A Quantitative Study on the Factors Influencing Implementation of Cybersecurity Laws and Regulations in Pakistan

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Overall rating of this article is not positive and left me with the impression like it was put together out of different parts merged together hoping they would make a homogenous entity “spiced up a bit” by adding “cybersecurity” term and somewhat of statistics which unfortunately hasn’t turned to be successful, at least in my opinion. I simply didn’t perceive that procured research could not have been easily related to any other law and regulation implementation and that term “cybersecurity” was actually used to make the whole idea more “state-of-the-art” kind.

More precisely here are my specific observations:

1.       Title contains term “Emerging Economies” whilst article only tackles with research conducted in Pakistan, which if perfectly valid, but definitely cannot be generalized upon term “Emerging Economies”

2.       Description of both Hypothesizes 1 and 2 consist of absolutely no mention of cybersecurity which rather alone in my opinion is more than enough reasoning to render the rest of the article inconsistent.

3.       Although authors provide reasoning behind interviewing only IT and banking sector employees, taking into account cybersecurity represents an overall threat and is present in all life aspects, imminent question arises if the targeted group really an optimal choice? Do they possess enough insight into lawmaking procedures?

4.       Statement in lines 450-451 has been presented as an axiom whilst in fact it is a theorem that needs to be proved (which as stated has not been done within the scope of this article).

5.       Certain parts of the text are unnecessarily repeated (lines #277-282; #453-455+#463-466).

Comments on the Quality of English Language

Irrelevant.

Author Response

Reply to Reviewer 1

1. Title contains term “Emerging Economies” whilst article only tackles with research conducted in Pakistan, which if perfectly valid, but definitely cannot be generalized upon term “Emerging Economies”

Answer: Thank you very much for highlighting this important issue. The manuscript has been updated by modifying the title with “Pakistan” instead of “ Emerging Economies”. The revision is highlighted in yellow please.

2. Description of both Hypothesizes 1 and 2 consist of absolutely no mention of cybersecurity which rather alone in my opinion is more than enough reasoning to render the rest of the article inconsistent.

Answer: Thank you very much for pointing out the issue regarding the previous theories and discussions about corruption and discrimination in the society and their impact on implementation of cybersecurity laws in Pakistan. The manuscript has been updated by including additional descriptions in both the sections of corruption and discrimination to support our argument for developing both hypotheses e.g., Hypothesis 1 and Hypothesis 2. The included descriptions in the text are highlighted in yellow please between the line 227-247 and 265-288.

3. Although authors provide reasoning behind interviewing only IT and banking sector employees, taking into account cybersecurity represents an overall threat and is present in all life aspects, imminent question arises if the targeted group really an optimal choice? Do they possess enough insight into lawmaking procedures?

Answer: Thank you very much for raising this question. The authors surveyed the employees of IT and banking sectors employees because these are the sectors more vulnerable to cybersecurity. Especially the banking sector which is directly connected with the government because of their connection with the economy. Since this study was conducted on cybersecurity, its policy making and laws implementation, IT and banking were the adequate sectors to connect with and collect data sample for analysis in this study.

4. Statement in lines 450-451 has been presented as an axiom whilst in fact it is a theorem that needs to be proved (which as stated has not been done within the scope of this article).

Answer: Thank you very much for highlighting this important error. Initially, this study was planned to conduct an axiom, but the scope was changed later on. We have rectified the errors and revised the manuscript accordingly please.

5. Certain parts of the text are unnecessarily repeated (lines #277-282; #453-455+#463-466).

Answer: Thank you very much for highlighting this important issue. The manuscript has been updated by deleting the repetitive lines and they are integrated in subsection 3.3 research analysis please.

 

Reviewer 2 Report

Comments and Suggestions for Authors

I read the paper “A Quantitative Study on the Factors Influencing Implementation of Cybersecurity Laws and Regulations in Emerging Economies” which is interesting for journal readers and my suggestions have been given in the following points. The author’s details should not be there in the manuscript. This manuscript failed to present the study debates and failed to discuss the debates. The readability is low and the scientific contribution is short discussed. The abstract is incomplete. I suggest authors rewrite the abstract to make it more constructive with clear methodology, clear results, and findings. The abstract should have at least one sentence per each: context and background, motivation, hypothesis, methods, results, and conclusions. Novelty is missing in the abstract. Research questions and research objectives are missing. I believe the study needs a merely developed foundation in the existing literature and a clear warrant for why we need another study on cybersecurity law and regulations. In other words, the problematization of the extant literature needs to be strengthened, and the variables more description and a clear argument for why they are chosen. I would like to add the need to address the relatively recent critique of measurements of cybersecurity law and regulations in the LR section. Such criticism needs to be addressed and not ignored for the study to be credible. The flow of ideas in the introduction part should be improved. The authors should mention and discuss the theoretical foundation in the literature review section. There is no interpretation of the results to clarify the research objectives and the literature. Following the comments, there needs to be a stronger development and discussion of what the study contributes to the existing literature. The literature review should be more up-to-date. RM is very weak, elaborate result and discussion section. It offers feedback and analysis on a quantitative study that explores the variables affecting the adoption of cybersecurity legislation and regulations in developing nations.

Comments on the Quality of English Language

see the comments.

Author Response

Reply to Reviewer 2

The author’s details should not be there in the manuscript. This manuscript failed to present the study debates and failed to discuss the debates. The readability is low, and the scientific contribution is short discussed. The abstract is incomplete. I suggest authors rewrite the abstract to make it more constructive with clear methodology, clear results, and findings. The abstract should have at least one sentence per each: context and background, motivation, hypothesis, methods, results, and conclusions. Novelty is missing in the abstract. Research questions and research objectives are missing. I believe the study needs a merely developed foundation in the existing literature and a clear warrant for why we need another study on cybersecurity law and regulations. In other words, the problematization of the extant literature needs to be strengthened, and the variables more description and a clear argument for why they are chosen. I would like to add the need to address the relatively recent critique of measurements of cybersecurity law and regulations in the LR section. Such criticism needs to be addressed and not ignored for the study to be credible. The flow of ideas in the introduction part should be improved. The authors should mention and discuss the theoretical foundation in the literature review section. There is no interpretation of the results to clarify the research objectives and the literature. Following the comments, there needs to be a stronger development and discussion of what the study contributes to the existing literature. The literature review should be more up-to-date. RM is very weak, elaborate result and discussion section. It offers feedback and analysis on a quantitative study that explores the variables affecting the adoption of cybersecurity legislation and regulations in developing nations.

Answer: Thank you very much for highlighting important issues which were helpful in improving this manuscript to be publishable, readable, and get attraction from the audience. As per the comments and suggestions from the honorable reviewer, this manuscript is revised as follows:

1. Abstract is rewritten as per the suggestions
2. One sentence of each such as background, motivation, hypothesis, methods, results, and conclusions are included in the abstract
3. Novelty, research questions, research objectives are included in the abstract
4. To the question why need another study on cybersecurity law and regulation, a theoretical paragraph in subsection 2.2 is provided the lines 144 and 155 highlighted in yellow. This paragraph provides the significance of cybersecurity laws and the importance of their implementation in the country to deal with cyberattacks.

The law procedure requires an effective implementation framework. Superior implementation is required because no matter how stringent the laws have been passed by the parliaments; they are useless unless they are implemented properly. The asserted or recommended laws will be of no use unless they are effectively implemented. Police, prison authorities, investigators, and other key players are required for better implementation. The law enforcers are the ones who are tasked with ensuring the public's safety. They are the ones who show up at a criminal investigation and are given the authority to apprehend the perpetrators and bring them before the prosecution. As a result, the security forces must function efficiently to apprehend the attacker as quickly as possible to provide justice to the defendant. Better implementation of cybersecurity policies may grant security and law enforcement agencies more power, instill fear in the community, particularly offenders, and aid in the proper functionality of the judicial process.

5. To the question of the variables more description and a clear argument for why they are chosen, a paragraph regarding law enforcement in the countries and the factors that influence such enforcement is given between lines 200 and 212.

Prior history of federal programs, resource availability, state wealth, or geographic location did not appear to have a substantial impact on policy formation, but there are some indicators that other elements may become relevant in the following stage of legislation implementation, policy acceptance. It indicates that several variables such as an inadequate resources, corruption, insufficient knowledge, ambiguity about law enforcement, a willingness on the part, and low confidence are influencing progress in the application of cybersecurity regulations. These elements are detailed more below.

6. In the literature review (LR) section, a new paragraph is included regarding cybersecurity, cybersecurity law, and why such laws are important between lines 93 and 109. This paragraph is given below:

When consulting experts, the prevailing definition of cybersecurity is typically aligned with the official definition provided by the US federal government, which states that it is the proficient protection of computers against unauthorized access or criminal exploitation, as well as the implementation of policies to guarantee the anonymity, credibility, and accessibility of information  The definition provided is insufficient. What constitutes "unauthorized" access, what constitutes "criminal" use, from whom should information be kept "confidential," and who has the authority to determine the integrity and availability of information? Essentially, who has the right to manage which computer? Given our recognition of the significance of cybersecurity law, we have the opportunity to expand cybersecurity avoiding excessive rationalization. Cybersecurity is achieved when the individuals who have the legal authority to control computers and information are the ones who actually possess that control. Cybersecurity issues emerge when there is a mismatch between those who have the ability to control and those who are legally authorized to do so. A comprehensive awareness of cybersecurity relies on a collective agreement regarding the laws, rules, and policies that establish ownership, authorization, and control. Those rules are cybersecurity laws.

7. Interpretation of results is provided in the discussion section between lines 618 and 627 to clarify the research objective. Furthermore, a brief discussion about the study findings is provided in the discussion section as well.

 

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

Dear authors

I really appreciate you to prepare an interesting article. However, there are some points that I have mentioned. Please kindly modify the article according to the suggested comments:

1. The authors should have focused on technical points as well. They have highlighted the concepts related to law science. If it is possible kindly concentrate on technical challenges.

As you know the proposed concept is a multidisciplinary one.

2. Please kindly provide a pipeline/flowchart to show the procedures of the "Implementation of Cybersecurity Law" steps.

3. How do you distinguish the priority of the indices of the "Factors Infleunding Implementation of Cybersecurity Law"? How do you score them?

4. You have presented some Hypotheses. You should have provided a maproad for them!

5. Please provide a comparison table to prove the efficiency of the proposed method.

 

Good Luck!

Author Response

Reply to Reviewer 3

1. The authors should have focused on technical points as well. They have highlighted the concepts related to law science. If it is possible kindly concentrate on technical challenges. As you know the proposed concept is a multidisciplinary one.

Answer: Thank you very much for your valuable suggestions. The paper has been revised by including a subsection “2.1 technical cybersecurity” between lines 92 and 125, to meet the requirements of the multidisciplinary issue. The included subsection is highlighted in yellow please.

2. Please kindly provide a pipeline/flowchart to show the procedures of the "Implementation of Cybersecurity Law" steps.

Answer: Thank you very much for your kind comments and valuable suggestions. The manuscript is improved by including Figure 1 for step-by-step flow chart of cybersecurity law making and implementation process in Pakistan.

3. How do you distinguish the priority of the indices of the "Factors Infleunding Implementation of Cybersecurity Law"? How do you score them?

Answer: Thank you very much for your kind question. Since this study proposes positive and negative impacts of variables on cybersecurity law implementation in Pakistan, we have prioritized the indices as follows:

1. Corruption has negative impact – Control corruption for better cybersecurity law implementation
2. Expertise has positive impact – further strengthen the employees IT expertise
3. Discrimination has negative impact – The government is required to strengthen equality and justice for human rights in the country
4. Ambiguity has negative impact – laws must be explained clearly to general public
5. Public confidence has positive impact – further strengthen public confidence
6. You have presented some Hypotheses. You should have provided a map road for them!

Answer: Thank you very much for suggesting including a map road to test our hypotheses. The manuscript is revised by including Figure 3 as per suggestions from honorable reviewer.

5. Please provide a comparison table to prove the efficiency of the proposed method.

Answer: Thank you very much for your suggestions to provide a comparison table. This paper is improved by including Table 6 for the comparison of results with efficacy to prove the efficiency of the proposed method of this study.

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

Please remove term "emerging economies" from keywords and from line 675.

Author Response

Hello Dear Reviewer,

Thank you very much for your kind and valuable comment. The term "emerging economies" is deleted from keywords and from the line 674 as well, please.

Reviewer 2 Report

Comments and Suggestions for Authors

It's my great pleasure to review this research paper again. I am now satisfied that the author(s) have addressed the concerns of my comments in the first revision. Thanks for your significant contribution.

The introduction and literature sections strongly justified the problem approach properly, the systematic and problem-oriented approach given.

The research problem is addressed adequately discussed. The introduction is followed the systematic and problem-oriented.

The research methodology and results are substantially improved.

The conclusion section is complete and explained more about the outcomes.

The authors added the implications appropriate way.

The overall paper is significantly improved so; I then suggest acceptance.

Author Response

Thank you very much for your precious time and effort to review this manuscript and your kind comments to improve it.