Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Businesses don't trust police over e-crime, survey finds

Electronic crime is becoming more common and more sophisticated, partly because the UK police response is inadequate, large firms have said. Most do not report e-crime because they do not have faith in investigating authorities, a survey has found.04 Nov 2008

The Corporate IT Forum, which carried out the survey, is an online discussion area for 150 large corporate IT users. It asked its members about e-crime.

"The research finds that for large companies, high-tech crime is growing in severity, complexity and proportion and that there is a clear perception among many security chiefs that such crime is now being increasingly perpetrated by ‘professionalised’ criminal gangs," said the report.

"It also suggests that security chiefs attribute the rise in such crime – in a large part – to the lack of any coherent, international, joined-up legislation and the absence of any suitable deterrents or penalties," it said.

The Government disbanded the National Hi-tech Crime Unit (NHTCU) in 2006, folding it into the Serious and Organised Crime Agency (SOCA), but faced criticism from companies who had to report to local police forces any e-crime that was not part of organized crime or on a scale large enough to be dealt with by SOCA.

Only 4% of the survey's respondents said that they always report e-crime. Almost all of the companies said that they did not report e-crime because there was no competent authority to deal with it. Almost 57% said that they did not feel that e-crime would be investigated properly, while 30% said that there was nobody to report e-crime to.

Security chiefs at the 54 large companies which responded to the survey said that this lack of authority or action is having a direct effect on the amount of criminal activity taking place.

"Most importantly, security professionals see that the lack of any real deterrent or any effective penalties is central in giving cyber criminals more of an incentive to commit crimes," said the Forum's report on the survey. "Indeed, many believe that the growth in organised and malicious ecrime can be largely attributed to the relative ‘risk free’ nature of the activity."

"Users pointed to the lack of any joined-up, coherent international legislation around electronic crime, the lack of any joined-up law enforcement activity and the weak penalties handed out," it said.

The re-establishment of an NHTCU-like organization was the top priority of 40% or respondents. The imposition of consistent and appropriate penalties was the top priority of 48% of respondents.

The Government did announce last month that it would create a Police Central E-crime Unit (PCeU) as part of London's Metropolitan Police Force, but with a national training and coordinating remit.

The Forum expressed doubt about the effectiveness of the new unit, though. "The organisation’s remit is not yet clear and the Forum is concerned that the proposed £7 million of funding over three years will not be enough," it said. The NHTCU was established with £25 million of funding.

Individual respondents to the survey expressed their frustration at the lack of a central focus for e-crime in the aftermath of the demise of the NHTCU.

"Most local forces do not have the resources to deal with ecrime and the loss of the NHTCU was significant as it was a focus," said one.

“All potential serious crime is reported (e.g. child pornography), but many instances go unreported as we do not believe the police has the resource to follow up," said another.

"Where do you report ecrime? There’s often no point, the police have no interest in solving it and no expertise to even understand the issue," said a further respondent.

One respondent had formulated criteria for reporting incidents to police. “We only report where there is a clear targeted malicious intent and where there is a clear law enforcement jurisdiction and capability," the respondent said.