20th June 2020: Rear view of two male Police Scotland officers on duty in Edinburgh, during a Black Lives Matter demonstration in St Andrew Square, during the Coronavirus pandemic. One officer is wearing protective rubber gloves. Both officers are wearing high visibility jackets with their police uniforms, with the police logo on the back. They are standing looking down the street, keeping surveillance of the crowds. They have handheld radios attached to their jackets to communicate with colleagues.

When a UK insurance company fell victim to ransomware in 2015, it was faced with a choice: pay the ransom or fail to make payroll. Jake Moore, who at the time worked for the Dorset Police Cyber Crime Unit, advised them not to pay: there was no guarantee the attackers wouldn’t demand more – or simply take the money and run.

The company paid up and got lucky – the criminals kept to their word. But it was one of many occasions when Moore felt frustrated with his ability to make a difference in the fight against cybercrime. He has since left the police to join cybersecurity vendor ESET as a global adviser.

Many of Moore’s former colleagues may feel the same, as a only tiny proportion of reported cases of cybercrime leads to a conviction. This is due, in part, to a chronic lack of resources, but it is exacerbated by a reluctance among police forces to collaborate. Happily, this is beginning to change.

A statistics-focused management approach leads UK polices forces to compete, not cooperate, says one ex-officer. (Image by K Neville / iStock)

UK police outpaced by cybercrime

UK police have won some notable battles in the fight against cybercrime. In the early months of this year, hacking gang Lapsus$ embarrassed high-profile tech companies including Microsoft and Okta with a string of successful cyberattacks. But its reign of terror seemed to end abruptly after the City of London Police arrested six teenagers, later charging two with computer-related crimes.

But data from the National Fraud Intelligence Bureau (NFIB) suggests that UK police are losing the war. In the past 13 months, 405,334 incidents of cybercrime and fraud were reported to the police. Of these, 32,600 were ‘cyber-dependent crimes’, meaning purely ICT-related offences such as hacking or denial of service attacks. However, just 2% of incidents resulted in a judicial outcome.

A lack of resources is, arguably, the chief hindrance to the fight against cybercrime. According to the Social Market Foundation, there are 2,500 instances of fraud (including cybercrime) for every policy officer dedicated to tackling it. Both the City of London Police, which coordinates the UK’s anti-fraud efforts, and local forces lack the resources to tackle this workload, the think tank argues.

Police forces are also hampered by inconsistent investment in cybersecurity skills, explains Carl Wearn, a former detective sergeant with the Metropolitan Police and now head of e-crime at security provider Mimecast. “We need officers across the board, even relief response officers, to be aware of how to deal with certain aspects of this to help victims of crime,” he explains.

While officers may be given emergency training as and when funding becomes available, Wearn says there is no longer-term plan for cybersecurity skills development.

Furthermore, police forces struggle to retain what cybersecurity skills they do have. The average salary for cybersecurity jobs in the UK is £62,500, according to recruitment website cwjobs.co.uk, comparable to a chief inspector’s pay packet. “Retaining those skills is a big issue,” Wearn says.  

Collaborating to fight cybercrime

When it comes to international and cross-sector collaboration, the UK is held up as a world leader, says Wearn. The Joint Fraud Taskforce, whose remit includes cybercrime, brings together government, law enforcement and the private sector.

But individual forces can be reluctant to work together, both Wearn and Moore report. In England and Wales, a police force takes charge of an investigation when a crime is committed within its boundaries. But cybercrimes invariably cross regional and international borders, meaning cooperation is essential.

This clashes with a statistics-driven management culture in the UK police, Moore argues, which encourages forces to compete, not collaborate. “It’s [about] how well are you faring against your counterparts.”

This means valuable technical expertise is siloed in individual police forces, Moore adds. “You might have someone who's in a different force who's an iOS guru and then you've got an Android guru down the road,” he told Tech Monitor. “[We need to] get these people together.”

But there is hope for the future, Moore believes. The digital forensics units in the South West of England have agreed to work together, he explains. Five police forces have monthly meet-ups, discussing their challenges and finding solutions.

This, says Moore, is how the 43 police forces in England and Wales should all be working. “We need to trust each other, work together and move forward.”

More on the future of cybercrime:

How AI will extend the scale and sophistication of cybercrime

Can DAOs survive an onslaught of cybercrime?

The zero day vulnerability trade remains lucrative but risky

The state of cybercrime in 2022: What it costs and where it comes from

Ransomware groups are getting smaller and smarter