A Systematic Literature Review of Routine Activity Theory’s Applicability in Cybercrimes


  • Rahayu Ahmad School of Computing, Universiti Utara Malaysia, 06010 UUM Sintok, Kedah, Malaysia
  • Ramayah Thurasamy 1)School of Management, Universiti Sains Malaysia, Minden, 11800 Penang, Malaysia 2)Department of Information Technology and Management, Daffodil International University, Dhaka 1341, Bangladesh 3)Faculty of Economics and Business, Universiti Malaysia Sarawak (UNIMAS), 94300, Sarawak, Malaysia 4)Fakulti Ekonomi dan Pengurusan (FEP), Universiti Kebangsaan Malaysia (UKM), 43600 UKM, Bangi Selangor, Malaysia 5)Department of Management, Sunway University Business School (SUBS), 47500 Selangor, Malaysia 6)Faculty of Accounting and Management, Universiti Tunku Abdul Rahman (UTAR), 43000 Cheras, Kajang, Selangor 7)Fakulti Pengurusan dan Perniagaan, Universiti Teknologi Mara (UiTM) 42300 Puncak Alam, Selangor




Identity Theft, Online Fraud, Scam, Victim, Cybercrime, Hacking


Cybercrimes are increasing at an alarming rate and cause detrimental effects to the victims. Routine Activity Theory (RAT) is commonly used to understand the factors influencing cybercrime victimization. However, there have been inconsistent findings on the applicability of RAT theory. This study performs a Systematic Literature Review analysis to consolidate and provide a coherent analysis of the related studies employing RAT theory for cybercrime victimization. The articles were also differentiated based on the cybercrimes topologies being investigated; (a) cybercrime dependent (hacking and malware) and (b) cybercrime enabled (phishing, fraud and identity theft). The findings suggest that a refined specification and operationalization of RAT’S construct tailoring to the types of cybercrimes can arguably yield more accurate application and interpretation of RAT Theory in cybercrimes. Consequently, this will address the inaccurate measurement issues of some of the RATS’s constructs, leading to inconclusive effects on cybercrime victimization. In addition, there is a need for more longitudinal studies to disentangle the effect of RAT’s construct during pre and post cybercrimes. Security advocates can apply the findings of this research to formulate relevant cybercrime awareness programs. The findings also shed some insights into which groups should be targeted for different cybercrime educational and awareness programs. This study can increase the awareness among citizens in terms of their online activities, their attributes and the types of protection from becoming cybercrime victims.


Download data is not yet available.

Author Biographies

Rahayu Ahmad, School of Computing, Universiti Utara Malaysia, 06010 UUM Sintok, Kedah, Malaysia

Rahayu Ahmad is an Associate Professor in School of Computing in Universiti Utara Malaysia. She received her PhD in Information Systems from University of Maryland Baltimore County, USA. Her research interest is in cybersecurity, social informatics and online learning.

Ramayah Thurasamy, 1)School of Management, Universiti Sains Malaysia, Minden, 11800 Penang, Malaysia 2)Department of Information Technology and Management, Daffodil International University, Dhaka 1341, Bangladesh 3)Faculty of Economics and Business, Universiti Malaysia Sarawak (UNIMAS), 94300, Sarawak, Malaysia 4)Fakulti Ekonomi dan Pengurusan (FEP), Universiti Kebangsaan Malaysia (UKM), 43600 UKM, Bangi Selangor, Malaysia 5)Department of Management, Sunway University Business School (SUBS), 47500 Selangor, Malaysia 6)Faculty of Accounting and Management, Universiti Tunku Abdul Rahman (UTAR), 43000 Cheras, Kajang, Selangor 7)Fakulti Pengurusan dan Perniagaan, Universiti Teknologi Mara (UiTM) 42300 Puncak Alam, Selangor

Ramayah Thurasamy, is currently a Professor of Technology Management, School of Management, Universiti Sains Malaysia, Visiting Professor Minjiang University (China), Daffodil International University (DIU) Bangladesh, Universiti Malaysia Sarawak (UNIMAS), Universiti Kebangsaan Malaysia (UKM) and Universiti Teknologi MARA (UiTM), Adjunct Professor at Sunway University and Universiti Tenaga Nasional (UNITEN), Malaysia. He was also a Visiting Professor at King Saud University (Kingdom of Saudi Arabia) and Adjunct Professor at Multimedia University previously. He is also currently the Chief Editor of the Asian Academy of Management Journal (AAMJ) and Journal of Applied Structural Equation Modeling (JASEM). He also serves on the editorial boards and program committee of several international journals and conferences of repute. His full profile can be accessed from http://www.ramayah.com


L. K. Ilves, T. J. Evans, F. J. Cilluffo, and A. Alec, “Institute for National Strategic Security, National Defense University European Union and NATO Global Cybersecurity Challenges: A Way Forward Source: PRISM, Vol. 6, No. 2 (2016), pp. 126-141 Published by: Institute for National Strategic Securi,” vol. 6, no. 2, pp. 126–141, 2016.

C. L. Cook and K. A. Fox, “Fear of property crime: Examining the effects of victimization, vicarious victimization, and perceived risk,” Violence Vict., vol. 26, no. 5, pp. 684–700, 2011, doi: 10.1891/0886-6708.26.5.684.

M. Junger, L. Montoya, P. Hartel, and M. Heydari, “Towards the normalization of cybercrime victimization: A routine activities analysis of cybercrime in Europe,” 2017 Int. Conf. Cyber Situational Awareness, Data Anal. Assessment, Cyber SA 2017, 2017, doi: 10.1109/CyberSA.2017.8073391.

E. R. Leukfeldt and M. Yar, “Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis,” Deviant Behav., vol. 37, no. 3, pp. 263–280, 2016, doi: 10.1080/01639625.2015.1012409.

F. T. Ngo, A. R. Piquero, J. LaPrade, and B. Duong, “Victimization in Cyberspace: Is It How Long We Spend Online, What We Do Online, or What We Post Online?,” Crim. Justice Rev., vol. 45, no. 4, pp. 430–451, 2020, doi: 10.1177/0734016820934175.

L. De Kimpe, M. Walrave, W. Hardyns, L. Pauwels, and K. Ponnet, “You’ve got mail! Explaining individual differences in becoming a phishing target,” Telemat. Informatics, vol. 35, no. 5, pp. 1277–1287, 2018, doi: 10.1016/j.tele.2018.02.009.

R. Milani, S. Caneppele, and C. Burkhardt, “Exposure to Cyber Victimization: Results from a Swiss Survey,” Deviant Behav., vol. 00, no. 00, pp. 1–13, 2020, doi: 10.1080/01639625.2020.1806453.

F. Ngo and R. Paternoster, “Cybercrime Victimization: An Examination of Individual and Situational Level Factors,” Int. J. Cyber Criminol., vol. 5, no. 1, p. 773, 2011.

J. Suh, J. Choe, and J. Park, “A lifestyle-routine activity theory (LRAT) approach to cybercrime victimization: An empirical assessment of SNS lifestyle exposure activities,” Asia Pacific J. Inf. Syst., vol. 30, no. 1, pp. 53–71, 2020, doi: 10.14329/apjis.2020.30.1.53.

R. Graham and R. Triplett, “Capable Guardians in the Digital Environment: The Role of Digital Literacy in Reducing Phishing Victimization,” Deviant Behav., vol. 38, no. 12, pp. 1371–1382, 2017, doi: 10.1080/01639625.2016.1254980.

D. Burnes, M. DeLiema, and L. Langton, “Risk and protective factors of identity theft victimization in the United States,” Prev. Med. Reports, vol. 17, no. July 2019, p. 101058, 2020, doi: 10.1016/j.pmedr.2020.101058.

H. S. Brar and G. Kumar, “Cybercrimes: A proposed taxonomy and challenges,” J. Comput. Networks Commun., vol. 2018, no. 1, 2018, doi: 10.1155/2018/1798659.

L. A. Hughes and G. J. Delone, “Serious Crimes, Nuisance, or Both?,” pp. 78–98, 2007.

D. Maimon and E. R. Louderback, “Cyber-Dependent Crimes: An Interdisciplinary Review,” Annu. Rev. Criminol., vol. 2, pp. 191–216, 2019, doi: 10.1146/annurev-criminol-032317-092057.

E. E. H. Lastdrager, “Achieving a consensual definition of phishing based on a systematic review of the literature,” Crime Sci., vol. 3, no. 1, pp. 1–10, 2014, doi: 10.1186/s40163-014-0009-y.

R. T. Wright and K. Marett, “The influence of experiential and dispositional factors in phishing: An empirical investigation of the deceived,” J. Manag. Inf. Syst., vol. 27, no. 1, pp. 273–303, 2010, doi: 10.2753/MIS0742-1222270111.

B. W. Reyns, “A routine activity perspective on online victimisation: Results from the Canadian general social survey,” J. Financ. Crime, vol. 22, no. 4, pp. 396–411, 2015, doi: 10.1108/JFC-06-2014-0030.

B. J. Koops and R. Leenes, “Identity theft, identity Fraud and/or identity-related crime: Definitions matter,” Crime Deviance Cybersp., vol. 30, pp. 249–252, 2017.

N. Akdemir and C. J. Lawless, “Exploring the human factor in cyber-enabled and cyber-dependent crime victimisation: a lifestyle routine activities approach,” Internet Res., vol. 30, no. 6, pp. 1665–1687, 2020, doi: 10.1108/INTR-10-2019-0400.

S. Gordon and R. Ford, “On the definition and classification of cybercrime,” J. Comput. Virol., vol. 2, no. 1, pp. 13–20, 2006, doi: 10.1007/s11416-006-0015-z.

D. Wall, “CYBERCRIME:What is it and what do we do about it? – Mapping out and policing cybercrimes,” pp. 1–42, 2011.

M. Hindelang, “Race and Involvement in Common Law Personal Crimes Author (s): Michael J. Hindelang Source: American Sociological Review, Vol. 43, No. 1 (Feb. 1978), pp. 93–109 Published by: American Sociological Association Stable URL: http://www.jstor.or,” vol. 43, no. 1, pp. 93–109, 2017.

K. Choi, “Computer Crime Victimization and Integrated Theory: An Empirical Assessment.,” Int. J. Cyber Criminol., vol. 2, no. 1, pp. 308–333, 2008.

Cohen, “Cohen_FelsonRoutine-Activities.pdf,” American Sociological Review, vol. 44, no. August. pp. 588–608, 1979.

R. Tewksbury and E. E. Mustaine, “Routine activities and vandalism: A theoretical and empirical study,” J. Crime Justice, vol. 23, no. 1, pp. 81–110, 2000, doi: 10.1080/0735648X.2000.9721111.

A. J. Stewart, M. Steiman, A. M. Cauge, B. N. Cochran, L. B. Whitbeck, and D. R. Hoyt, “Victimization and posttraumatic stress disorder among homeless adolescents,” J. Am. Acad. Child Adolesc. Psychiatry, vol. 43, no. 3, pp. 325–331, 2004, doi: 10.1097/00004583-200403000-00015.

B. W. Reyns, B. Henson, and B. S. Fisher, “Being pursued online: Applying cyberlifestyle-routine activities theory to cyberstalking victimization,” Crim. Justice Behav., vol. 38, no. 11, pp. 1149–1169, 2011, doi: 10.1177/0093854811421448.

L. E. Cohen, J. R. Kluegel, and K. C. Land, “Social Inequality and Predatory Criminal Victimization: An Exposition and Test of a Formal Theory,” Am. Sociol. Rev., vol. 46, no. 5, p. 505, 1981, doi: 10.2307/2094935.

M. Yar, “The novelty of ‘Cybercrime’: An assessment in Light of routine activity theory,” Crime Deviance Cybersp., vol. 2, no. 4, pp. 3–24, 2017.

R. B. Felson and S. F. Messner, “The control motive in intimate partner violence,” Soc. Psychol. Q., vol. 63, no. 1, pp. 86–94, 2000, doi: 10.2307/2695883.

M. Yar, “The Novelty of ‘Cybercrime’: An Assessment in Light of Routine Activity Theory,” Eur. J. Criminol., vol. 2, no. 4, pp. 407–427, 2005, doi: 10.1177/147737080556056.

B. W. Reyns, B. Henson, and B. S. Fisher, “Guardians of the Cyber Galaxy: An Empirical and Theoretical Analysis of the Guardianship Concept From Routine Activity Theory as It Applies to Online Forms of Victimization,” J. Contemp. Crim. Justice, vol. 32, no. 2, pp. 148–168, 2016, doi: 10.1177/1043986215621378.

B. W. Reyns, R. Randa, and B. Henson, “Preventing crime online: Identifying determinants of online preventive behaviors using structural equation modeling and canonical correlation analysis,” Crime Prev. Community Saf., vol. 18, no. 1, pp. 38–59, 2016, doi: 10.1057/cpcs.2015.21.

K. Holtfreter, M. D. Reisig, T. C. Pratt, and R. E. Holtfreter, “Risky remote purchasing and identity theft victimization among older Internet users,” Psychol. Crime Law, vol. 21, no. 7, pp. 681–698, 2015, doi: 10.1080/1068316X.2015.1028545.

M. J. Fleming, S. Greentree, D. Cocotti-Muller, K. A. Elias, and S. Morrison, “Safety in cyberspace: Adolescents’ safety and exposure online,” Youth Soc., vol. 38, no. 2, pp. 135–154, 2006, doi: 10.1177/0044118X06287858.

D. Moher et al., “Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement,” PLoS Med., vol. 6, no. 7, 2009, doi: 10.1371/journal.pmed.1000097.

C. Wohlin, “Guidelines for snowballing in systematic literature studies and a replication in software engineering,” ACM Int. Conf. Proceeding Ser., 2014, doi: 10.1145/2601248.2601268.

Q. N. Hong et al., “Mixed Methods Appraisal Tool (MMAT), Version 2018. User guide,” McGill, pp. 1–11, 2018, [Online]. Available: http://mixedmethodsappraisaltoolpublic.pbworks.com/w/file/fetch/127916259/MMAT_2018_criteria-manual_2018-08-01_ENG.pdf%0Ahttp://mixedmethodsappraisaltoolpublic.pbworks.com/.

H. Chen, C. E. Beaudoin, and T. Hong, “Securing online privacy: An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors,” Comput. Human Behav., vol. 70, pp. 291–302, 2017, doi: 10.1016/j.chb.2017.01.003.

G. H. Kirwan, C. Fullwood, and B. Rooney, “Risk Factors for Social Networking Site Scam Victimization among Malaysian Students,” Cyberpsychology, Behav. Soc. Netw., vol. 21, no. 2, pp. 123–128, 2018, doi: 10.1089/cyber.2016.0714.

B. W. Reyns and B. Henson, “The Thief with a Thousand Faces and the Victim with None,” Int. J. Offender Ther. Comp. Criminol., vol. 60, no. 10, pp. 1119–1139, 2016, doi: 10.1177/0306624X15572861.

L. De Kimpe, M. Walrave, P. Verdegem, and K. Ponnet, “What we think we know about cybersecurity: an investigation of the relationship between perceived knowledge, internet trust, and protection motivation in a cybercrime context,” Behav. Inf. Technol., vol. 0, no. 0, pp. 1–13, 2021, doi: 10.1080/0144929X.2021.1905066.

G. S. Mesch and M. Dodel, “Low Self-Control, Information Disclosure, and the Risk of Online Fraud,” Am. Behav. Sci., vol. 62, no. 10, pp. 1356–1371, 2018, doi: 10.1177/0002764218787854.

T. J. Holt, J. van Wilsem, S. van de Weijer, and R. Leukfeldt, “Testing an Integrated Self-Control and Routine Activities Framework to Examine Malware Infection Victimization,” Soc. Sci. Comput. Rev., vol. 38, no. 2, pp. 187–206, 2020, doi: 10.1177/0894439318805067.

C. Guerra and J. R. Ingram, “Assessing the Relationship between Lifestyle Routine Activities Theory and Online Victimization Using Panel Data,” Deviant Behav., vol. 00, no. 00, pp. 1–17, 2020, doi: 10.1080/01639625.2020.1774707.

J. Van Wilsem, “Hacking and Harassment-Do They Have Something in Common? Comparing Risk Factors for Online Victimization,” J. Contemp. Crim. Justice, vol. 29, no. 4, pp. 437–453, 2013, doi: 10.1177/1043986213507402.

A. Bossler and T. Holt, “On-Line Activities, Guardianship, and Malware Infection: An Examination of Routine Activities Theory,” Int. J. Cyber Criminol., vol. 3, no. 1, p. 400, 2009.

A. Hutchings and H. Hayes, “Routine Activity Theory and Phishing Victimisation: Who Gets Caught in the ‘Net’?,” Curr. Issues Crim. Justice, vol. 20, no. 3, pp. 433–452, 2009, doi: 10.1080/10345329.2009.12035821.

T. C. Pratt, K. Holtfreter, and M. D. Reisig, “Routine online activity and internet fraud targeting: Extending the generality of routine activity theory,” J. Res. Crime Delinq., vol. 47, no. 3, pp. 267–296, 2010, doi: 10.1177/0022427810365903.

E. R. Leukfeldt, “Phishing for suitable targets in the Netherlands: Routine activity theory and phishing victimization,” Cyberpsychology, Behav. Soc. Netw., vol. 17, no. 8, pp. 551–555, 2014, doi: 10.1089/cyber.2014.0008.

J. M. Guerra, I. Martínez, L. Munduate, and F. J. Medina, “A contingency perspective on the study of the consequences of conflict types: The role of organizational culture,” Eur. J. Work Organ. Psychol., vol. 14, no. 2, pp. 157–176, Jun. 2005, doi: 10.1080/13594320444000245.

G. Saridakis, V. Benson, J. N. Ezingeard, and H. Tennakoon, “Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users,” Technol. Forecast. Soc. Change, vol. 102, pp. 320–330, 2016, doi: 10.1016/j.techfore.2015.08.012.

J. Jansen and P. van Schaik, “The design and evaluation of a theory-based intervention to promote security behaviour against phishing,” Int. J. Hum. Comput. Stud., vol. 123, pp. 40–55, 2019, doi: 10.1016/j.ijhcs.2018.10.004.

C. Cheng, L. Chan, and C. lam Chau, “Individual differences in susceptibility to cybercrime victimization and its psychological aftermath,” Comput. Human Behav., vol. 108, no. October 2019, p. 106311, 2020, doi: 10.1016/j.chb.2020.106311.

M. Näsi, P. Räsänen, M. Kaakinen, T. Keipi, and A. Oksanen, “Do routine activities help predict young adults’ online harassment: A multi-nation study,” Criminol. Crim. Justice, vol. 17, no. 4, pp. 418–432, 2017, doi: 10.1177/1748895816679866.

I. E. Berger, “The Nature of Attitude Accessibility and Attitude Confidence,” J. Consum. Psychol., vol. 1, no. 2, pp. 103–123, 1992, doi: 10.1207/s15327663jcp0102_01.