Neo-Institutionalization of Cyber
Criminal Activities in Africa – A Treatise
Longe Olumide (PhD)
University Academic
Department of Computer Science, University of Ibadan, Ibadan, Nigeria
Director, Institute for Cyber Security & Allied Research
ICITD, Southern University, Baton Rouge, Louisiana, USA
Introduction

Despite the body of research devoted to cyber attacks,
identifying and analyzing the motivation for cyber
criminals activities as well as governments and
organizational responses that facilitates or hinder these
attacks remain a difficult challenge (Cox et al, 2010; Otis
& Evans 2003; Econinfosec, 2007).

Technocrats and theorists are at odds as to the best
way to comprehend the actions of cyber criminals and
the symbiotic relationships they have with various
players.
Institutions Explained

Institutions influencing cyber attacks reside at
different levels—global, national, local, social
network, professional, industry, interorganizational and intra-organizational

These institutions exerts political, legal, cultural
and other environmental factors specific to a
country that influence cybercrime. The state is
arguably the most important external institutional
actor and powerful drivers of institutional
isomorphism since a violation of laws and
regulations can have harsh economic and social
sanctions
Neo Institutional Connections

Macro- and micro-level institutions provide regulative,
normative and cognitive legitimacy to cyber criminals,
organizations’ and governments’ actions that facilitate or
hinder cyber attacks

Based on institutional procedure, we can connect cyber
attack patterns to norms, rules, laws and cognitive
assessment of cyber activities. A previous research (Longe et
al, 2009) linked institutional legitimacy with cyber conflict and
investigated cost-benefit associated cyber criminal activities
as well as strategic asymmetry faced by organizations.

There is need to understand the exact nature of institutional
mechanisms involved in cyber infrastructure and cyber criminal
activities.
Recent Trends

Recent events gives credence to the fact that
institutional processes can influence and explain
causation, depth and patterns of cyber attacks.

Institutional activities can fuel cyber crime on
local, national, national and global perspective.

It is also possible to create opportunities for
cyber attacks through social engineering
networks, professional organization network,
inter-organizational and intra-organizational
infrastructures (Strang and Sine 2002; Longe et al,
2010).
Disorganization and Deinstitutionalization
of Primary Societies in Africa

Some institutionalisms refer traditional institutions consisting
of custom and limited social networks (intragroup networks)
of the pre-industrial era as the true forms of institutions
(Sjostrand 1992).

The disorganization of primary society through the internet
and cyber activities has contributed to society’s increasing
deinstitutionalization.

In Africa, informal networks are still more effective than
formal laws and regulations in dealing with local problems
(Mol and Van Den Burg 2004). An individual’s social network
is related to the obligation to be trustworthy and follow the
norms of equity (Granovetter 1985).
Institutional Pillars

Institutions residing at different levels can be described
in terms of three institutional pillars: regulative,
normative and cognitive:
Regulative

institutions
Regulative institutions consist of "explicit regulative
processes: rule setting, monitoring, and sanctioning
activities“ These consist of regulatory bodies enforcing
existing laws and rules that influence cyber criminals to
behave in certain ways.
Normative Institutions

Normative components introduce "a
prescriptive, evaluative, and obligatory
dimension into social life” Practices that are
consistent with and take into account the
different assumptions and value systems of
the national cultures are likely to be
successful (Schneider 1999).

For instance, informal sanctions applied by a
social group such as exclusion of a cybercriminal from one's circle of friends send
negative social feedback to the criminal
Cognitive Institution

Cognitive institutions are associated with culture (Jepperson
1991). These components represent culturally supported
habits that influence the cyber criminals’ behaviors. Cognitive
programs that are built on the mental maps of individual
criminals and thus function primarily at the individual level.

They are carried by individuals but social in nature
Compliance in the case of cognitive legitimacy concerns is
due to habits. Political elites, organizational decision makers
and cyber criminals may not even be aware that they are
complying.

Cognitive feedback depending on the nature and motivation
of the actor include enjoyment from cybercrime, monetary
gains and less guilt in such crimes.
Cyber Criminal Ideologies

Ideology is an important component of cognitive
institutions energizing many cyber criminals’
behaviors. Some recent cyber criminal activities
in Africa are linked with fights for ideology.

Ideological hackers attack websites to further
political purposes. Such hackings can be mapped
with obligation/community based intrinsic
motivations (Lindenberg 2001).
Cyber Criminal Ideologies

Repatriation Ideology is also another dimension which
justifies cyber activities on pay-back from the Western
World.

Legitimization of cyber criminal activities as a form of
gainful employment is also becoming increasingly
popular in parts of Africa.
Parental support for cyber
criminal activities push these
criminals to go as far as seeking
diabolical means to defraud
victims and escapeprosecution
Why Do Entrepreneurs Fall for
Cybercrime
Greed
 Gullibility
 Gratification
 Ignorance
 The long awaited miracle syndrome
 The Love Triangle
 Permanent Sentiment
 The Theory of Pseudo Ownership –

Cyber Crime Profile
Does Internet Entrepreneurs Have
Enough Information on Cybercrime ?

Internet security has not become a boardroom priority
in many organizations

For example:
◦ A Jupiter Executive Survey in South Africa found that 29% of
security practitioners rate the risk of cyber-attacks as “low.”
◦ In Nigeria our recent research found that 5/7 of surveyed
businesses does not have a well-defined security plan in place
against cyber attacks.
◦ The Small Business Pipeline investigation in Uganda found that
73% of small businesses have no written security plan even
though many estimate that any type of business interruption
could cost the company upwards of $10,000 per day.

In Ghana, Internet security budgets – are generally
lower than required
How to prevent Cyber crime
How to prevent Cyber crime
Using the computer at workplace – between
efficiency and privacy
- Include the Policy on how to use Internet
at workplace as a part of the labour
contract
- Training the employees on usage of
Internet and software
- Training the employees on how they
should treat confidential information and
the essential passwords
What to do with a cybercrime case ?
What to do with a cybercrime case ?
Where to report cyber crime
cases?
Internet Fraud Complaint Center (IFCC)
 http://www1.ifccfbi.gov/index.asp
 IFCC is a partnership between the
Federal Bureau of Investigation (FBI) and
the National White Collar Crime Center
(NW3C).

Thank you !