eds.), Positive criminology (pp. 276–291).Google Scholar
  136. 136.
    Wiesenfeld, B. M., Wurthmann, K. A., & Hambrick, D. C. (2008). The stigmatization and devaluation of elites associated with corporate failures: a process model. Academy of Management Review, 33(1), 231–251.CrossRefGoogle Scholar
  137. 137.
    Hettigei, N.T. (2005). The Auditor’s role in IT development projects. Retrieve from
  138. 138.
    Bradbury, D. (2013). India’s Cybersecurity challenge. Retrieve from

Copyright information

© Springer Science+Business Media Dordrecht 2016

Authors and Affiliations

  1. 1.Bryan School of Business and EconomicsThe University of North Carolina at GreensboroGreensboroUSA

Personalised recommendations