The National Audit Office’s (“NAO”) much anticipated report into online fraud (otherwise referred to as cybercrime) released today (30/06/2017) reports that there were 3.6 million fraud incidents in 2016, with 1.9 million of those cyber-related. In the same period, the National Fraud Intelligence Bureau (“NFIB”), which records fraud offences and shares information with the Police and Action Fraud, recorded only 623,000 fraud offences. This staggering difference means that whilst cybercrime is spiralling out of control, less than 20% of incidents are reported to the police.
No-one is safe – the Scale of the Threat
In 2016, the NAO reported that an estimated 95% of people in the UK had used the internet, that 60% of people bank online, and across the world, more than 9 billion emails are sent every hour. It is therefore perhaps no surprise that online fraud has increased by 103% from 2011 to 2016.
It is impossible to quantify the costs of online fraud, but the NAO suggest that one estimate is that individuals lost around £10 billion and the private sector lost £144 billion in 2016. With the advent of WannaCry and Ransomware in recent months, there is little doubt that this figure is set to increase dramatically for 2017.
Rapid advances of technologies and the growth of the internet has changed the face of crime and the NAO has called for a different response to this threat. Traditional crimes such as burglary, robbery, and vehicle offences have declined in recent years whilst other, historically unreported ‘hidden crimes’ such as online fraud are significantly on the rise.
However, the NAO report shows that despite the level of economic crime, statistics suggest that police forces remain more focused on traditional crimes, than on online crime. Staggeringly, in 2016, one in six police officers’ main function was neighbourhood policing, while one in 150 police officers’ main function was economic crime.
The NAO records that whilst the Home Office are now beginning to see that online fraud is and should be a priority, it is not yet a priority for all local police forces. Remarkably, although there is an expectation for local police forces to respond to national priorities, only 27 out of 41 Police and Crime Commissioners even referred to online fraud in their police and crime plans as at April 2017.
The impact of online fraud can be devastating for the individual victim or company, with data available suggesting that somewhere between 40% and 70% of people who are victims of scams do not get any money back.
The report comments that the nature of online fraud makes it difficult to pursue and prosecute criminals. It goes on to say that although the government wants the police and judiciary to make greater use of existing laws, the government needs to ensure that current legislation remains applicable in the face of continual technological change and rapidly evolving threats.
Whilst the report identified that the international and ‘hidden’ nature of online fraud makes it difficult to pursue and prosecute criminals because of the need for international cooperation and an ability to take action across borders, perhaps the more important factor that makes it difficult to prosecute these offences is simply that there is a lack of focus on this sort of crimes by police forces across the country. As the report identifies, there is only one in every 150 police officers that specialises in fraud, and so whilst there is a lack of awareness by citizens on how to protect their data, there is also a lack of awareness and know-how in how to properly investigate and prosecute cases on online fraud.
In addition to the lack of focus, resources and investigative know-how, the report highlights that there is a lack of data on how many fraudsters are prosecuted; there are also concerns about the sentences fraudsters receive. The prosecution rate for online fraud is low due to the hidden nature of the crime. The report states that “according to some stakeholders, criminals do not always receive sentences proportionate to the crime, particularly in relation to the non-financial harm victims suffer.” It has been considered by many practitioners, including those at the NCA Cyber Crime Unit that many of these cyber-criminal – who can often be adolescent teenagers – receive little more than a slap on the wrist, yet their heinous offences can destroy people’s lives and business that have taken years and lifetimes to build.
The Report identifies that the City of London Police oversees Action Fraud but one might argue that it does not go far enough to identify the failings and problems facing Action Fraud. The Report does highlight that cases can fall out of the system, and not be investigated or prosecuted and that this “attrition” can occur for many reasons for example police forces being unaware of their responsibilities for reporting to Action Fraud, or report to Action Fraud in an inconsistent way. In addition to this, officers have been found to have been referring victims straight to Action Fraud, when in fact the police should take a report from the victim and feed it into Action Fraud.
There is clearly no one solution to the ever-increasing threat of cybercrime, but the important principle that should undermine all potential solutions is the need for private and public sector cooperation and collaboration.
Businesses and individuals affected by cybercrime may not wish to place the fate of the criminal investigation in the hands of the police and in the future they may decide to pursue cyber-criminals by bringing their own private prosecution. A private prosecution can be brought by any individual or any company and the right is expressly reserved in section 6(1) Prosecution of Offences Act 1985. Other than the fact the prosecution is brought by a private individual or company, for all other purposes they proceed in exactly the same way as if the prosecution had been brought by the Crown.
If the authorities are willing to engage and share information with the private prosecutor, there is no reasons why private prosecutions may not become an additional tool to combatting the drastic growth in cyber-related crime.