08th July 2016
The National Crime Agency has released its latest cyber crime assessment, identifying a partnership between law enforcement and private sector businesses as critical in the fight against cyber criminals.
More needs to be done by private sector businesses if the UK is to adequately tackle increasing levels of cyber crime, according to a new report from the National Crime Agency (NCA).
The financial cost of cyber crime to the UK economy is estimated at billions of pounds every year and growing. On top of this, long-term impacts could include substantial loss of revenue and margin, loss of valuable data and other company assets, litigation costs, potential regulatory fines, reputational damage, executive-level dismissals and loss of shareholder value.
The report, released on 7th July 2016, states: “Cyber crime activity is growing fast and evolving at pace, becoming both more aggressive and technically proficient. As such it is a major and growing threat to UK businesses.”
The dangers of unreported cyber crime
In 2015, the Office of National Statistics (ONS) trialled the inclusion of cyber crime in the annual Crime Survey for England and Wales for the first time.
The ONS estimates that there were 2.46 million cyber incidents and 2.11 million victims of cyber crime in the UK during 2015. According to the official figures, only 16,349 cyber-dependent and approximately 700,000 cyber-enabled incidents were reported to Action Fraud in 2015.
These figures illuminate the shocking disparity between reported and unreported cyber crime and the shortfall in clear reporting methods, a serious problem identified by the report.
The major factors in corporate under-reporting could be due to lack of awareness of data breaches, the belief among senior management that a quiet settlement fix for customer losses is best, a reluctance by IT teams to inform seniors for fear of criticism or legal advice against reporting.
Under-reporting is a substantial problem. It often means serious breaches are under-investigated which leads to hindered crime fighting and inadequate corporate risk management. Efforts to improve cyber resilience are also undermined and criminal activity can continue without major disruption or quickly resume.
The growing threat of cyber attack to UK business
Cyber criminals targeting the UK range from international serious organised crime groups down to smaller-scale domestic criminals and hacktivists.
The international criminal organisations present the greatest cause for concern. They possess sophisticated skills and are increasingly professional, the report states.
Some of the groups are, “so well established and business-like that they have well-defined organisation structures, access to specialist skills and functions like call centres and translators.”
These groups are believed responsible for most of the sophisticated Trojan malware that has proven to be a substantial source of financial crime in the UK. But there is a significant and rising number of UK-based cyber criminals as well.
Businesses, law enforcement and Government must work together
The report concludes that cyber crime is “a threat of such magnitude, complexity and fluidity that neither businesses, nor law enforcement, will be able alone to meet the challenges now presented.”
The UK Government has pledged to invest £1.9 billion over the next five years in the UK’s cyber defences. This is almost double the amount it spent over the previous five years.
This investment reflects the importance that has been placed on cyber security, following the inclusion of cyber defences and funding the fight against cyber crime as a Tier 1 priority, in the 2015 Strategic Defence and Security Review.
Businesses need to see cyber crime and cyber security as an ever present challenge. This should now be regarded and treated as a strategic priority requiring continuous investment and monitoring at management and, crucially, board level.