As crime changes, so must policing approaches

New research sheds light on “grave threat” of economic cybercrime New approaches must be adopted by law enforcers to tackle the escalating problem of economic cybercrime, according to a new report from Cardiff University for the City of London Corporation, supported by the City of London Police.

Published today (07 October 2015), the report highlights the scale of economic cybercrime in the UK, stating that 106,681 fraud-related incidents were reported by individuals and businesses to Action Fraud in Q4 of 2014, a third of which related to banking and credit industry fraud.

The report, ‘The Implications of Economic Cybercrime for Policing’, states that e-commerce fraud losses totalled £217.4m in 2014, with losses to the banking sector from online banking fraud peaking to a new high in 2013/14 to £60.4m. Data from accountancy firm PWC is also cited in the research, showing that 90% of large organisations reported suffering a security breach in 2013/2014. Since then, there has been a spate of high-profile data breaches in the US and the UK, showing the ease through which both personal data and corporate secrets can be stolen.

Against this backdrop, the report calls for renewed vigour from law enforcers in preventing and tackling this type of crime.

It outlines key challenges facing the ‘Four Ps’ government strategy of policing economic cybercrime, including the complexity of cases; their cross-territorial scale; the rapidly changing tactics of offenders, the volume of incidents; victims being often unaware of the impact; a chronic underreporting of crimes; and a lack of information-sharing and intelligence-gathering on organised crime groups and activity.

Recommendations include:

• There should be a greater focus on the ‘Protect’ and ‘Prepare’ (prevention and resilience) components of the strategy rather than ‘Pursue.’ This includes better educating citizens, especially vulnerable people likely to be repeat victims, of the risks in cybercrime, and making it easier for them to be protected.  Businesspeople with broad corporate IT access should carefully review their own range of access in case this is compromised by insiders or outsiders. Firms should review what they really need to have connected to the internet if those assets are core to the company’s survival.
• There should be an emphasis on partnership-working and greater coordination across police forces and other key bodies, nationally and internationally – including the National Crime Agency, Intellectual Property Office and Trading Standards as part of the wider policing family, as well as international partners.
• Law enforcers should place a greater focus on disruption tactics – such as identifying and shutting down fraudulent websites – over traditional reporting and investigating.
• Building on existing efforts of a joined-up approach to policing economic cybercrime, addressing those crimes that by volume, value, harm and/or severity of threat, and identification of the organisation and location of perpetrators, appear to pose the biggest risk.

Dr Mike Levi, Professor of Criminology at Cardiff University and lead author of the report, said: “The introduction of sophisticated technology has brought about a step-change in the way economic crime is committed – enabling frauds to be perpetrated at scale, at great speed, and at a distance, with no physical contact necessary between criminal and victim.

“This type of crime challenges conventional policing models which are focused on detection and investigation because it represents a paradigm shift in the way such crimes can be committed. Policing – both in the UK and around the world – therefore faces many challenges in adapting and responding to these evolving patterns of crime.

“This report provides new data and analysis around the scale of this activity and offers a comprehensive view of the challenges facing the policing and law enforcement responses. It appraises the success of different approaches to preventing and addressing crime, and presents practical suggestions with a focus on partnership-working, education and awareness-raising, information-sharing across industry, and intelligence-led policing.

“The risks of being defrauded by criminals using the internet will continue to increase unless more is done to protect ourselves and others. As crime changes, so must approaches to its policing.”

Adrian Leppard, QPM Commissioner of the City of London Police, said: “We should expect all police forces to be putting cybercrime as a priority and exploring ways in which they can use their existing resource coupled with volunteers and local businesses to help in the mission to protect. Cybercrime should not be a priority for police merely because adequate resources aren’t available.

“There needs to be renewed approach to the care and education of victims of cybercrime, to prevent further victimisation. We need to reach those at risk, particularly with the SME community and those individuals relatively new to the internet.”