Police and industry should work together to tackle cyber crime at a regional and local level, according to technology association TechUK.
The association’s Partners against crime report calls for collaboration between police and industry to raise standards of reporting, recording and responding to cyber crime.
The report, based on interviews with police and industry stakeholders, and freedom of information (FOI) requests to all UK police forces, comes just a week after the Office of National Statistics revealed there were an average of 625,000 cyber crime offences a month in England and Wales between May and August 2015, which security experts believe is just a fraction of the actual number.
In September 2015, the UK government warned that 90% of major businesses have faced a cyber attack in the past year, with 74% of small businesses also victims of cyber crime.
“Digital technology is revolutionising the way criminals operate,” said James Murphy, associate director, defence and security at TechUK.
“Police forces have made a number of positive steps to meet the challenge in recent years but they cannot meet it on their own,” he said.
TechUK believes the ability to effectively tackle cyber crime remains the collaborative responsibility of civil society as a whole, including businesses, consumers and the technology industry.
“It’s only by working in partnership with the cyber security industry that the police can access the skills, capacity and reach that they desperately need,” said Murphy.
According to the TechUK report, around 50% of police forces surveyed could not supply accurate figures of cyber crime reports without manually analysing every crime in their recording systems.
TechUK is calling for significant changes to streamline reporting and recording, including:
A new lexicon for cyber crime reporting to enable the recording of accurate information
Increasing obligations for industry to report cyber crime incidents, including the development of reporting apps
Businesses should be encouraged to put basic preventative measures in place through initiatives such as Cyber Essentials
Police response to these crimes is carried out at a regional or local level, the report said, where the capacity and capability to respond is highly variable.
TechUK has called for closer collaboration between police and the cyber security industry to improve skills across the UK through:
A joined-up approach to victim support between consumer groups, the technology industry, policing leads and the Victim Support charity across the country
The establishment of a managed service provider (MSP) model to help the police contract the specialist cyber skills that they need
Enhanced role for the College of Policing to accredit private training providers and courses to ensure there are national standards for cyber crime training courses
Increased funding that law enforcement receives to tackle cyber crime
The creation of joint police and industry working groups to help share cyber threat information in real time, creating dynamic investigative capabilities within key business sectors.
Adrian Leppard, commissioner of the City of London Police, said the report highlights the challenges that cyber crime represents for policing.
“Within the context of shrinking public sector sources there is clearly the opportunity for private sector technology firms to work in closer partnerships with the police to tackle the threat posed by cyber crime.
“Creating structures that work nationally to facilitate this will be challenging but we should wrestle with these issues as the threats we face are significant. Just as technological innovation helped the public and police win the battle against other crime types it has great potential to assist law enforcement in investigating and designing out cyber crime.
“It’s by working together we can share expertise and knowledge toward the collective goal of making the UK a more hostile place to commit cyber crime.”
Huge volumes of cyber crime across the country
TechUK’s FOI requests revealed the huge volumes of cyber crime being handled by forces across the country.
In Warwickshire, 3,204 reports of fraud were made by victims living in the force area covered by Warwickshire Police between January 2013 and March 2014, with 2,037 of those cases estimated to be cyber-enabled.
Similar figures of cyber crime reports were witnessed by West Mercia Police. Of the 4,952 incidents of fraud reported from April 2013 to March 2014, 3,466 were estimated to be cyber-enabled. In Avon and Somerset, 2,345 cyber-enabled crime incidents were recorded in 2014.
Andrew Rogoyski, vice-president of cyber security services at CGI UK, said the report is thought-provoking and timely.
“The challenge of dealing with large scale cyber crime is a ticking time bomb – it will become a major public issue within months rather than years,” he said.
“The report rightly says that police services can’t be expected to deal with large volumes of cyber crime although the public may still expect them to.
“Private sector specialists can help but the long-term answer is for everyone, from companies and government departments to individual citizens, to start taking responsibility for their use of technology and become a lot more security-savvy.”
Andy Archibald, the outgoing head of the National Crime Agency’s National Cyber Crime Unit (NCCU) has been a long time advocate of closer collaboration between police and industry.
In 2014, he told Computer Weekly that the NCCU was keen on working with the private sector to help businesses fight cyber crime.
“Industry can bring things to the table we may not be aware of. We will work with the private sector within the law if the solution to an operation is something the private sector can take the lead on,” he said.
In July 2015, the NCA signed a memorandum of understanding (MoU) with cyber security firm Trend Micro to extend a partnership on combating cyber crime.
“It needs be a relationship that goes beyond information sharing, so it includes things such as mitigation of threats and disruption of criminal infrastructure,” said Archibald at the time.