A systematic literature review on cybercrime legislation

Background: Cybercrime is a fast-growing digital crime and legislation falling behind with the fast-moving advancement of technology. One important factor projected by literature in combating cybercrime is legislation. In order to combat cybercrime, the role of cybercrime legislation is a challenge that has not been clearly studied before. This paper thus aims to recapitulate the literature on cybercrime legislation in combating cybercrime. The literature in this context emphasises on existing studies relating to cybercrime legislation and addressing the importance of adequate and efficient responses in place in order to combat cybercrime efficiently. Methods: This paper finds an extensive literature review using the “Preferred Reporting Items for Systematic Review and Meta-Analysis” method based on legislation to combat cybercrime and explains a systematic analysis of the legislation in most advanced countries in both technology and legal framework. The study was done by selecting keywords, validated by the experts to discover research trends of cybercrime legislation. A search was then run across seven academic databases, including the ACM Digital Library, Emerald, Hein Online, ProQuest, ScienceDirect, Scopus, and Westlaw Asia. Initially, five hundred and forty-eight articles were retrieved and out of which seventy-two studies met the inclusion criteria and were fully reviewed. Results: The findings of the study revealed that comprehensive cybercrime legislation plays a vital role in combating cybercrime and cybercrime legislation should be strengthened, enhanced, and made up to date with the rapid advancement of technology in order to address the rising number of cybercrime. Discussion: This systematic review is timely and highlights future research directions to improve a comprehensive legal framework to combat the rising of cybercrime effectively. To fill the research gap, the findings also have fundamental practical implications for the policy makers, in enacting an up to date cybercrime legislation by highlighting the role of legislation in combating cybercrime.


Introduction
The year 2020 had been an unprecedented challenging year especially from cybercrime perspectives.Not only that the world has to face the threats from global pandemic outbreak, but also from the increasingly sophisticated cyber-attacks.Global pandemic outbreak has resulted in more than 600% rise in cybercrime. 1 The more sophisticated and advanced the technology is, the higher the number of cybercrimes and the more difficult to comprehend the issue.Cybercriminals use the advanced technology to do criminal activities such as hacking, phishing, spamming, and child pornography and hate crimes resulting in massive losses suffered by individuals as well as corporations and even pose danger to national security in some cases.
According to the report by Reuters on 5 th July 2021, when the information technology firm from the United States was attacked by cybercriminals, around 800 to 1,500 businesses were affected around the world.It was reported by the FBI that 791,790 cybercrime complaints resulting in more than US$4.1 billion losses were received by the Internet Crime Complaint Centre in 2020 and that number of reported cases has increased 69 percent compared to the reported cases in 2019.It is not only that there is an increase in cybercrime cases, the level of sophistication of the technology used also has increased tremendously.The 2020 "SolarWinds" attack confirmed the reality of the sophistication of the technology involved."SolarWinds" attack in 2020 was by the state sponsored attack since Russian military hackers accessed and sabotaged the United States Government databases and buried a software called SolarWinds.The latest attack being the largest online theft reported by CNN on the 12 th August was about the hackers who had stolen US$600million worth of cryptocurrencies from the decentralised finance platform of Poly Network.It shows how sophisticated the technology has become and how weak the legislation is to comprehend and deter these attacks.
Cybercrime can be categorised as crimes exclusive to internet and use of computer and traditional crimes.Crimes such as stalking, harassing, fraud or scam committed using social media such as Facebook, Instagram, Twitter can be regarded as traditional crimes which are committed entirely in new ways.Criminal acts done by using electronic communications and information systems are generally considered as cybercrime which consists of a variety of criminal acts.It can be individual acts as well as state sponsored cybercrime.There is no definition of cybercrime which has been accepted globally.However, the term cybercrime has been used to describe a range of crimes excluding traditional crimes but crimes committed using the computer network system.Because of the complexity of the nature of crime, a single act of cybercrime can cause overly high damages.Cybercrime currently contributes to the highest percentage of all crime.Historically, legislation has been used as a way to combat the challenges posed by cybercrime.For instance, the United States and European Union have legislation in an effort to deal with cybercrime. 2 However, there is no study being done on how legislation was used to combat cybercrime through systematic literature review (SLRs).Combating cybercrime requires a range of ways including developing new legislation and regulation as well as awareness raising campaigns.
Thus, this paper discusses the systematic literature review of the use of legislation to combat cybercrime as SLRs can provide a valuable summarization of cybercrime legislation and allow for the identification of existing knowledge gaps and consequently, avenues for future research.In essence, this paper attempts to contribute to the current literature on cybercrime legislation in two ways; firstly by providing a thematically organised classification of the studies from the perspective of application of legislation, limitations, and recommendations and secondly the finding of this SLR can be used to propose a detailed framework to conduct a future research.
Three research questions are addressed in order to make these contributions: 1. What is the legislation to combat cybercrime in selected jurisdictions? 2. How is the legislation used to combat cybercrime in these jurisdictions?

What are the other approaches taken to combat cybercrime?
The objectives of this proposal are as follows: 1. To identify the legislation to combat cybercrime in selected jurisdictions.

2.
To examine the legislation used to combat cybercrime in these jurisdictions.

To investigate the other approaches taken to combat cybercrime.
This SLR research paper is complementary to the existing research and attempts to provide the following contributions for those having an interest in cybercrime and cybercrime legislation to further their work.
A total of 548 papers related to cybercrime legislation until the year 2021 were identified as initial studies (Figure 1).Out of these papers, a total of 72 papers were further selected as primary studies for quality assessment to provide suitable benchmarks for comparative analysis towards related research.A comprehensive analysis was conducted on these 72 studies to present the ideas and considerations in the field of cybercrime legislation.A meta-analysis was conducted to improve the cybercrime legislation.This paper analyses on how the international legal framework was used to combat cybercrime.The international legal framework can reduce the differences existing among the national laws as well as introducing new authorities and promoting international cooperation.The paper focuses on the necessity in international cooperation and implementation of international awareness as well as incorporating international norms into national legislation.The review study views cybercrime from a broader scope.All kinds of cybercrimes in general were looked into rather than a specific cybercrime such as cyber fraud.Different approaches were explored in raising cybercrime awareness and their effects, and investigating cyber legislation effectiveness along with the cybercrimes.No other review study is similar in work and scope.In essence, combating cybercrime requires a holistic understanding of the aspects involved and related interrelationships and there is a need to study the effectiveness of cybercrime legal framework.This article is based on an extensive analysis involving 72 papers relating to cybercrime legislation.This article contributes towards a comprehensive analysis on legal elements of cybercrime legislation and provides a summary of findings and the implications of this study for stakeholders to enhance the ability to successfully prosecute cybercrime offences.
The remainder of this paper followed on explanation of the methodology used for SLR in this paper and further on the discussion of the findings with continuation on a detailed discussion and reflection of the implications of the insights derived from the findings, then on the discussion of limitations and future recommendations on scope of research and finally 6 on concluding remarks.

Research questions (RQ) Discussion
RQ1: What are the legislation to combat Cybercrime in selected jurisdictions?
Different legislation has been used to combat Cybercrime.Understanding the impact of legislation will enhance the impact of legislation in combating cybercrime.
RQ2: How is the legislation used to combat in these jurisdictions?
Legislation can be utilised to resolve the problems of cybercrime the peculiar nature of cybercrime.This will provide an understanding of the importance of implementing an effective legislation in place.
RQ3: What are other approaches taken to combat Cybercrime?
Legislation is commonly used to control cybercrime.However, there are some other means taken in combating cybercrime.This question will look at different approaches taken in combating cybercrime.

Methods
In order to meet the aims of answering the research questions, SLR analysis was conducted by applying several steps from the data collection to the synthesis of research findings.Figure 2 above shows the flowchart related to the stages of structure of the methods adopted for this SLR.

Stage 1. Planning the review
The PRISMA analysis was applied including the suggested phases 3 during the data collection and data processing such as identification, screening, eligibility and included (see the detailed description in Table 2).The efficiency and effectiveness of the keyword search was investigated by the measurement of the relative number of articles which are relevant when the search was conducted by the additional keywords.If there is no increase in the relevant papers after adding the additional keywords, it is considered that the initial keyword used is valid.Once research questions and hypotheses are formulated, a topic modelling approach has been used to uncover the main topics which are then re-analyse to answer the research questions.

Stage 2. Identifying and evaluating studies
Primary study was done by using selected keywords to discover research trends of cybercrime legislation through systematic review from seven academic databases.To answer the research questions, keywords were selected by using AND and OR such as "cybercrime" OR "cyber-crime" OR "legislation" AND "combating".The search platforms used were ACM Digital Library, Emerald, Hein Online, ProQuest, ScienceDirect, Scopus, and Westlaw Asia.The searches were conducted by using the keywords as stated above on these search backgrounds and filtered through the exclusion/ inclusion criteria as stated in Table 2.

Inclusion and exclusion criteria
The empirical findings on case studies and cybercrime legislations and commentaries on the application and implementation of legislation in combating cybercrime are included in the studies.All the studies were written in English and peerreviewed.The details of criterion for inclusion and exclusion can be seen in the table below.
Table 2. Criterion on inclusion and exclusion.

Inclusion Exclusion
• Papers written in English.
• Papers discuss empirical studies related to the cybercrime legislation and application of legislation in combating cybercrime.• Information related to cybercrime or associated with the impact of legislation on cybercrime.• Peer-reviewed and published in journals listed in the reputable database.
• Papers written in other languages.
• Papers do not discuss cybercrime legislation.
• Papers relating to social, economic and political aspects of cybercrime.• Papers discussed on areas which are outside the scope of the study.• Other literatures such as blogs and outside the above stated searched database are not looked into.The above criteria was adopted in order to select the papers to be used for this SLR analysis.To be selected in the study, the paper needs to fulfil all the criteria stated as inclusion and the paper will be excluded if it fulfils one of the excluded criteria.

Keywords combination
To identify the right set of key words and achieve the research objectives, seven electronic research databases such as ACM Digital Library, Emerald, Hein Online, ProQuest, ScienceDirect, Scopus and Westlaw Asia were searched by using the main keywords such as "cybercrime", "cybercrime" AND "legislation", "cybercrime" AND "legislation" AND "combating", "cybercrime" AND "legislation" AND "cybersecurity", and lastly "cybercrime" AND "legislation" AND "cybersecurity" AND "combating".Searches were conducted until no new studies were identified within the scope of selected criteria

Validation of keywords search
A total of (72) studies were identified from the search of primary keywords in the databases as stated in Table 3.It was then reduced to (64) once duplicate studies were removed.By applying the inclusion/exclusion criteria, the papers were reduced to (56).All these (56) papers were analysed in detail and again the inclusion/exclusion method was applied and reduced to (46).These selected (46) papers were then reviewed in full and assessed for eligibility to be included in this SLR review.Further 16 papers were excluded for focusing on irrelevant issues and too general in nature.Finally, (30) papers were selected and used in this study.

Stage 3. Extracting and synthesising data
All the selected papers then had their data extricated to evaluate the comprehensiveness of information to achieve the research objectives.The extraction process also provides the details of the studies for review and to be specific about how the paper can address the research question.It was done based on the selection process as discussed above.The data extracted are then categorised and then recorded in a worksheet.
Thematic synthesis was used as recommended by 4 to synthesize the results.An integrated approach to the synthesis process also was used to ensure that all the research objectives were achieved.The findings are described in the following section.Table 3 explains the number of papers at each phase of the process by the keywords search changes on each of the data platforms to focus on the final selection of papers.Findings A substantial number of papers connected to cybercrime were identified based on the initial keyword searched.After going through the section process, only (30) papers were identified and analysed in detail.All the selected papers were read in full and relevant data were extracted and summarised in the table below.All primary studies focused on legislation relating to cybercrime in combating it.RQ1: What is the legislation to combat cybercrime?Through the first research question (What is the legislation to combat cybercrime?) (Table 1), it was aimed to identify the common legislation used to charge the cybercriminals.It is vital to note that this systematic literature review intends to focus on legislation used to combat cybercrime and no other type of legislation and thus the selection process focuses solely on the studies relating to cybercrime legislation.There are a number of studies regarding cybercrime in general and other aspects of it.However, studies on cybercrime legislation itself is very much limited.
There are a few international or regional instruments as stated in Table 5.The Convention on Cybercrime which is also known as Budapest Convention is the first and only binding international instrument on cybercrime and it also serves as a basic guideline for any country which is developing cybercrime related legislation to combat cybercrime. 5However, not all the countries are a party or signatory to these conventions and harmonise with the international instruments (Table 4).
Although the Convention is under the auspices of the European Council, it is open to all the countries.The Convention focuses on Cybercrime & electronic evidence and provides a comprehensive, operational and functional solution for the investigation and prosecution of cybercrime both domestically and between Parties, with a global reach.
In addition to these international instruments, there are Model cybercrime laws which propose to implement the best practice principles of substantive offences expressed by the Convention.Model Laws are usually developed by international organisations through the inter-governmental process of negotiations and formal procedure.Apart from the Commonwealth Model Law, the rest of the Model Laws did not go through the inter-governmental process.The table below explains the Model Laws currently implemented.
These ITU-EU led Models assisted the countries in Caribbean, Pacific and Sub-Sharan Africa region in drafting and adopting the legislation relating to cybercrime. 6Their framework is based upon Commonwealth Model Law which is based upon the Budapest Convention.The common thing is to improve the legal framework of cybercrime legislation and create awareness on the importance of criminalising and adopting a specialised cybercrime law.In essence, these Models assist the countries in harmonising their legislation on cybercrime and attempt to redefine many aspects of cybercrime and jurisdictional matters. 7e United States and the European Union criminal law are on the same path relating to criminal offences in cyberspace. 8n fact, all countries should aim to pursue a common criminal policy in order to deter the cybercriminals effectively by coordinating in facilitating the detection of cybercrime, collecting the evidence, investigating and finally prosecuting the case successfully.Cybercrime has been on the rise due to the fact that there are loopholes in both national and international legislation that the existing legal framework cannot deter or effectively combat the rise of cybercrimes.
Based on the data retrieved from the United Nations Conference on Trade and Development, 9 a total of 154 countries have already enacted the cybercrime legislation whereas 13 percent of countries in the world do not have any legislation relating to cybercrime and 5% of countries have draft legislation.There was no data found on the two percent of countries (Figure 3).
Even among the least developed countries, 31 countries (66%) have legislation, four countries (9%) have draft legislation and 12 countries (26%) have no legislation.Based on these statistics, it can be concluded that the majority of the countries in the world do have legislation relating to cybercrime.However, these legislations are obviously not efficient in deterring or combating the cybercrime effectively and the number of cybercrime cases have been on the rise constantly.Different jurisdictions have used different types of legislation in charging/prosecuting the cybercriminals. 10Some jurisdictions have specified cybercrime legislations and some had only relied on the legislation intended for traditional crimes.The table below shows an overview of the list of countries which have cybercrime legislation in English.
Countries with the cybercrime bill, cybercrime draft legislation and cybercrime related legislation in non-English languages are excluded.It is essential to note that some jurisdictions used cybercrime as computer or digital crime.There are ways to improve the existing legislation relating to cybercrime and almost half of all published studies suggest harmonising national law with international law.
RQ2: How is the legislation used to combat cybercrime?Legislation plays a major role in combating cybercrime and empowering the authority in dealing with the challenges posed by cybercrime (Table 6).Legislation involves both the national and international law relating to cybercrime.While traditional legislation focuses on physical objects, cybercrime is largely associated with data or information which are electronic in nature and thus traditional law cannot be used effectively in combating cybercrime. 11Thus, national laws need specialised legislation to criminalise cybercrime.With the exception of spam offences, most of the jurisdictions in some western and European countries have criminalised and imposed criminal penalty on cybercrime cases such as misusing of computer tools and towards racism, xenophobia and online solicitation or exploitation of children. 12However, the penalties imposed are not strong enough in deterring the cybercriminals from committing the crimes in cyberspace that there is a constant rising of cybercrime cases around the world. 13Cybercrimes relating to integrity, confidentiality and accessibility of computer systems are mostly regarded as specific cyber offenses in many jurisdictions, whereas offences such as fraud, breach of privacy and identity offences are regarded as general cyber offences. 14Those countries which impose criminal penalties or criminalise cybercrime use different methodology in application such as Finland regulates cyber offences via the new chapters of penal code.The evolving nature of cybercrime cannot be controlled efficiently unless the legislation is updated enough to be used to investigate, prosecute and adjudicate the cybercrime offenders.The cooperation from the internet service providers and internet industry players also play a crucial part in order for the law enforcement officers to detect, prevent and respond to the cybercrimes.Thus it is material that effective and updated legislation in par with the rapid advancement of technology must be in place in order to combat ever rising cybercrime globally.With this view in mind, the United States House of Representative Tom Graves sponsored a bill named Active Cyber Defense Certainty ("ACDC") Act to update the Computer Fraud and Abuse Act under which the organisations can take active measures to go beyond the boundaries of their own networks.Procedural laws should also be enhanced or amended to ensure that issues related to cybercrime such as digital evidences are to be easily collected, stored and presented at the Court without any difficulty like any other traditional crimes. 15Urgent International collaboration is needed to take every possible approach to criminalise all types of cybercrimes and to adopt specific procedural rules and investigation powers to investigate and prosecute cybercrimes specifically (Figure 8). 16 the United Kingdom, the Computer Misuse Act 1990 which has been amended several times imposes criminal sanctions for cybercrime.Also under the Serious Crime Act 2015, criminal penalties can be imposed for an unauthorised act of causing serious damage to security or to the economy of the country.Even though the purpose is to punish and deter the criminals from committing the cybercrime, it does not deter the cybercriminals effectively since there still is a constant rise in cybercrime cases. 17us, to use legislation as an effective tool to combat cybercrime, cybercrime legislation must cover an extensive list of offences committed in cyberspace like some jurisdictions focus only on selective cybercrimes such as child pornography and child protection as criminal offences. 18Only a limited number of jurisdictions address and impose the duty on the service providers to monitor and voluntary supply of information as well as taking down the notifications and liability of access.Eighty percent of European countries have criminalised the cybercrimes compared to the other parts of the world whereas approximately only sixty percent of these countries criminalise the cybercrimes. 19,203: What are the other approaches taken to combat cybercrime?
In addition to the enhancement of existing legislation, there is also a necessity to focus on the development of methodological manuals on the investigation of cyber related crimes in law enforcement.A substantial number of primary studies suggest that public awareness, technical approaches and ethical online education are as important as having efficient legislation in combating cybercrime.There is also a need for the international community to come together as one united nation to voice and be united in combating this cybercrime.
Even with the best possible legal framework, to address the technical vulnerabilities, private sectors must also contribute in fighting the rise of cybercrime by addressing technological vulnerabilities in the system and collaborating in operating the system with other jurisdictions.With the rapid development of technology, it is imperative to prevent and combat cybercrime by both public and private sectors.The role played by the criminal justice system is also important and thus have to ensure that justice officers are well equipped with the latest technology development.Thus, it is important to have cybercrime strategies in order to meet the challenges of law enforcement and prosecution.Raising public awareness of cybercrime, cooperation of private-public partnerships, criminal law enforcement and justice capacity are the areas that should be addressed as the cybercrime strategies.The importance of raising public awareness of cybercrime was highlighted in the United Nations Guidelines for Prevention of Crime.Most jurisdictions are aware of the importance of raising public awareness of cybercrime and engage in awareness campaigns. 21,22scussion Efforts have been made in all the jurisdictions to amend the existing legislation to address the need for higher standards of law enforcement.However, due to the nature of cybercrime, it is difficult to determine the jurisdiction of the court in practice.Firstly, it is not restricted to a particular country or territory.It can happen in any part of the world and involve multiple jurisdictions.Secondly, cybercrime can take place in any jurisdiction and it is not possible to exclude the jurisdiction of the states even though the legislation of that particular state is very weak.For example, if malicious cyber activities have been committed by using the cyber infrastructure of the country whose cyber legislation is very weak and attack on the other states, it is none to impossible to prosecute the cybercriminal in that particular jurisdiction.
It should be noted that preventing the crime is always better than waiting for it to happen since it effectively reduces the damages suffered as a result of the crime. 23Cybercrime is complex and prevention of it generally involves a high degree of collaboration both at national and international levels between private and public sectors. 24Technologies and networks are crucial infrastructure in preventing crime. 25At the moment, there is no definite figure of losses suffered by cybercrimes though it is obvious that billions of damages have occurred every year.The availability of cyber security insurance may mitigate the losses suffered as a result of cybercrime.No doubt, there is a serious need to promote the implementation of precautionary actions in all the jurisdictions. 26It has to be acknowledged that there are some limitations on this study since the findings were interpreted based on the articles written in English only.Some other important points may have been found if the research was extended to cover other languages.Also there may be some other articles which were not listed in the data cases that these studies have based upon.However, the findings of this research can be concluded as a reasonable representation of current and latest literature available and could serve as a pertinent reference to the policymakers.

Future research and recommendation
It is important to have adequate and efficient responses in place in order to combat cybercrime efficiently.Because of the nature of cybercrime which is borderless in nature, it is pertinent that there is a harmonisation of national law with the international law as well as a strong cooperation among the states.One of the most important factors is to criminalise the computer related offenses and having a special cybercrime legislation to govern these types of crime specifically and not to just merely rely on the traditional crime legislation.Cybercrime legislation must clearly spell out the cyber offences to ensure that cybercrime offenders can be prosecuted successfully.
Analysis of United Nation documents show that integrity, confidentiality and accessibility of computer systems are criminalised as core specific cyber offences in many countries whereas fraud or forgery, breach of privacy and identity offences are more often criminalised as general cyber offences.At the same time, sufficient procedural powers must be given to investigate the cybercrime efficiently.There should be proper steps to ensure key evidence is properly kept to prove the crime.Challenges faced by law enforcement to prosecute the cybercrimes have to be addressed.However, it is not sufficient.Need to criminalise all types of cybercrime and urgently need to fill the gap in the existing legislation by strengthening the legal response in facing the challenges of cybercrime.
Cybercrime in general involves multi-jurisdictional issues and thus combating cybercrime is bound to a number of challenges both to public and private sector; public sector issues involve legislation, investigation and prosecution whereas private sector issues involve technical vulnerabilities of the system in its design and operational aspects.In essence, there has to be specialised enforcement in investigation and prosecution involving cybercrimes due to the nature of electronic evidence involved which is different from traditional crimes.Resources should be centralised in one place in order to build capacity on specialised investigation and analysing the electronic evidence.At the same time, law enforcement authorities have to be trained consistently to ensure that they are abreast with all the latest technology.

Conclusion
Many countries have imposed criminal sanctions on crimes related to internet related crimes in order words called as cybercrimes as a legal response.Based on the INTERPOL's ASEAN cyber threat assessment in January 2021, it was predicted that the growing trend in cybercrime is expected to continue since cybercriminals are well-organised and share resources and knowledge to their benefit.Thus, it is essential that there is a collaboration among the law enforcement agencies across the region.Since cybercrime is evolving constantly, it is vital for all the countries to enhance their legislation as well as the responses to the ever-evolving cybercrime threat in the digital era of the century.It is increasingly important to harmonise cybercrime legislation which cannot be achieved without the cooperation of the international operation.Those countries which do not criminalise cybercrime need to do so on an urgent basis by either enacting new legislation or amend the existing legislation and incorporate the provisions relating to cybercrime.Aggravated punishment should be meted out ensuring that effective penalties are imposed on cybercrime offenders.Public awareness and education programmes should be enhanced.
There are divergent national approaches globally because of the dissimilarities in the legal system historically and socio-cultural backgrounds.Thus, it is essential to have a truly effective legal response by cooperating among the international communities by coming up with an international legislation endorsed by industry executives, government officials, security professionals both from public and private sectors to come together and at the same time increase the much needed public awareness of the cybercrime.In essence, there is a need to have a bigger and better international cooperation on evidence collection, information sharing and criminal prosecution of those involved in cybercrimes.However, all these could not be done unless all the nations to begin with must have substantive provisions in the respective legislation which criminalise the cybercrimes.There are more questions than answers based on analysis of legal framework in combating cybercrime and it is indisputable that the legal framework of cybercrime has to be constantly adjusted and evolved to the extremely fast and highly complicated technical challenges.

Data availability
Figshare.Data_Excelfile.xlsxDOI: https://doi.org/10.6084/m9.figshare.20097614.v1. 27This project contains the following underlying data: -The data from the selected publications were extracted to assess the comprehensiveness and meet the study objectives which have been subsequently classified and entered into a spreadsheet.Are the rationale for, and objectives of, the Systematic Review clearly stated?Yes

Are sufficient details of the methods and analysis provided to allow replication by others? Yes
Is the statistical analysis and its interpretation appropriate?Yes

Are the conclusions drawn adequately supported by the results presented in the review? Yes
If this is a Living Systematic Review, is the 'living' method appropriate and is the search schedule clearly defined and justified?('Living Systematic Review' or a variation of this term should be included in the title.)

Is the statistical analysis and its interpretation appropriate? Yes
Are the conclusions drawn adequately supported by the results presented in the review?Yes If this is a Living Systematic Review, is the 'living' method appropriate and is the search schedule clearly defined and justified?('Living Systematic Review' or a variation of this term should be included in the title.)Yes Competing Interests: No competing interests were disclosed.
I confirm that I have read this submission and believe that I have an appropriate level of expertise to confirm that it is of an acceptable scientific standard.
The benefits of publishing with F1000Research: Your article is published within days, with no editorial bias • You can publish traditional articles, null/negative results, case reports, data notes and more • The peer review process is transparent and collaborative • Your article is indexed in PubMed after passing peer review • Dedicated customer support at every stage • For pre-submission enquiries, contact research@f1000.com

Figure 1 .
Figure 1.Attrition of papers through processing.

Figure 2 .
Figure 2. Structure of the method.

Figure 3 .
Figure 3. Percentage of countries with cybercrime legislation.

Table 3 .
Database search summary.

Table 5 .
List of model laws.

Table 6 .
List of countries with legislation in relating to cybercrime.