Good Cyber Story
Target Groups: Government Officials
Dominant Genes: Resources, Societal Awareness, Diversity
DNA sequence Info


Glacy1 1024x576

The challenge

Glacy3 1024x576

Cybercrime is not just malware or hackers that infiltrate high-security servers in defence departments to exfiltrate classified information. It can range from cloning citizens’ credit cards for financial gain or stealing users’ identities on social media to heinous crimes such as child pornography online. Regardless of the specific definition of cybercrime that one may adopt, criminal activities that involve computers and information systems are less a technical matter than a policy issue: one that requires appropriate laws, expertise and international cooperation.

Cybercrime undermines the economic growth of our economies and the well-being of our citizens. For small and medium enterprises as well as for large multinationals, criminal activities in cyberspace can have significant impacts. Up from US$3 trillion in 2015, cybercrime will cost the world US$6 trillion annually by 2021. According to forecasts, from 2019 to 2023 approximately US$5.2 trillion in global value will be at risk from cyberattacks, meaning that cybercrime will transfer huge resources away from communities, development policies or projects and into the pockets of cybercriminals.

Several countries have taken up the challenge and adopted substantive criminal law provisions, enhanced the ability of their law enforcement agencies to investigate cyber offences, and increased the level of public awareness of the threats. Many have also benefited from accession to the Budapest Convention on Cybercrime, the first international treaty on crimes committed via the Internet and computer networks, notably regarding breaches in information networks, copyright infringements, computer-related fraud and child pornography.

Unfortunately, not all countries possess the tools needed to fight cybercrime. While cybercriminals know no borders, they can mask their identity online or can take advantage of gaps in national legislation to attack where information systems are more vulnerable. National law enforcement agencies and courts may find it extremely difficult to investigate and prosecute those crimes.

A response

Fortunately, countries are not alone in this fight. GLACY+ (Global Project on Cybercrime Extended) is a joint project of the European Union and the Council of Europe that aims to strengthen effective international cooperation by supporting countries with national legislation on cybercrime and electronic evidence.

GLACY+ aims to strengthen the capacities of states worldwide to apply legislation on cybercrime and electronic evidence and enhance their abilities for effective international cooperation in this area. Its approach is:

  • To promote consistent cybercrime legislation, policies and strategies.
  • To strengthen the capacity of police authorities to investigate cybercrime and engage in effective cooperation with each other as well as with cybercrime units in Europe and other regions
  • To enable criminal justice authorities to apply legislation, prosecute and adjudicate cases of cybercrime and electronic evidence, and engage in international cooperation.
GLACY+ is intended to extend the experience of theGLACY project (2013–2016) and supports 15 priority and hub countries in Africa, Asia-Pacific, and Latin America and the Caribbean region – Benin, Burkina Faso, Cabo Verde, Chile, Costa Rica, Dominican Republic, Ghana, Mauritius, Morocco, Nigeria, Paraguay, Philippines, Senegal, Sri Lanka and Tonga. These countries may serve as hubs to share their experience within their respective regions.
You can learn more about this project here.

    The Impact

    Thanks to the project, 40 per cent of UN member states are now either party or signatory to the Budapest Convention or await accession to it. The number of countries undertaking cybercrime law reforms has skyrocketed, doubling in Africa in just seven years. Moreover, even when they are not party to the Convention, most states use it anyway as a guideline or a source for domestic legislation. Thanks to these efforts, the Budapest Convention has become a truly global legal instrument. More importantly, the project has contributed to creating a genuine community and support system in the fight against cybercrime.

    But GLACY+ is not all about laws. Over four years, almost 3,000 criminal justice professionals received cyber-related training. Furthermore, the beneficiaries of that training have become trainers themselves. For example, Sri Lanka was a priority country for GLACY until 2016. Recently, 325 Sri Lankan judges received courses from local Sri Lankan professionals, showing how capacity-building activities can lead to projects that then stand on their own feet.

    Each of the project’s objectives translates into concrete expected results, such as:
      • Reinforcement of policies and strategies in up to 20 countries, including relevant aspects of cybersecurity and partnerships with the private sector, as well as experience sharing in further countries
      • Enhancement of policy dialogue and cooperation on cybercrime between priority countries and their regions, and international and regional organisations, and synergies maximised with EU-funded projects developed in project areas
      • Harmonisation of cybercrime electronic evidence and related data protection provisions with the Budapest Convention and its Protocols, with full respect for the rule of law and human rights standards
      • Training of at least 1,000 law enforcement officers in basic cybercrime investigations and computer forensics as well as related rule-of-law requirements
      • Effective international police-to-police cooperation on cybercrime and electronic evidence
      • Strengthening of interagency cooperation among cybercrime units, financial investigators and financial intelligence units in the search for, seizure of and confiscation of online crime proceeds
      • Strengthening of institutions and procedures for international judicial cooperation related to cybercrime and electronic evidence
      • Reinforcement of training centres, academic institutions and other entities providing criminal justice capacity-building programmes with a regional scope, as well as streamlining of training on cybercrime and electronic evidence.
      Glacy2 1024x576

      Project DNA

      Which aspects of this project have contributed to its success? And which, according to the implementing organisations, might play an important role in launching similar initiatives in other parts of the world? The project DNA profiling on the basis of the Good Cyber Stories framework highlighted the importance of three success genes in particular:

      R - Resources


      A - Societal Awareness


      D - Diversity



      Project DNA

      Multi-Stakeholder Participation
      Local Ownership
      Organisational Capacity
      Transparency and Accountability
      Legal and Institutional Framework
      Political Importance
      Societal Awareness

      Join the EU Cyber Direct Network

      Subscribe to the EU Cyber Direct newsletter and receive updates on our latest research, news, and events