Asian Journal of Criminal Justice and Forensic Studies

  • Received 09.06.2025,
  • Revised 07.11.2025,
  • Accepted 16.12.2025
Download article Download article
Vol. 1, No. 1. 2025
  • personal data; law enforcement; critical infrastructure; sanctioning mechanisms; institutional quality; international coordination; data localisation
  • Pages 35-51

The study aimed to identify avenues for modernising the national cybersecurity system of the Republic of Kazakhstan through a comprehensive assessment of its effectiveness and an examination of advanced practices implemented in East Asian states. The legal analysis revealed a fragmented Kazakhstani cybersecurity framework characterised by the absence of a single codified act and by the proliferation of regulatory documents of varying legal force. The empirical assessment demonstrated a sustained rise in cybersecurity incidents in Kazakhstan, with an average annual growth rate of 14.5% between 2019 and 2024, reaching more than 41,000 cases in 2024. The number of recorded cybercrimes increased thirty-six-fold, from 589 cases in 2018 to 21,479 in 2021. The study identified low enforcement effectiveness, with only 36% of registered cases reaching judicial proceedings. Financial losses incurred by citizens as a result of digital fraud exceeded 17.5 billion tenge in 2023. A correlation analysis of the Worldwide Governance Indicators – specifically rule of law, control of corruption, regulatory quality, and political stability – with cybercrime metrics, including the number of registered cybercrimes and the case-clearance rate, identified a statistically significant negative association (r = -0.67, p < 0.01). Countries with negative values for control of corruption were found to have cybercrime levels 40% higher on average. A comparative legal analysis of the cybersecurity systems of Japan, South Korea, and China demonstrated substantive differences in procedural mechanisms, sanctioning measures, and institutional architecture. The findings confirmed the significance of institutional quality for the effective protection of national cybersecurity and substantiate the need for a systematic modernisation of Kazakhstan’s model through legislative codification, the establishment of a centralised coordination centre, the strengthening of sanctioning mechanisms, and the development of human capital

References

  1. Abuova, N. (2024). Kazakhstan advances in global cybersecurity index 2024. The Astana Times. Retrieved from https://astanatimes.com/2024/09/kazakhstan-advances-in-global-cybersecurity-index-2024/.
  2. Act of Japan No. 104 “The Basic Act on Cybersecurity”. (2014, November). Retrieved from https://www.japaneselawtranslation.go.jp/en/laws/view/3677/en.
  3. Act of Japan No. 128 “Act on Prohibition of Unauthorized Computer Access”. (1999, August). Retrieved from https://www.japaneselawtranslation.go.jp/en/laws/view/3933/en.
  4. Act of Japan No. 57 “Act on the Protection of Personal Information”. (2003, May). Retrieved from https://www.japaneselawtranslation.go.jp/en/laws/view/4241/en.
  5. Act of the Republic of Korea No. 14080 “Act on Promotion of Information and Communications Network Utilization and Information Protection”. (2016, March). Retrieved from https://elaw.klri.re.kr/eng_service/lawView.do?hseq=38422&lang=ENG.
  6. Act of the Republic of Korea No. 14122 “Credit Information Use and Protection Act”. (2016, March). Retrieved from https://law.go.kr/LSW/lsInfoP.do?lsiSeq=182111&urlMode=engLsInfoR&viewCls=engLsInfoR#0000.
  7. Act of the Republic of Korea No. 19234 “Personal Information Protection Act”. (2023, March). Retrieved from https://elaw.klri.re.kr/eng_service/lawView.do?hseq=62389&lang=ENG.
  8. AEQUITAS Law Firm. (2024). Doing business in Kazakhstan: Legal basics. Retrieved from https://aequitas.kz/upload/files/2024/AE_Doing%20Business%202024%20(Eng).pdf.
  9. Akhmetova, S. (2024). Personal data protection, state oversight and legislative updates. Retrieved from https://www.mondaq.com/data-protection/1474888/personal-data-protection-state-oversight-and-legislative-updates.
  10. Al-Farabi Kazakh National University. (n.d.). Criminal offenses in the field of informatization and communication (criminal law and criminological aspects). Retrieved from https://old.abu.edu.kz/uploads/182/791/1089/89b592eca7a3f879eeeb8e258c189ab5.pdf.
  11. Ali, M.G. (2025). Cybersecurity governance and policy development in higher education institutions: A strategic framework for resilience and compliance. Retrieved from https://files.eric.ed.gov/fulltext/ED675147.pdf.
  12. Amirov, A., Kainazarova, D., Begaliyev, E., Sarsenbaev, A., & Kurbanbaev, N. (2024). Legal ways and methods of personal data protection in Kazakhstan. Scientific Herald of Uzhhorod University, Series “Physics”, 55, 2174-2186. doi: 10.54919/physics/55.2024.217wl4.
  13. Anderson, C., Crete-Nishihata, M., Dehghanpoor, C., Deibert, R., McKune, S., Ottenheimer, D., & Scott-Railton, J. (2015). Are the kids alright? Digital risks to minors from South Korea’s smart sheriff application. Retrieved from https://citizenlab.ca/2015/09/digital-risks-south-korea-smart-sheriff/.
  14. APCERT. (2024). APCERT Annual Report 2024. Retrieved from https://www.apcert.org/documents/pdf/APCERT_Annual_Report_2024.pdf.
  15. Baker McKenzie. (2025). Global data and cyber handbook: South Korea. Retrieved from https://resourcehub.bakermckenzie.com/en/resources/global-data-and-cyber-handbook/asia-pacific/south-korea/topics/key-data-and-cybersecurity-laws.
  16. Busetti, S., & Scanni, F.M. (2025). Evaluating incident reporting in cybersecurity. From threat detection to policy learning. Government Information Quarterly, 42(1), article number 102000. doi: 10.1016/j.giq.2024.102000.
  17. Cho, S. (2022). National cybersecurity organisation: Republic of Korea. In National cybersecurity governance series (pp. 1-27). Tallinn: NATO Cooperative Cyber Defence Centre of Excellence.
  18. Code of the Republic of Kazakhstan No. 235-V KRK “On Administrative Infractions”. (2014, July). Retrieved from https://adilet.zan.kz/kaz/docs/K1400000235.
  19. Committee for National Security of the Republic of Kazakhstan. (2021). On the prevention of a cyberattack. Retrieved from https://www.gov.kz/memleket/entities/knb/press/news/details/145642.
  20. Committee of National Security of the Republic of Kazakhstan. (2025). About the court sentence. Retrieved from https://www.gov.kz/memleket/entities/knb/press/news/details/934421.
  21. Council of Europe. (2022). Second additional protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence (CETS No. 224). Retrieved from https://www.coe.int/en/web/cybercrime/second-additional-protocol/-/asset_publisher/isHU0Xq21lhu/content/opening-coecyber2ap.
  22. Council of Europe. (2023). Kazakhstan invited to join the Convention on Cybercrime. Retrieved from https://www.coe.int/en/web/portal/-/kazakhstan-invited-to-join-the-convention-on-cybercrime.
  23. Council of Europe. (2024). Octopus project: Authorities of Kazakhstan coordinate on the next steps to complete accession to the Convention on Cybercrime. Retrieved from https://www.coe.int/en/web/cybercrime/-/octopus-project-authorities-of-kazakhstan-coordinate-on-the-next-steps-to-complete-accession-to-the-convention-on-cybercrime.
  24. Creemers, R., Webster, G., & Triolo, P. (2018). Cybersecurity Law of the People’s Republic of China. Retrieved from https://digichina.stanford.edu/work/translation-cybersecurity-law-of-the-peoples-republic-of-china-effective-june-1-2017/.
  25. Criminal Code of the Republic of Kazakhstan No. 226-V KRZ. (2014, July). Retrieved from https://adilet.zan.kz/kaz/docs/K1400000226.
  26. Criminal Law of the People’s Republic of China. (1979, July). Retrieved from https://english.court.gov.cn/2015-12/01/c_761557.htm.
  27. Criminal Procedure Code of the Republic of Kazakhstan No. 231-V KRZ. (2014, July). Retrieved from https://adilet.zan.kz/eng/docs/K1400000231.
  28. Cyber attacks of 2024: How to protect yourself in the age of digital threats. (2025). State technical service. Retrieved from https://sts.kz/en/news/066a2c46-3ce0-4aea-b97d-76733d6b8b0b.
  29. Eurasian Research Institute. (2025). Digital security and threats in Kazakhstan. E-Bulletin Analysis, 376.
  30. Forum of Incident Response and Security Teams. (n.d.). KZ-CERT team information. Retrieved from https://first.org/members/teams/kz-cert.
  31. Global Cybercrime Report 2024: Which countries face the highest risk? (2024). MixMode threat research. Retrieved from https://mixmode.ai/blog/global-cybercrime-report-2024-which-countries-face-the-highest-risk/.
  32. Government Decree of the Republic of Kazakhstan No. 269 “Concept for Digital Transformation, Development of Information and Communication Technologies and Cybersecurity Industry for 2023-2029”. (2023, May). Retrieved from https://adilet.zan.kz/kaz/docs/P2300000269.
  33. Government Decree of the Republic of Kazakhstan No. 407 “Concept on Cybersecurity (Kazakhstan’s Cyber Shield)”. (2017, June). Retrieved from https://adilet.zan.kz/kaz/docs/P1700000407.
  34. Government of Japan. (n.d.). Retrieved from https://www.nisc.go.jp/eng/pdf/cip_policy_2024_eng.pdf.
  35. Greenleaf, G., & Kaldani, T. (2025). Data privacy laws in Central Asia: Between ex-SSR and ‘Belt & Road’. International Data Privacy Law, 15(1), 67-90. doi: 10.1093/idpl/ipae015.
  36. Hernandez, J.R. (n.d.). What is the actual cost of cybercrime? Retrieved from https://evolvesecurity.com/blog-posts/actual-cost-of-cybercrime.
  37. International Telecommunication Union. (2020). Global cybersecurity index 2020. Geneva: ITU Publications.
  38. International treaty UK/Kazakhstan TS No.25/2016 “Treaty on Mutual Legal Assistance in Criminal Matters”. (2016, April). Retrieved from https://www.state.gov/wp-content/uploads/2019/02/16-1206-Kazakhstan-Law-Enforcmt-MLAT.pdf.
  39. Japan Computer Emergency Response Team Coordination Center. (n.d.). About JPCERT/CC. Retrieved from https://jpcert.or.jp/english/about/.
  40. JPCERT Coordination Center. (2024). JPCERT/CC Incident Handling Report: January 1, 2024 - March 31, 2024. Retrieved from https://jpcert.or.jp/english/doc/IR_Report2023Q4_en.pdf.
  41. Kam, O.M.-T. (2025). A comparative analysis of customer data privacy protection under the European Union’s general data protection regulation and the People’s Republic of China’s personal information protection law. Beijing Law Review, 16(3), article number 163086. doi: 10.4236/blr.2025.163086.
  42. Katagiri, N. (2022). Assessing Japan’s cybersecurity policy: Change and continuity from 2017 to 2020. Journal of Cyber Policy, 7(1), 38-54. doi: 10.1080/23738871.2022.2033805.
  43. Kennedy, G., et al. (2025). Asia-pacific developments. Computer Law & Security Review, 57, article number 106151. doi: 10.1016/j.clsr.2025.106151.
  44. Kergroach, S., Becker, S., & Bernat, L. (2024). Shielding SMEs – how to boost their defence against cyberattacks. Retrieved from https://oecdcogito.blog/2024/04/03/shielding-smes-how-to-boost-their-defence-against-cyberattacks-2/.
  45. Kim, D.H., & Park, D.H. (2024). Automated decision-making in South Korea: A critical review of the revised personal information protection act. Humanities and Social Sciences Communications, 11, article number 974. doi: 10.1057/s41599-024-03470-y.
  46. Komiyama, K. (2025). Norms in new technological domains: What’s next for Japan and the United States in cyberspace. In Strategic Japan (pp. 1-8). Washington, DC: Center for Strategic and International Studies (CSIS).
  47. Kubanova, N., Neselbayeva, I., Dyussebalyeva, S., Halibati, H., & Adilgazy, S. (2024). Countering cyber attacks in the Republic of Kazakhstan: Interdisciplinary issues and legal frameworks in the context of social security and economic stability. Social & Legal Studies, 8(1), 179-194. doi: 10.32518/sals1.2025.179.
  48. Kubanova, N.B. (2025). Forensic characterization of cyber attacks. Bulletin of Institute of Legislation and Legal Information of the Republic of Kazakhstan, 80(2), 278-288. doi: 10.52026/2788-5291_2025_80_2_278.
  49. Kulzhabayeva, Z.O. (2024). Legislative distinction between the concepts of “cybersecurity” and “information security”. Scientific and Legal Journal “Bulletin of the Institute of Legislation and Legal Information of the Republic of Kazakhstan”, 4(79), 178-184. doi: 10.52026/2788-5291_2024_79_4_178.
  50. Law of the People’s Republic of China No. 84 “Data Security Law of the People’s Republic of China”. (2021, June). Retrieved from https://en.npc.gov.cn.cdurl.cn/2021-06/10/c_689311.html.
  51. Law of the People’s Republic of China No. 91 “Personal Information Protection Law of the People’s Republic of China”. (2021, August). Retrieved from https://en.npc.gov.cn.cdurl.cn/2021-12/29/c_694559.html.
  52. Law of the Republic of Kazakhstan No. 418-V ZRK “On Informatization”. (2015, November). Retrieved from https://adilet.zan.kz/kaz/docs/Z1500000418.
  53. Law of the Republic of Kazakhstan No. 94-V ZRK “On Personal Data and Their Protection”. (2013, May). Retrieved from https://adilet.zan.kz/kaz/docs/Z1300000094.
  54. Less than half of criminal cases on cybercrimes in 2024 reached court in Kazakhstan. (2025). Kazakh telegraph agency. Retrieved from https://kaztag.kz/en/news/less-than-half-of-criminal-cases-on-cybercrimes-in-2024-reached-court-in-kazakhstan.
  55. Lim, S., & Oh, J. (2025). Navigating privacy: A global comparative analysis of data protection laws. IET Information Security, 2025(1), article number 5536763. doi: 10.1049/ise2.5536763.
  56. Lötter, C. (2025). A comparative critique of the Cybercrimes Act 19 of 2020: Positioning South Africa vis-à-vis Australia. Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad, 28(1), 1-33. doi: 10.17159/1727-3781/2025/v28i0a17035.
  57. Markopoulou, D., & Papakonstantinou, V. (2021). The regulatory framework for the protection of critical infrastructures against cyberthreats: Identifying shortcomings and addressing future challenges: The case of the health sector in particular. Computer Law & Security Review, 41, article number 105502. doi: 10.1016/j.clsr.2020.105502.
  58. Marotta, A., & Madnick, S. (2025). Analyzing and categorizing emerging cybersecurity regulations. ACM Computing Surveys, 58(2), 1-36. doi: 10.1145/3757318.
  59. McCoy, E. (2025). Cybersecurity regulations and risk management in the financial sector: A comparative analysis. Law Economics and Society, 1(1), 115-135. doi: 10.30560/les.v1n1p115.
  60. Mukhametgali, F. (2024). Kostanay resident convicted for distributing malicious software on the internet. Retrieved from https://polisia.kz/ru/kostanajtsa-osudili-za-rasprostranenie-v-internete-vredonosnoj-programmy/.
  61. National Cyber Security Index. (n.d.). Kazakhstan. Retrieved from https://ncsi.ega.ee/country/kz/.
  62. Nguyen, T.A., Koblandin, K., Suleymanova, S., & Volokh, V. (2021). Effects of ‘digital’ country’s information security on political stability. Journal of Cyber Security and Mobility, 11(1), 29-52. doi: 10.13052/jcsm2245-1439.1112.
  63. Orumbayeva, M., & Kurmangali, A. (2022). Cybersecurity and current global threats in Central Asia. Memlekettik Basqaru zhane Memlekettik Qyzmet, 2(81), 77-84. doi: 10.52123/1994-2370-2022-657.
  64. Pellreddy, R. (2025). Cybersecurity for critical infrastructure: Protecting national assets in the digital age. International Journal of Computer Trends and Technology, 73(2), 7-17. doi: 10.14445/22312803/IJCTT-V73I2P102.
  65. Personal Information Protection Commission. (2022). Guidelines for Act on the Protection of Personal Information. Retrieved from https://www.ppc.go.jp/personalinfo/legal/guidelines_tsusoku/.
  66. Regulations on the Management of Online Data Security (Draft for Solicitation of Comments). (2021). Retrieved from https://www.chinalawtranslate.com/en/data-security-management-draft/.
  67. South Korea’s 2024 Cyber Strategy: A Primer. (2024). Retrieved from https://csis.org/blogs/strategic-technologies-blog/south-koreas-2024-cyber-strategy-primer.
  68. Stickings, M., & Nosal., J. (2024). Blunting the cutting edge of crime: OSCE helps combat cybercrime in Central Asia. Retrieved from https://osce.org/blog/574757.
  69. Su, R., & Zhang, D. (2025). Adaptive sovereignty: China’s evolving legislative framework for transnational data governance. Politics and Governance, 13, article number 10413. doi: 10.17645/pag.10413.
  70. Swire, P., Kennedy-Mayo, D., Bagley, D., Krasser, S., Modak, A., & Bausewein, C. (2024). Risks to cybersecurity from data localization, organized by techniques, tactics and procedures. Journal of Cyber Policy, 9(1), 20-51. doi: 10.1080/23738871.2024.2384724.
  71. Syrlybayeva, F., Kassymova, X., Omarova, E., Zhussipova, B., & Nurgalieva, E. (2024). Protection of information about employee’s personal data in the Republic of Kazakhstan. Social & Legal Studies, 7(4), 90-102. doi: 10.32518/sals4.2024.90.
  72. Tagud, J.A., Gildo, E., Jabay, U.A., Oro, E., Sagaldia, S.M., & Tigtig, R.F. (2024). Comparative analysis of the cybersecurity landscape in Asian countries using linear regression. SAR Journal, 7(4), 404-410. doi: 10.18421/SAR74-15.
  73. Tan, W., Guo, B., & Zhang, Q. (2025). Cybersecurity governance and corporate market value: Perspectives from investor trust and supply chain trust. Pacific-Basin Finance Journal, 90, article number 102646. doi: 10.1016/j.pacfin.2024.102646.
  74. Univision.kz. (n.d.a). B058 information security. Retrieved from https://univision.kz/edu-program/group/B058-informatsionnaya-bezopasnost.html.
  75. Univision.kz. (n.d.b). M095 information security. Retrieved from https://univision.kz/edu-program/group/M095-informatsionnaya-bezopasnost.html.
  76. Vandezande, N. (2024). Cybersecurity in the EU: How the NIS2-directive stacks up against its predecessor. Computer Law & Security Review, 52, article number 105890. doi: 10.1016/j.clsr.2023.105890.
  77. Worldwide Governance Indicators. (2024). World Bank Group. Retrieved from https://databank.worldbank.org/reports.aspx?Id=ceea4d8b&Report_Name=WGI-Table.
  78. Zhamburbayeva, S., & Ilsasova, G.A. (2024). The realization of the “Concept of digital transformation, development of the information and communication technologies and cybersecurity industry for 2023-2029” by implementing blockchain technologies of the Republic of Kazakhstan and the problems of its legal regulation. Bulletin of the Karaganda University, 4(116), 137-146.
  79. Zhang, C. (2024). China’s privacy protection strategy and its geopolitical implications. Asian Review of Political Economy, 3, article number 6. doi: 10.1007/s44216-024-00028-2.

Submission