techUK, the voice of the UK technology industry, has today called for a new approach to tackling low impact cyber-crime. Based on interviews with police and industry stakeholders and Freedom of Information requests to all 43 police forces, the 'Partners against crime' report calls for police and industry to work together to raise standards of reporting, recording and responding to this growing threat.
James Murphy, Associate Director – Defence and Security at techUK said: "Digital technology is revolutionising the way criminals operate. Police forces have made a number of positive steps to meet the challenge in recent years but they cannot meet it on their own. The ability to effectively tackle cyber-crime remains the collaborative responsibility of civil society as a whole, including businesses, consumers and the technology industry. It's only by working in partnership with the cyber security industry that the police can access the skills, capacity and reach that they desperately need."
The first set of crime figures to include cyber-crimes, released last week, revealed an increase in crime for the first time in 20 years. Recent reporting and recording processes make it hard to fully understand the challenge faced. When asked, around 50% of forces surveyed could not supply accurate figures of cyber-crime reports without manually analysing every crime in their recording systems.
techUK has called for significant changes to streamline reporting and recording, including:
- A new lexicon for cyber-crime reporting to enable the recording of accurate information
- Increasing obligations for industry to report cyber-crime incidents, including the development of reporting apps
- Businesses should be encouraged to put basic preventative measures in place through initiatives like Cyber Essentials
Police response to these crimes is carried out at a regional or local level where the capacity and capability to respond is highly variable. techUK has called for closer collaboration between police and the cyber security industry to improve skills across the UK through:
- A joined up approach to Victim Support between consumer groups, the technology industry, policing leads and Victim Support across the country
- The establishment of a Managed Service Provider model (MSP) to help the police contract the specialist cyber skills that they need
- Enhanced role for the College of Policing to accredit private training providers and courses in order to ensure that there are national standards for cyber-crime training courses
- Increased funding that law enforcement receives to tackle cyber-crime
- The creation of joint police and industry working groups to help share cyber threat information in real time, creating dynamic investigative capabilities within key business sectors.
Adrian Leppard, Commissioner of the City of London Police, said: "This report highlights the challenges that cyber-crime represents for policing. Within the context of shrinking public sector sources there is clearly the opportunity for private sector technology firms to work in closer partnerships with the Police to tackle the threat posed by cyber-crime. Creating structures that work nationally to facilitate this will be challenging but we should wrestle with these issues as the threats we face are significant. Just as technological innovation helped the public and police win the battle against other crime types it has great potential to assist law enforcement in investigating and designing out cyber-crime.
"It's by working together we can share expertise and knowledge toward the collective goal of making the UK a more hostile place to commit cyber-crime."
techUK's Freedom of Information requests revealed the huge volumes of cyber-crime being handled by forces across the country. In Warwickshire, 3,204 reports of fraud were made by victims living in the force area covered by Warwickshire Police between January 2013 and March 2014, with 2,037 of those cases estimated to be cyber-enabled. Similar figures of cyber-crime reports were witnessed by West Mercia Police. Of the 4,952 incidents of fraud reported from April 2013 – March 2014, 3,466 were estimated to be cyber-enabled. In Avon and Somerset, 2,345 cyber-enabled crime incidents were recorded in 2014.
Andrew Rogoyski VP Cyber Security Services, CGI UK Ltd said: "This report is thought-provoking and timely. The challenge of dealing with large scale cybercrime is a ticking time bomb - it will become a major public issue within months rather than years. The report rightly says that Police services can't be expected to deal with large volumes of cybercrime although the public may still expect them to. Private sector specialists can help but the long-term answer is for everyone, from companies and government departments to individual citizens, to start taking responsibility for their use of technology and become a lot more security savvy."
The full report can be downloaded below.
 The paper focuses on the cyber-crimes that are addressed at regional and local level, what we term 'low impact' cyber-crimes. By the use of the term 'low impact' we do not intend to imply that the effect of these crimes on victims is not significant, merely that the financial loss and criminal machinery responsible are considered as being below the threshold to merit a national level policing response. We have applied this term in the absence of any formal categorisation by the police.