RUSI calls on Government to layout its vision for tackling cyber fraud in a dedicated strategy

Published
3/1/2021

The Royal United Services Institute for Defence and Security Studies (RUSI) has published a new white paper The UK’s Response to Cyber Fraud: A Strategic Vision, which argues that now is the time to consider new approaches to tackling cyber fraud.

As technology continues to evolve at pace, so does the cybercrime landscape, with fraud now being the form of crime that British citizens are most likely to experience directly. Not only is cybercrime a threat to the nation’s prosperity and economic security, but it also undermines our trust in technology – and yet it hasn’t received the level of coordinated response that it deserves. Indeed, the report determines that, although steps have been taken to strengthen the UK’s cyber defences – such as establishing the NCSC – existing structures to tackle cyber fraud haven’t delivered the expected outcomes.

RUSI’s findings are based on research collected from interviews with subject-matter experts, literature reviews, workshops and a survey of UK law enforcement agency and financial services personnel; and the report sets out 12 clear and targeted policy recommendations – the primary one being the call for a new UK cyber fraud strategy to ensure an agile, coordinated and ‘whole-of-society’ approach to tackling cyber fraud – across Government, law enforcement and the private sector.

The 11 further recommendations are as follows:

1. The National Crime Agency and City of London Police should embark on upscaling ‘pursue’ activities to include a more prominent role for pre-emptive technical takedowns and private sector partnerships.

2. Prosecutions and arrests must remain a core part of the overall law enforcement approach to raise the risk and reduce the rewards of committing cyber fraud, but only where there is a realistic chance of securing convictions or recovering the proceeds of crime.

3. The National Police Chiefs’ Council should work with the Home Office to implement a set of key performance indicators for cyber fraud policing. This will reflect the value of an effective ‘protect’ function for actual and potential victims, and a ‘prevent’ function focused on deterring potential criminals and reoffenders.

4. As the National Cyber Security Centre has done for cyber security, the National Economic Crime Centre should act as the central agency for ‘protect’ activities and publish clear advice for potential victims.

5. The National Crime Agency, in consultation with the Information Commissioners’ Office, should publish comprehensive guidance for private sector organisations on how they can lawfully assist law enforcement in preventing and investigating cyber fraud through information sharing.

6. The National Economic Crime Centre should take primary responsibility for ensuring that at least one of the relevant information-sharing programmes satisfies four key criteria for effectively sharing information on cyber fraud threat actors:

· Permanence. Operating on more than an ad-hoc basis.

· Scalability. Encompassing a significant number of participants, which the Joint Money Laundering Intelligence Taskforce does not do.

· Two-way cooperation. Allowing both private–public and public–private information sharing.

· Multi-functionality. Being used for investigation purposes rather than only cyber security, which the Cyber Security Information Sharing Partnership does not allow.

7. The National Crime Agency, UK Finance, Cifas and City of London Police should bring partners together for a pilot initiative focused on more effective integration of cyber, anti-money laundering and fraud data, and disseminate sanitised examples of best practice.

8. Law enforcement agencies should consistently acknowledge the role of companies involved in cooperative takedowns of cybercriminal infrastructure.

9. Organised by the City of London Police and the National Economic Crime Centre, a large-scale national secondment programme for staff of financial institutions and cyber threat intelligence companies should be rolled out to equip police forces with improved skills in investigating cyber fraud.

10. The Economic Crime Academy should create a new Specialist Cyber Fraud Investigator course, which focuses specifically on the intersection between cyber and fraud investigations.

11. The Home Office should provide increased resourcing for the National Economic Crime Victim Care Unit to ensure that the service can reach a wider range of residents in more force areas.

Although the report recognises that these recommendations may not completely eliminate cyber fraud, they will certainly ensure that the UK is far better equipped to mobilise against it in the future.

You can read RUSI’s full report here.