The Experience of Cybercrime in Georgia: Awareness, Victimisation and Reporting

It aims to inform future policy development and societal understanding of the perception of cybercrime in Georgia, with a focus on awareness, victimisation and reporting. Through its analysis, the paper asserts that a disjuncture currently exists between Georgians’ perceptions of what constitutes cybercrime and the provisions found in the Criminal Code of Georgia (CCG). In response to this assertion and additional findings, a series of cyber security capacity-building interventions are recommended to improve awareness, safety and confidence with regard to combating cybercrime.

The paper’s findings are based on qualitative primary data-gathering – in-depth interviews with experts from the public, private and civil society sectors, focus group discussions with groups considered most vulnerable, and a consultative workshop – as well as quantitative data provided by Georgia’s Ministry of Internal Affairs. The paper does not provide a sufficient evidence base to propose definite amendments to the CCG, and as such this precise consideration is out of its scope.

The paper examines Georgian citizens’ sense of safety and security online, and their awareness of what constitute illegal activities in and through cyberspace. It finds that the general perception of cybercrime often conflates cyber-dependent and cyber-enabled crime and online harms and is largely ignorant of what activities the CCG explicitly considers to be cybercrime. It is important to note that the CCG considers cybercrime as solely cyber-dependent crime – i.e., offences carried out, by or against computers or other devices. There are no articles explicitly concerning cyber-enabled crimes or online harms, and prosecutors and victims instead rely on or interpret other existing provisions to demonstrate that an offence has been committed.

The paper also observes that levels of awareness of the threat of cybercrime are low, resulting in understandings of personal risk and risk mitigations being underdeveloped. While these problems are not unique to Georgia, this does not mean that the Georgian government cannot be ambitious in tackling the issue. Recent efforts, including reforms to cybercrime articles under the CCG and increased resourcing to the Cybercrime Division of the Central Criminal Police Department, have been important in addressing cyber-dependent crime, but ample room for improvement, particularly across cyber-enabled crime, remains.

This paper finds that while government is not widely trusted as a recipient of reporting about cyber incidents, it is considered a trustworthy messenger on the threat of cybercrime and cyber hygiene mitigations. The Georgian government should leverage this perception to target interventions at improving general cyber awareness and preparedness.

Increased whole-of-society efforts should be put into raising people’s awareness, safety and confidence around cybercrime. A national information campaign is needed to increase baseline awareness, and within this, targeted initiatives focused on vulnerable and influential groups are key. Due to the varying levels of trust that the public affords to government, this campaign should cooperate where possible with civil society voices to achieve the greatest impact. The government should also make efforts to address the mismatch between governmental and popular understandings of what cybercrime is. These initiatives should be coupled with measures to incentivise reporting and strengthen the Georgian cyber security skills ecosystem.