2 July 2014

Briefing Paper: The Threat of Cyber-Crime to the UK


Cyber threats to the UK remain a Tier-One national security risk, and the Cyber Security Strategy identifies criminal use of cyberspace as one of the three principal threats to UK cyber-security alongside state and terrorist use.

As the number of internet users and ease of access increases, and more and more of the nation’s public and private assets are stored electronically rather than physically (often outside UK jurisdiction), so too do opportunities grow for individuals to exploit the internet for criminal ends. According to the National Crime Agency, ‘If there is a single cross-cutting issue that has changed the landscape for serious and organised crime and our response against it, it is the growth in scale and speed of internet communication technologies.’

Understanding the scale of cyber-crime, how it is changing over time and the impact of interventions to tackle it are key priorities for policy-makers. However, the scale of such crime in the UK and its cost to the economy have proved challenging to quantify with any degree of confidence. This is largely because of the unclear methodologies or metrics used to measure online criminal activity, as well as the challenges of cross-border activity and confusion and ambiguity over much of the terminology associated with cyber-crime. Under-reporting and inadequate recording of such crimes represent further challenges.

This assessment elucidates some of the characteristics of the threat to the UK, as well as the perpetrators, targets and likely future trajectory of cyber-crime. It does not address its scale or cost. The analysis revolves around five main questions: 

Who is stealing the most money from UK citizens? 

How are they doing it? 

Which UK entities are most affected? 

What are the links between cyber-thieves and states? 

What is the likely trajectory for the cyber-crime threat over the next two years? 
About the Author

Calum Jeffray is a Research Analyst in the National Security and Resilience programme at RUSI.

No comments: