Cyber crime scenes “not being preserved”

The "scenes of cyber crimes" are being disrupted by organisations and IT professionals that do not know how to respond to a cyber attack, undermining criminal investigations before they have even started.

That is one of the warnings of Simon Placks, director of IT forensics and fraud investigations at consultant Ernst & Young on the day that it presented its Global Information Security Survey.

The problem, he says, is a lack of cyber security skills and, in particular, specialists.

"There's no job market for cyber investigators and supply isn't following demand," he said. "That's a big risk because people don't know how to preserve a 'crime scene'. Cyber crimes are not being treated as crimes. A cyber crime scene is not being treated as a cyber crime scene.

"Most of us have the intuition that if we walk into a room and see a body and a gun lying on the ground, we know not to pick up the gun. But the same is not true of the cyber crime scene. That level of intuition hasn't entered the public consciousness to the same degree."

He added: "In the race to fix systems, often a lot of good evidence gets trampled on."

According to Ernst & Young's survey, eight per cent of UK GDP is driven by the "online economy" – higher than for any other G20 country – but there were also an estimated 44 million cyber attacks in the UK in 2011, putting the cost of cyber crime at between £18bn and £27bn annually.

Because of a lack of investigative skill and capacity, the criminals are getting away with it, making it a relatively "safe" crime to commit compared with the risk of getting caught.