New figures published by Action Fraud, the UK’s national reporting centre for fraud and cyber-crime, revealed nearly £35 million stolen in cyber-crimes was reported to UK police forces between April and September 2018 [a total of 13,357 cyber-crimes, 16 per cent of them reported by businesses].
Of the total number of crimes reported, nearly two-thirds were concerned with the hacking of social media, email accounts or servers, while almost 10 per cent of cases involved extortion. The statistics also show that for 5,225 reports, hacking of social media and email accounts was the primary reason for people reporting cyber-crime to Action Fraud and those victims are believed to have lost a total of £14.8 million.
UK businesses, large and small, are vulnerable to cyber fraud. Fraudsters might target individuals directly, or hack a company’s payment software or email addresses. Once this has been achieved they can utilise this deception to direct payments to be made to, on the face of it, what appear to be suppliers of the company. Deemed authentication may be provided and monies then transferred to various accounts all over the world.
Cyber-crime moves exceptionally quickly and so too must its victims. In the first instance, liaising with the sending and receiving banks before monies have been dissipated is sensible. Where monies have already been dissipated, businesses must look elsewhere to obtain recovery or redress.
Businesses might consider making use of legal weapons such as worldwide freezing orders and disclosure orders, to identify a fraudster and stifle and mitigate the efficacy of the fraudster’s enterprise. They might also wish to review the terms of third party relationships, where the third party’s software has been compromised, to identify if claims lie in contract or negligence. Obtaining expert assistance at the earliest opportunity, however, is of paramount importance.
The UK government recently said it will invest more than £100 million into efforts to make digital devices, online services and smart systems more secure. Under the plans, £70 million will go to research aimed at building cybersecurity technologies into the design of future hardware and electronic chips. It is hoped this research will help to “eradicate a significant proportion of the current cyber risks for businesses and services in future connected smart products”, the government said.
A further £30.6 million is to be used to target better security in ‘internet of things’ systems. Business Secretary Greg Clark said businesses are having to invest more in tackling ever more complex cyber-attacks. Businesses and customers will be better protected by the ‘designing in’ of security measures to hardware fabric, which will also cut growing cyber-security costs to UK businesses.
Separately, the government announced that more than £2 million will be allocated from its Cyber Skills Immediate Impact Fund to four schemes aimed at attracting “more women, BAME, and neurodiverse candidates into a career in cybersecurity”. The funding will help organisations develop and sustain projects that identify, train and place untapped talent from a range of backgrounds into cybersecurity roles quickly, the government said.
Recently there have been calls for the Government to name and shame businesses which fail to take appropriate security measures and to incentivise businesses to improve procedures and systems to deter cyber-crime.
In the criminal world cyber-crime is still relatively new and when perpetrators are brought to book and face the courts, those cases understandably grab the headlines. However, just as important as justice being seen to be done in tackling these new-breed criminals, there are a range of civil recovery methods which can mitigate the damage caused to a business’s balance sheet and reputation.
Civil recovery encompasses a number of powerful tools, including search, seize, disclosure and freeing orders, which support claims in the UK commercial courts and are generally supported in international jurisdictions. However, as with all security breaches and incidents of fraud, the quicker a business seeks legal advice and implements a damage limitation exercise, the higher the chances are of recovering at least some of the losses incurred.
Jennifer Craven is a civil fraud and asset recovery specialist with Pinsent Masons