Cyber Crime and COVID-19: Is the Government Fit for the Fight?

Foreign Secretary Dominic Raab used the Government's briefing session on Tuesday 5 May to make it clear that the UK is dealing with the problem, stating: “There will always be some who seek to exploit a crisis for their own criminal and hostile ends. We know that cyber criminals and other malicious groups are targeting individuals, businesses and other organisations by deploying COVID-19 related scams and phishing e-mails.’’

Raab went on to announce that the UK’s National Cyber Security Centre [NCSC] and the US Cyber Security and Infrastructure Security Agency were publishing a joint warning about such groups. The warning comes less than a month after the two organisations issued a joint statement highlighting how malicious cyber actors were exploiting the current COVID-19 pandemic for their own objectives.

For its part, the NCSC said it had detected more UK Government-branded scams relating to COVID-19 than any other subject. Cyber criminals, it stated, were targeting individuals, small and medium-sized businesses and large organisations alike with a variety of COVID-19 related scams and phishing e-mails.

The UK, it appears, is well aware of the threat being posed to companies and individuals by such crime. It was a point the Foreign Secretary was keen to emphasise in the briefing session when he made great efforts to convey his belief that the UK is doing what it can to counter those who conduct cyber attacks. Close co-operation with what he called the UK’s “international partners’’ will, he argued, not only provide a response to the threats, but will also deter the gangs and the arms of states that he believes lie behind such threats.

Walking the talk

Strong words, then, but they only carry weight if backed up by actions and, what's more, those actions prove to be effective. This may be where things become less straightforward for a Government looking to tackle such crime.

To be fair, there has been action – or at least talk of the need for urgent action. The Interim CPS Charging Protocol – COVID-19 Crisis Response agreed between the National Police Chiefs' Council and the Crown Prosecution Service states: “All COVID-19 related cases will be dealt with as immediate cases for the purpose of obtaining a charging decision, whether those involved are in custody or subsequently on bail.’’  This can only be seen as an indication of the seriousness with which the prosecution authorities are viewing pandemic-related attacks at this vulnerable time.

It remains to be seen just how effective such a stance is in the real world. Such comments are no doubt well-intentioned, but a look at just how successful the UK authorities have been when it comes to tackling cyber crime hardly provides reassurance.

Last month, the NCSC created the Suspicious E-Mail Reporting Service after seeing an increase in Coronavirus-related e-mail scams. In its first week, the service received more than 25,000 reports resulting in 395 phishing sites being taken down. Action Fraud also reported last month that 18.5% of all fraudulent e-mails were directly linked to the COVID-19 crisis. Yet while there can be little criticism of the reporting of cyber crime, the reporting of it is, arguably, the simple part.

Prosecuting crime

The real challenge comes in the prosecution of such crime. According to the latest figures, cyber crime in the UK accounted for only 2% of all offences recorded in England and Wales for the first quarter. What's even more concerning is that the percentage of offences prosecuted is even lower. While we have not yet had the 2019 figures, of the 17,900 incidents of computer hacking reported in the UK in 2018 there were only 65 prosecutions (representing way below 1% of offences).

The low proportion of prosecutions reflects the scale of the problem faced by the authorities in tackling cyber crime. Put simply, the perpetrators are difficult to identify and pursue.

The Government’s comments may be well intentioned, and no doubt efforts will be made to try to prosecute such criminality, but whether in the weeks and months to follow it succeeds in its bold endeavours remains to be seen. In these extraordinary times, the goal for most of us is surely to firstly 'Stay Safe' and secondly to 'Stay Cyber Safe', particularly so as the Internet is currently providing so many of us with our access to the world and/or the avenue through which our businesses can hope to survive.

The goal for the Government, however, is to meet the challenge it has set itself. If it cannot improve on its current record on combating cyber crime then its myriad statements about taking action in this time of crisis will seem worryingly hollow.

Syedur Rahman is Legal Director at Rahman Ravelli. Josie Welland is Associate Solicitor at Rahman Ravelli 

References

*https://www.gov.uk/government/speeches/foreign-secretarys-statement-on-coronavirus-covid-19-5-may-2020

*https://www.ons.gov.uk/file?uri=%2fpeoplepopulationandcommunity%2fcrimeandjustice%2fdatasets%2fcrimeinenglandandwalesotherrelatedtables%2fyearendingdecember2019/otherrelatedtablesyedec19.xlsx

*https://www.ncsc.gov.uk/news/apt-groups-target-healthcare-essential-services-advisory

*https://www.bbc.co.uk/news/technology-52361618?intlink_from_url=https://www.bbc.co.uk/news/topics/c1xp19421ezt/cyber-crime&link_location=live-reporting-story