Increased cyber crime is diverting police resources away from dealing with other issues such as violent crime. That’s the conclusion that think tank Parliament Street arrived at after analysing Freedom of Information (FOI) requests sent to police forces in England. Only 14 forces responded to the request, which paints a damning picture of how cyber crime is dealt with or, more realistically, isn’t dealt with.
The report comes just days after Cisco said it had signed a deal to deliver cyber training to over 120,000 police officers. Parliament Street wants mandatory cyber training for all police officers. It is also calling for more industry support for the police and for more STEM qualified officers to be recruited.
According to Sheila Flavell, Chair of the Institute of Coding and COO of FDM Group: “It’s clear that the tidal wave of cybercrime is draining the resources of police forces as well as businesses. Tackling this problem requires a concerted effort to recruit staff equipped with the latest cyber skills as well as extending education and training opportunities to existing employees.
“As part of this effort, it’s vital that industry works more closely with academic institutions, to develop specialist flexible courses, so that skills within workforces increase dramatically.”
How bad is the problem of cyber crime for police forces?
There is always a significant gap between public perception of crime and official statistics. Given the number of data breaches and cyber attacks covered by the press, it is easy to think that cyber crime is out of control. Those reports have to be put in perspective. They have limited direct impact on individuals. The risk comes in the mid to long term as hackers assemble all that stolen data. This allows them to craft more focused attacks against individuals.
Statistics are equally misleading. They rely on all crimes being reported. That is not the case. Victims of some types of crimes often choose not to report them. Cyber crime is one of these. People do not want to appear stupid or technologically inept. In addition they might not realise that they have been a victim.
It is not just individuals that choose to not report cyber crime. Many organisations also choose to keep it in-house. This is to avoid embarrassment and impacting their business. The increase in public awareness of data breaches is as a result of GDPR which requires breaches to be reported. Even here, the ICO admits that a number of reports do not need to be made as they fall below the reporting threshold.
Parliament Street looked at the data it was given by 14 forces. It compared the financial years 2016/17 and 2017/18. Over that period there were 2,547 cyber crimes reported. They show an increase of 14% between the two years in hacking incidents.
Gathering the evidence to prosecute is a major challenge
Alongside its report, Parliament Street has published the collated data it received from police forces. Where there is an outcome published, three results stand out:
- Evidential difficulties
- Victim unsupportive
- No suspect
These results should not be surprising. Individuals would not necessarily think to retain details of a possible crime. In addition, the constant reuse of passwords means that any data breach increases the risk that a user will see accounts hacked through credential stuffing. It is easy to find email addresses along with a list of passwords associated with that address. Simply cycling through them will often show how many times passwords are reused by individuals.
Organisations are just as bad at retaining evidence after an attack. IT departments are often focused solely on how to restore systems not on preserving the evidence. There is a need for better forensic training as part of computer science and cyber security courses.
Is cyber crime really on the rise?
The report also looks at which areas have the most reports and have seen the largest increase in cyber crime.
The three police forces who have the most recorded cyber crime are:
Cleveland – 356
West Midlands – 329
Nottinghamshire – 246
The two police forces seeing the largest increase in cyber crime are:
West Midlands – 19%
Nottinghamshire – 19%
When it comes to crime recording, the Office of National Statistics (ONS) shows that West Midlands and Nottinghamshire are the highest in their respective regions of the UK. To see cyber crime on the rise in both areas is, therefore, no surprise. Cleveland is an anomaly as it is the lowest crime area in the North East. The rate of cyber crime will concern the local force as it implies there is a specific problem in the region. These figures are for the year ending June 2018.
However, it is worth putting this into a wider context. While the figures produced by Parliament Street show an increase in cyber crime, this is not born out by other statistics. The larger ONS report Crime in England and Wales: year ending June 2018 claims that computer misuse offences are down over the last 12 months. The report shows that the overall crime rate is similar to last year. However, exclude computer misuse crimes and the overall crime rate increases by 6%.
It has produced the table below:
|Offence group||Jul ’16 to Jun ’17||Jul ’17 to Jun ’18||Percentage change|
|Number of incidents (thousands)|
|Unauthorised access to personal information (including hacking)||535||515||-4|
|Unweighted base – number of adults||17,029||30,262|
This data adds to the confusion over what classifies as cyber crime and its impact on society.
Enterprise Times: What does this mean
Parliament Street is right to call out cyber crime. The problem is that its chosen solution, train more police officers, is uncosted and moving more officers across to computer crime would impact other areas. Given that the Crime Survey for England and Wales (CSEW) shows that computer misuse is not climbing, counter to the Parliament Street claim, this would be wholly counterproductive.
Police forces are already financially stretched. The number of police officers is now at its lowest since 1981 and continues to drop (Source: House of Commons Library). There is no spare capacity in any force to reassign officers to cyber crime. It is also unlikely that we will see any additional money to employ extra officers from the Home Office.
We wanted to put some of our questions to Parliament Street but it did not respond to our email.