Impunity for cyber criminals simply isn’t good enough
There’s a temptation to think that cyber-crime is just something that happens to other people. The titillating tale of Ashley Madison users’ names being leaked was all very exciting for a week (though spare a thought for the young journalists whose editors tasked them with rooting through the names hoping to find a Premiership footballer or a politician) but it still felt more like a movie script than an example of an everyday threat to business. When North Korea’s crack cybercrime unit – allegedly – hacked Sony Pictures in retaliation for producing the film The Interview, the most common reaction was a kind of knowing amusement at the hermit kingdom’s easily-piqued leadership.
Nothing could be further from the truth. Accounting firm Grant Thornton estimates that cyber attacks are costing global business some £200 billion. And this is not just a problem for the financial sector – according to an article in this month’s Director magazine, it’s now small- to medium-enterprises that are the most exciting target for hackers. The combination of low-grade protection and highly-valuable data links with larger firms offers a feast for cyber criminals. In short, it’s a serious, almost existential, threat to economic growth.
All of which makes this morning’s revelations that police are following up less than 1 in 100 reported cyber fraud cases very worrying indeed. The upshot appears to be that Action Fraud, an arm of the Home Office set up to receive cyber-crime reports, simply offers victims a crime reference number and then puts the case through a computer algorithm to decide if it’s worth following up. There have been an estimated 3.2 million frauds over the past year, but fewer than 9,000 convictions. Whether the fault lies with the police, with the Home Office or with the banks – who fail to report many small-scale frauds to the police – it’s clearly an unsatisfactory situation.
The reputation of the City of London as a secure financial centre is in jeopardy. Britain’s long-held traditions of a strong and just legal system could be easily undermined if the authorities fail to adequately pursue cyber-crime and fraud. Our exciting tech sector could be holed below the water-line if it becomes open season for hackers.
As has been noted by campaigners, if cyber criminals are able to get away with fraud with borderline impunity, things are going to get worse before they get better.
Now businesses can do more to protect themselves, of course.
But it’s time for a properly co-ordinated response across the police force, government and the banks to tackle this ever growing threat – and international co-operation, too. If we don’t, it could be too late.