The UK has an online fraud problem – and, thanks to the pandemic and the cost-of-living crisis, it’s getting worse. Fraud accounts for almost 40 per cent of all crime, costing £137bn a year – and more than 60 per cent of that is cyber-enabled, up from 53 per cent two years ago.
Yet, in the UK, limited police resource is dedicated to confronting the problem. This has left the crime to thrive in a sort of digital Wild West: according to analysis by the Social Market Foundation, police officers who are primarily focused on economic crimes, such as fraud, account for just 0.8 per cent of the total police workforce in the UK. That gives each officer the task of solving 2,500 economic crimes each year.
Now Helena Wood, the head of the UK economic crime programme at the Royal United Services Institute, has drawn up a new plan for policing financial and cybercrime. “Most economic crime, in some way, is cyber-enabled,” she says. “The pace of digitisation of everything we do offers criminals more opportunity, and our response to it hasn’t quite caught up.”
Wood’s new report, Towards a New Model for Economic Crime Policing: Target 2030, which was written in collaboration with former senior police officers, aims to speed up that response. It calls for a series of “proactive, regional investigation units” that mirror the current strategy around what Wood calls “drugs and thugs” – funded by a “ring-fenced” budget of £250m. There’s no estimate for how much is currently spent to prevent cyber-enabled fraud; earlier this year, Rishi Sunak, in his previous role as chancellor, pledged £25m to the new Public Sector Fraud Authority, which would tackle economic crime particularly to recover money stolen from Covid support schemes. “The estimate is that 1 per cent of policing assets are allocated towards fraud and wider economic crime,” points out Wood – but “£250m doesn’t seem unreasonable [to tackle] 40 per cent of all crime”.
The ring-fencing part is important. “The reason we’re asking for it to be ring-fenced is because at the moment you’re relying on local forces using their own regional budgets, and that just gets dissipated as soon as something more visible comes up,” says Wood. “Those officers get diverted into a murder investigation or the county lines, or whatever the Home Secretary thinks is important.”
The report has come at a time of crisis in the sector: the pandemic not only caused cyber-enabled fraud levels to spike, but the average victim changed. Suddenly, everyone was a target. “We were sitting in front of computers and our only form of social interaction was online,” says Wood. “The victim profile has massively shifted from elderly people towards younger people who are supposedly tech savvy.”
[See also: Data is the crux of your organisation’s security]
“People are getting sucked in who wouldn’t expect it. None of us are immune… we’re all vulnerable in a way we assumed maybe 10 years ago we weren’t.” And the cost-of-living crisis will, she predicts, accelerate this further. “Everyone is looking for a good deal,” she says. “If it sounds too good to be true, then it is.”
It was partly this acceleration that drove Wood to write the report. The government’s strategy has, historically, been to put the onus on businesses to create systems that are impervious to criminals. “I was so sick of hearing the government go talk about ‘designing out fraud’,” she says. “Yes, [the private sector] could do more, particularly the tech companies and the social media companies who really have a role to play and are not being held to account. But [the government] was talking about, you know, ‘we just need to design out fraud’. You can’t design out fraud – because fraud adapts.”
The government should also focus on one of the biggest sources of cybercrime: social media. Banks, she argues, have improved their responses to online fraud, designing increased security features and compensating many victims – but social media companies, whose platforms are often the places where these crimes originate, have done little to address it.
“Banks are being asked to pay out hundreds of millions a year in compensation for frauds that happen through no fault of their own. There is an argument that if the banks are having to pay out then why should the social media companies not?” asks Wood. She cites a Singaporean initiative that may force banks and originators – social media companies, for example, or telephone companies – to share the financial burden of compensating victims.
“I don’t buy that [tech giants] can’t do something about this. It’s disruptive to their business model, but… they managed to tackle extremism. As with banks, once you start hitting them in the pocket, they’re going to start doing something about it.”
Still, there’s one cause for optimism. The shifting profile of victims of cyber-enabled crime – from “Mrs Miggins” to “people who write to their MPs”, will, Wood hopes, finally cause the government to listen. “If you had someone trying to break into your house every single day, you would expect the police to up their response,” she says. “At the moment we’re sitting in front of computers and phones where someone’s trying to break into our lives virtually – and we’re not demanding that same response.”