Most cyber crime cases are closed with no suspect identified, report says
The majority of cyber crimes cases are closed with no further action being taken and no suspect being identified, according to a report.
Inspectors scrutinising the police response to cyber-dependent crimes – offences which cannot be carried out without using a computer or other similar device – said the majority of reports were “finalised with no further action being taken”.
It described the most common outcome for cyber crime cases dealt with by forces and regional crime units as “investigation completed – no suspect identified”.
The report published on Thursday by Her Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (HMICFRS) added: “Between 2015 and 2019 this has consistently accounted for between 51% and 62% of all outcomes.
“One of the least likely outcomes nationally is for offenders to be charged of summonsed.”
Between April and June, some 40% of calls made to Action Fraud were hung up before they were answered, equating to 20,000 calls about cyber crime and fraud being abandoned each month.
In March last year the average wait time for a call to Action Fraud to be answered was 16 minutes, according to figures.
Inspector of constabulary Matt Parr said this was a “huge under reported crime” which is costing the Government £1.1 billion a year.
There were 25,000 reports of cyber-dependent crime in 2017/18 and 656,000 IP addresses were known to have been affected but the problem is thought to be far bigger.
Mr Parr said there were “huge inconsistencies” across the 43 police forces in England and Wales and funding was “erratic”.
Only one force in England and Wales, Dyfed-Powys Police, has so far made cyber-dependent crime an “explicit priority”, the report said.
Mr Parr added: “The basic failing is that there’s no national system.”
The HMICFRS has recommended a “central co-coordinating agency” which decides whether crimes should be investigated by local police forces or a national agency and ensures officers are trained “to the right standards”.
Mr Parr said the crime was not typically a priority for police forces and most officers had “limited understanding” of the complexities of investigating such offences, adding that it was “difficult to tell” if such crimes were being properly probed.
Forces were losing officers with experience to private companies because they “pay better”.
He said: “It’s a fact of life they (the forces) are not going to be able to pay as much as a big multi-national bank.”
But he encouraged them to be “imaginative” in their recruiting, such as promoting roles to people who have already served as police officers.
Mr Parr said: “This is a difficult crime to nail down.
“Very often the perpetrators are much harder to find than in other types of crimes.
“If you are giving these crimes to people who have got relatively low amounts of training and other investigative priorities, it’s easy to understand how no suspect is identified or case closed is the most common outcome.
“What is clear is that there are all sorts of commercial and reputational reasons why victims of cyber dependent crime don’t necessarily report it.”
The report also found:
– Forces were not profiling individual cyber criminals
– Victims were often given “confusing and misleading advice” about whether their case is being investigated, or how it is progressing.
– Concerns that separate investigations which could be launched by the Information Commissioner’s Office (ICO) into data breaches could discourage businesses from working with police. Staff said they were often directed to speak to a company’s lawyer who was “focused on reducing the risk of punishment to the company”, warning that the process was “breeding perverse behaviours”.
HMICFRS told the Home Office, the Cabinet Office, the National Police Chiefs’ Council (NPCC) and National Crime Agency (NCA) to revise the current police structure in its response to cyber-dependent crime by November 2020.
Chief Constable Peter Goodman, who leads on the NPCC’s work on cyber crime, praised the progress police had made over the last few years in reporting cyber crime but said: “While many of the local units are still fairly new, we recognise we have more to do to improve the consistency of investigations and response offered to victims across the country.”
A Government spokesman said: “We welcome this report, which highlights that investment from the Government has created an effective response.
“However, there is more to do and we continue to work with law enforcement to ensure they have the capabilities they need to bring the perpetrators to justice.
“We will continue to invest in law enforcement capabilities at the national, regional and local levels to deal with the increasing volume and sophistication of cyber-crime.