'Cyber crime has become a national security threat' says Fraud Advisory Panel

Expert body critical of government and law enforcement response to crimes of deception

In a review of the UK's efforts to prevent fraud over the past decade the Fraud Advisory Panel has warned that the rise in cyber crime and online fraud has wrongfooted the authorities and become a threat to national security.

The independent watchdog says that many of the initiatives introduced following the government's Fraud Review 2006 have been cut back or diluted as a result of cost-cutting, political expediency and a target-driven law enforcement culture. It singles out online fraud, which wasn't even on the radar 10 years ago, as being a particular problem.

"Today the internet has industrialised the way crimes of deception are committed and the radar screen is crowded," says the panel in the review.

"Cyber crime has become a national security threat. Our challenge is to redesign our digital world with security in mind. That's going to take everything we've got because the vulnerabilities are quite literally everywhere."

The rapid rise in online crime has given the problem a generational dimension, with older people unable to comprehend the 'Wild West' nature of the internet, while "eager, excitable young minds can be easily drawn into hacking and cyber crime while their parents watch TV", the watchdog says.

The panel is critical of software and consumer hardware vendors who, eager to be first to market, rely on patching vulnerabilities after the fact, if at all, rather than making security a priority, and warns that the IoT "will turn software hacks into physical threats".

It also says that cyber fraud and other types of cyber crime are severely under-reported, estimating that less than two per cent of corporate cyber crimes are made known because of "reputational and regulatory concerns". Meanwhile, national trading standards research shows that 90 per cent of scam victims never report the crime.

That said, some progress is being made.

In an effort to measure the extent of the problem the Crime Survey of England and Wales (CSEW) will for the first time include fraud and cyber crime questions, a fact welcomed by the panel, which estimates that 5.1 million frauds and 2.5 million cyber offences were committed in 2014-15. Another (mostly) positive outcome of the original 2006 Fraud Review is Action Fraud, a national fraud and cyber crime reporting centre.

There are other efforts to combat the threat too, such as Security Essentials a government-backed, industry-supported scheme to help organisations protect themselves against common cyber attacks, and Cyberstreetwise, a cross-government campaign aimed at improving online safety behaviour and confidence of consumers and small businesses, but these are too few and far between.

Fraud is a complex crime, expensive to prosecute, with lengthy preparation required to bring cases to court and a low rate of conviction. KPI-driven law enforcement agencies are therefore disincentivised to tackle it, a fact that is possibly be made worse by Action Fraud, the existence of which may make some forces feel that tackling fraud is not their business. Arresting a petty thief is a much easier way to hit targets.

While there have been plenty of ministerial announcements about the need to tackle fraud and cyber crime, "there is a growing suspicion that we are once more lurching from one initiative to another, without the continuity of purpose and stability of institutions and budgets to build real capacity and resilience over the long term," the review notes.

The panel calls for a new body with strategic oversight to take the fight to the fraudsters, a sustained public information campaign and an overhaul of the disclosure regime to make prosecuting fraud less expensive and more likely to lead to convictions.