The UK is spending billions of pounds on cybersecurity to combat what the government believes is a multi-billion cost each year, but few individuals and businesses report cybercrime incidents.
The UK’s National Crime Agency (NCA) is worried about the professionalisation of cybercrime and its impact on Britain’s multi-billion pound online economy, but it can’t size up the because most affected businesses and individuals don’t report it, it said in a report published on Thursday.
The Office of National Statistics estimated there were 2.46 million “cyber incidents” in 2015 — ranging from distributed denial of service (DDoS) website flooding attacks to ransomware — and 2.11 million victims cyber-crime. Official reporting channels however recorded just 700,000 “cyber-enabled incidents” that year, according to the NCA.
Meanwhile, the UK’s data protection watchdog, the Information Commissioner’s Office, received just 200 data breach reports in 2015.
The NCA believes the vast majority of cybercriminals aren’t skilled, and that just a few hundred individuals residing outside the UK constitute the most serious threat to the nation. The more sophisticated attackers are adopting industrial processes to scale their operations, it warned.
The groups on the agency’s radar are behind some of the most troublesome banking malware globally, such as Dridex, which has more recently been linked with file-encrypting ransomware such as Cerber and Locky.
The agency also warned that “technically competent” UK-based cybercriminals engage in DDoS attacks and extortion threats in the form of publishing a target’s sensitive data online or by encrypting valuable data.
The NCA report doesn’t expose any major new trends in cybercrime, but appears instead to be an appeal to the public and business leaders to be more vigilant about online attacks, both in awareness and reporting when an incident is noticed.
It also doesn’t mention the breach of ISP Talk Talk in 2015, the UK’s most high profile recent corporate cyberattack, which affected over 100,000 customers, cost the firm tens of millions pounds, and damaged its stock. A select committee in June recommended that CEO pay be cut if the firm they lead has lax security.
The NCA contends that the UK hasn’t experienced an attack on the scale of the breach of US retailer Target, which exposed 40 million credit cards.
The report comes as the UK prepares to publish how it intends to spend £1.9bn previously allocated to a five-year cyber security budget.