Businesses that are defrauded by cyber criminals must act fast to give themselves the best chance to recover the money stolen from them, an expert has said.
Civil fraud and asset recovery specialist Jennifer Craven of Pinsent Masons, the law firm behind Out-Law.com, said the increased sophistication of fraudsters to initiate and execute cyber crime is affecting businesses all over the world.
Craven was commenting after new figures were published by Action Fraud which revealed that nearly £35 million was stolen in cyber crimes reported to UK police forces between April and September 2018. In total, 13,357 cyber crimes were reported to the forces during the period, with 16% of those cases reported by businesses. Of the total number of crimes reported, nearly two-thirds were concerned with the hacking of social media, email accounts or servers. Nearly 10% of cases involved extortion.
The threat of fraud from cyber criminals is a real one for businesses, said Craven.
"Fraudsters may target individuals directly, or hack a company’s payment software or email addresses," Craven said. "Once this has been achieved they can utilise this deception to direct payments to be made to, on the face of it, what appears to be suppliers of the company. Deemed authentication may be provided and monies then transferred to various accounts all over the world."
"Cyber crime moves exceptionally quickly and so must the victim of the fraud: in the first instance liaising with the sending and receiving banks before monies have been dissipated is sensible. Where monies have already been dissipated, businesses must look elsewhere to obtain recovery or redress. Businesses might consider making use of legal weapons such as worldwide freezing orders and disclosure orders, to identify a fraudster and stifle and mitigate the efficacy of the fraudster’s enterprise. They may also wish to review the terms of third party relationships, where the third party’s software has been compromised, to identify if claims lie in contract or negligence. Obtaining expert assistance at the earliest opportunity, however, is of paramount importance," she said.
The UK government announced on Monday that it will invest more than £100 million into efforts to make digital devices, online services and smart systems more secure.
Under the plans, £70m will go to research aimed at building cybersecurity technologies into the design of future hardware and electronic chips.
It is hoped this research will help to "eradicate a significant proportion of the current cyber risks for businesses and services in future connected smart products", the government said.
A further £30.6m will target better security in 'internet of things' systems, it said.
Business secretary Greg Clark said: "With businesses having to invest more and more in tackling ever more complex cyber attacks, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut the growing cybersecurity costs to businesses."
Separately, the government announced that more than £2 million in total will be allocated from its Cyber Skills Immediate Impact Fund (CSIIF) to four schemes in England aimed at attracting "more women, BAME, and neurodiverse candidates into a career in cybersecurity".
"[The funding] will help organisations develop and sustain projects that identify, train and place untapped talent from a range of backgrounds into cybersecurity roles quickly," the government said.
Contact an adviser
