2 August 2020

Rethinking the UK Response to Cyber Fraud: Key Policy ChallengesSneha Dawda, Ardi Janjeva and Anton Moiseienko


Cyber-enabled fraud is a crime with high impact on citizens and society as a whole. Future policy must take these individual and societal harms into account and assign clear roles and responsibilities to tackle the threat. This paper provides an overview of the challenges in combating cyber fraud over the next decade and beyond. While the paper outlines numerous challenges, the cyber fraud policy area remains relatively new and attempts at public–private sector co-production of responses and solutions do exist. A RUSI research paper to be published in early 2021 will provide policy recommendations in overcoming barriers and suggesting improvements to the current model.

The current UK model to combat cyber fraud is part of a wider strategy to increase national cyber resilience, as articulated in the UK’s National Cyber Security Strategy. Data suggests that over half of all fraud in England and Wales is cyber enabled, meaning that a threat actor relies on some form of illicit computer network intrusion or disruption to commit the crime. This type of fraud is a primary motivator for cyber attacks on all organisations, so should be high on the agenda for security teams and business leaders. Meanwhile, the UK government faces increasing pressure to develop a more connected approach which considers the different stages of cyber fraud in conjunction with each other. This approach would require an implementation strategy which key stakeholders co-develop and have responsibility to execute. 


From the cyber attack phase through to data exploitation and the cash-out phase, this paper explores the lifecycle of a successful attack to show the variety of challenges law enforcement and financial institutions face in preventing and responding to cyber fraud. This includes addressing the challenge that cyber fraud investigations will rarely lead to a judicial outcome. The next phase of the research will provide actionable recommendations to inform future policy discussions on reforming the UK response to cyber fraud. This will consist of: a research paper informed by a series of interviews with key experts and stakeholders; a questionnaire to be disseminated among a wide cross-section of the financial sector; and a set of workshops aimed at triangulating and validating the emergent research findings.

No comments: