12 Jan 2023

Fighting Online Crime – and Why Cyber Criminals are Winning

Whilst we’re all becoming more aware of cybercrime, the lack of prioritisation, in terms of technology and skills, means that cybercriminals are still winning, says Rick Muir.

Rick Muir, Director of The Police Foundation, is telling me some sobering statistics.

“Cybercrime and online fraud now make up 53% of all crime affecting victims in England and Wales. But the average conviction rate for reported cybercrime is about 7% – and with fraud that figure is less than 2%”.

As I’m absorbing these numbers, he continues – telling me that although cybercrime and online fraud make up over half of all crime in this country, less than 3% of the police workforce specialise in it. How can this possibly have happened?

“We have a policing system which was developed in the 19th century to deal with local crimes in local public spaces”, he explains, and this system is now struggling with a form of crime that barely existed 20 years ago.

Looking at issues like these is Muir’s job. The Police Foundation is the UK’s independent policing think tank, conducting research and making recommendations to try and improve policing for the benefit of the public. And it’s the public, he predicts, that will soon begin to ask questions.

“The resource we’re putting into tackling this issue is nothing like in keeping with the scale of the problem. I do think at some stage the public are going to start asking who is actually doing anything to deal with these kind of offences”.

Keeping up with advancing technology

So how have we ended up in a situation where a massive chunk of UK crime is being overlooked? For starters, Muir explains, the Police have been slow to adapt.

“The police are really behind the curve on this – I mean they’re not on the pitch! Their technology is nowhere near as advanced as that of the cybercriminals who are much more entrepreneurial and much more innovative. The police tend to be quite slow at procuring new technology”.

Then there’s a skills gap. While cybercriminals attract the talent they need with the promise of rich rewards, the police does not have that luxury.

“These crimes require a lot of specialist investigatory skills. The police are often competing with the private sector to recruit the same people – and they can’t compete with private sector salaries.”

Even when you do have the right people and skills, Muir explains, cybercrime tends to be incredibly complicated and time-consuming to investigate, let alone convict.

“For a start, a lot of the offenders live overseas – often in countries which the UK doesn’t have a proper policing and judicial relationship with. So even when we know who they are, it’s very difficult to get them back here” he says.

“There’s also a lot of money moving around through different banking systems which is really complicated to track. A lot of the evidence is held on systems in other countries – and this can be really hard to get hold of. It’s much harder to investigate online fraud than it is a local burglary or car theft”.

Interestingly, it’s the banks, Muir predicts, that could kick-start some action in this space.

“At the moment, the banks are essentially taking a loss every year due to fraud and cybercrime. They pass this loss onto customers in the form of increased charges and so on. We are all paying the price for lots of money that’s lost to fraud. We may well get to the point where banks decide they can no longer carry on taking that loss – and then I think we’ll see the public really start demanding action from the police”.

The fact that banks will compensate at present, Muir thinks, can contribute to cyber being seen as a ‘victimless crime’.

“I think there’s been an assumption that all victims of online fraud just get their money back – and sometimes there’s a lot of victim blaming, assuming you were just a bit stupid”. The latter point is important as it leads to many victims not reporting the crime – creating an even bigger problem.

“In reality, the impact on people emotionally and financially is very significant. You have victims of scams taking their own lives, you have people losing their life savings and also businesses large and small losing so much money they have to shut down. We need to take it much more seriously”.

How do we fight cybercrime more efficiently?

To improve things, Muir says, we need a combination of training, education and co-operation.

“It’s really important that police officers are trained in understanding fraud and cybercrime – and also how to help and advise victims. At the moment, specialist teams have a lot of training – but most uniformed cops are not given enough”.

In addition, we the public need to be better informed.

“The police are never going to catch all of the people committing cybercrime – so the important thing is to prevent it from happening in the first place. We need the public to know more about what to look out for, so they don’t become victims in the first place. So public education is really important – alongside officers knowing what advice to give”.

Finally, he says, there needs to be more co-operation between regulatory bodies.

“There are so many different bodies involved in policing and regulating this space. From the Financial Conduct Authority to the Information Commissioner to law enforcement and the private sector. We need all these organisations to be sharing intelligence and information – at the moment, they don’t do this as well as they ought to, which makes tackling the crime a lot more complicated”.

“In this landscape, the police have got to work in partnership with business regulators to tackle the problem. It’s really hard for the public to even know who they should report things to – and this has to change”.

It’s certainly time we saw an improvement in those statistics.