A report from the Royal United Services Institute (RUSI) think tank has called for a bolder and more coordinated response to cyber-enabled fraud, spearheaded by a dedicated national strategy to reinforce roles and responsibilities.
RUSI said that the Covid-19 pandemic in particular had exposed the UK’s susceptibility and vulnerability to cyber fraud, the scale of which is becoming harder to manage and suppress, costing the country billions every year and undermining trust in digital infrastructure and services.
The think tank is calling for a clearer strategic direction from government to tackle the problem and is now appealing to the Home Office to develop a dedicated strategy in collaboration with law enforcement and the private sector.
“Government authorities, law enforcement agencies, financial institutions, private sector industry associations, and cyber security and technology companies all hold information relevant to the detection and investigation of cyber fraud, but have no effective way of pooling it together,” said the report’s authors, Sneha Dawda, Ardi Janjeva and Anton Moiseienko.
In particular, the report said, efforts to fight fraud are hampered by inefficient information sharing between law enforcement and the security sector. It said the lengthy lifecycle of fraud – from data breach, through to sale or exploitation, and concluding with the laundering of proceeds – presenting multiple pinch points where better collaboration could detect and prevent crime.
Notably, found RUSI, the problems inherent in the fraud lifecycle were made more apparent during the pandemic, with a majority of respondents to a RUSI survey of people working in law enforcement and financial services feeling that increased remote working was not matched by efforts from businesses to improve cyber security and anti-fraud protection.
While the full extent of the impact of Covid-19 will not be clear for some time, Dawda, Janjeva and Moiseienko found plentiful evidence of organised crime groups capitalising on vulnerabilities in both private and public sector responses to the coronavirus.
The problems around information sharing are further compounded by differing levels of prioritisation between public and private sector stakeholders. The report details four criteria that future information sharing partnerships should have – these are permanence, scalability, reciprocity and multi-functionality – and notes that no existing arrangements meet all four of these conditions.
Indeed, 52% of respondents to the survey believed current information sharing mechanisms were either poor or very poor, and only 12% of respondents believed a main priority of financial institutions was to share information with peers or law enforcement agencies.
The report makes several recommendations. These include:
- That the National Crime Agency (NCA) and City of London Police enhance their “pursue” activities to give a more prominent role to pre-emptive technical takedowns of fraudsters.
- That prosecutions and arrests remain core to police approaches to raise the risk of committing fraud, but only when there is a realistic prospect of convictions, or recovering stolen funds.
- That the National Police Chiefs’ Council work with the Home Office to introduce key performance indicators (KPIs) for fraud policing, consolidating the value of effective protection for victims and potential victims, and prevention efforts to deter potential fraudsters.
- That the NCA, alongside the Information Commissioner’s Office (ICO), develop comprehensive guidance for the private sector on how to assist law enforcement in tackling cyber fraud through information sharing.
- That the National Economic Crime Centre ensure the creation of an information sharing programme that satisfies all four of the above-named criteria.
- And that the NCA, City of London Police, UK Finance and Cifas convene a pilot programme focusing on more effective integration of cyber, anti-money laundering and fraud data, with a view to demonstrating best practice.
Earlier this year, RUSI said that cyber fraud was becoming a national security issue for the UK, and called for the upcoming National Cyber Security Strategy (2021-26) to include more explicit provisions to enable government agencies such as the National Cyber Security Centre (NCSC) to effectively fight back.