Situational crime prevention (SCP) focuses on the ways in which crime can be prevented and opportunities for crime can be reduced (Clarke, 1980; SCP is explored in more detail in Module 2 on Crime Prevention of the University Module Series on Crime Prevention and Criminal Justice). SCP is considered an essential part of the United Nations Economic and Social Council's (ECOSOC) Guidelines for the Prevention of Crime (Resolution 2002/13) (see UNODC, 2010).
While SCP is a concept applied to crime prevention in the real world, it can be applied as a cybercrime prevention measure in the context of cybersecurity practice. When applied to cybercrime, SCP measures focus on reducing and/or denying cybercriminals opportunities for offending and impeding their ability to offend. Technical cybercrime prevention measures are a form of situational crime prevention. A few examples of these technical measures include malware detection programmes, firewalls, which prevent unauthorized access by examining traffic and blocking traffic, and intrusion detection systems that enable the detection of cyberattacks and unauthorized access and use of systems, networks, data, services, and related resources (Maras, 2014a, p. 311).
Cornish and Clarke (2003) proposed strategies and techniques to prevent and reduce crime (see Image 2). The five proposed strategies to prevent and/or reduce crime involve: increasing the effort to offend; increasing the risks of detection and apprehension; reducing the rewards for offending; reducing provocations that lead to offending; and removing excuses for offending. Not all strategies and the techniques listed under these strategies are applicable to all crimes (Clarke, 2004). What is more, techniques and strategies can overlap and techniques can serve more than one strategy (Clarke, 2004). More information on crime prevention strategies and techniques can be found in the University Module Series on Crime Prevention and Criminal Justice.
SCP measures can, have been, and are utilized to prevent and reduce cybercrime (Maras, 2016). For example, one of the techniques listed under Cornish and Clarke's (2003) proposed SCP strategy to increase the risk of detection and apprehension for offending, is "utiliz[ing] place managers" (see Image 1). In regard to cybercrime, place managers, who control behaviours in a designated area, can be Internet service providers (discussed in Cybercrime Module 1 on Introduction to Cybercrime) or administrators and moderators of online platforms (Maras, 2016, 52). Place managers have been used to deal with cybercrime on social media platforms. For instance, Facebook increased the number of moderators and increased its monitoring of the platform for violent content after Steven Stephens broadcast his murder of a man via FacebookLive (Isaac and Mele, 2017; Guynn, 2017). Some of these SCP techniques implemented to deal with cybercrime may infringe upon human rights (e.g., blocking or removal of content) (for further information on the restrictions of human rights and the limited circumstances in which proportionate restrictions of certain rights are justified according to international human rights law, see Cybercrime Module 3 on Legal Frameworks and Human Rights).
Crime displacement occurs when a crime that was intended for one target is committed on another target because of security measures in place. Despite popular belief, research primarily shows that situational crime prevention does not necessarily lead to crime displacement (Clarke, 1997; Hesseling, 1994; for a discussion of the literature and the general conclusions on crime displacement, see Crime Prevention and Criminal Justice Module 2 on Crime Prevention). A study on pimps use of the online classified advertisements sites Backpage and Craigslist revealed that law enforcement efforts relating to these online sites did not displace pimps use of these sites to advertise sex work (Finn and Stalans, 2016).
SCP focuses on the possibility of cybersecurity threats materializing at some point. Therefore, these measures are implemented because it is assumed that threats will materialize and actions need to be taken accordingly. While SCP primarily (but not exclusively) focuses on forestalling crime, the reality is that even with these measures in place, crime will likely be committed. Because of this possibility, measures are implemented that seek to detect, respond to, and recover from cybersecurity incidents.