Government ‘Wasting Cybercrime Funding In Wrong Places’

The UK government has been urged to spend more of its cybercrime budget on law enforcement instead of wasting millions on protections like antivirus software.

Researchers from the University of Cambridge found that real cybercrime, which depends entirely on Internet-based activity, was only costing people “a few tens of pence per year directly”. Yet the indirect costs, which includes funds spent on anti-virus software, can be “a hundred times that”.

The UK spends $1 billion ($639 million) a year on either protecting itself or cleaning up after a breach, the study found. That includes $170 million on antivirus, yet only $15 million is spent on law enforcement.

Go figure

The study came after the University of Cambridge was contacted by the Ministry of Defence and follows numerous studies that have claimed highly contentious cyber crime cost figures. One figure the government often cites comes from a Detica report, which claimed the cost to the UK economy from cybercrime stands at £27 billion annually.

Researchers argued the true cost of cybercrime is very changeable, yet locking up criminals would be far more effective in tackling the problem than spending vast sums of money on protective measures.

Lead author of the university’s report Ross Anderson, professor of security engineering at the University of Cambridge’s Computer Laboratory, told TechWeekEurope the government’s £650 million fund for fighting cyber crime was “badly deployed”. Rather than throwing most of the money at GCHQ, more should be handed to police, Anderson argued.

“The police are already way behind on routine forensics because if you bust a street corner drug dealer nowadays he’s got two laptops and five iPads, iPods – terabytes of stuff. It takes them months to index and provide copies to the defence,” Anderson said. “Even at the very routine level of providing cyber support for everyday mundane police operations, Britain is falling way, way behind.

“This actually ends up costing because you end up having to get lots of private firms and subcontractors in to do stuff in the absence of proper police capability.

Britain ‘not pulling its weight’ on cybercrime

Anderson said Britain was not pulling its weight in the global fight against cyber crooks, and that more money had to go into police actions such as fighting botnets.

“We’re not dealing very well at all with the more modern cybercrimes,” he added. “We need police action to close down botnets.

“The US federal authorities spend about $100 million a year between the FBI, secret service and the NCFTA [National Cyber-Forensics & Training Alliance] and there is another $100m or so spent by state or local police forces and the Federal Trade Commission. There’s another £100m a year spent by each of Google and Microsoft, and then there’s Facebook and Paypal who are also spending a significant amount of money [on fighting cybercrime].

“So the bulk of the enforcement is in the US, just as most global peacekeeping is in the US. The Pentagon’s budget is that of the next ten defence ministries put together. This is not a good thing. Britain should be pulling its weight more.”

As for whether the UK government would take heed of his report’s findings, Anderson thought it was highly unlikely.

When TechWeekEurope spoke to the head of the Met’s Police Central e-crime Unit (PCeU) Charlie McMurdie last week, she would not comment on whether the division needed more money. However, McMurdie said the body was “punching above its weight”.

In May, the Met’s Commander Allan Gibson admitted the police had to do better in fighting cyber crime.

Are you a security pro? Try our quiz!