Government ‘Wasting Cybercrime Funding In Wrong Places’

The UK government has been urged to spend more of its cybercrime budget on law enforcement instead of wasting millions on protections like antivirus software.

Researchers from the University of Cambridge found that real cybercrime, which depends entirely on Internet-based activity, was only costing people “a few tens of pence per year directly”. Yet the indirect costs, which includes funds spent on anti-virus software, can be “a hundred times that”.

The UK spends $1 billion ($639 million) a year on either protecting itself or cleaning up after a breach, the study found. That includes $170 million on antivirus, yet only $15 million is spent on law enforcement.

Go figure

The study came after the University of Cambridge was contacted by the Ministry of Defence and follows numerous studies that have claimed highly contentious cyber crime cost figures. One figure the government often cites comes from a Detica report, which claimed the cost to the UK economy from cybercrime stands at £27 billion annually.

Researchers argued the true cost of cybercrime is very changeable, yet locking up criminals would be far more effective in tackling the problem than spending vast sums of money on protective measures.

Lead author of the university’s report Ross Anderson, professor of security engineering at the University of Cambridge’s Computer Laboratory, told TechWeekEurope the government’s £650 million fund for fighting cyber crime was “badly deployed”. Rather than throwing most of the money at GCHQ, more should be handed to police, Anderson argued.

“The police are already way behind on routine forensics because if you bust a street corner drug dealer nowadays he’s got two laptops and five iPads, iPods – terabytes of stuff. It takes them months to index and provide copies to the defence,” Anderson said. “Even at the very routine level of providing cyber support for everyday mundane police operations, Britain is falling way, way behind.

“This actually ends up costing because you end up having to get lots of private firms and subcontractors in to do stuff in the absence of proper police capability.

Britain ‘not pulling its weight’ on cybercrime

Anderson said Britain was not pulling its weight in the global fight against cyber crooks, and that more money had to go into police actions such as fighting botnets.

“We’re not dealing very well at all with the more modern cybercrimes,” he added. “We need police action to close down botnets.

“The US federal authorities spend about $100 million a year between the FBI, secret service and the NCFTA [National Cyber-Forensics & Training Alliance] and there is another $100m or so spent by state or local police forces and the Federal Trade Commission. There’s another £100m a year spent by each of Google and Microsoft, and then there’s Facebook and Paypal who are also spending a significant amount of money [on fighting cybercrime].

“So the bulk of the enforcement is in the US, just as most global peacekeeping is in the US. The Pentagon’s budget is that of the next ten defence ministries put together. This is not a good thing. Britain should be pulling its weight more.”

As for whether the UK government would take heed of his report’s findings, Anderson thought it was highly unlikely.

When TechWeekEurope spoke to the head of the Met’s Police Central e-crime Unit (PCeU) Charlie McMurdie last week, she would not comment on whether the division needed more money. However, McMurdie said the body was “punching above its weight”.

In May, the Met’s Commander Allan Gibson admitted the police had to do better in fighting cyber crime.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • [MARKED AS SPAM BY ANTISPAM BEE | Spam IP]
    "Even walls have ears" Since the days of King Solomon collecting information through various means have never stopped. Cyberspace on the other hand has given ways and means to get into communications between people, because of the vulnerabilities within the OS and applications.

    We need a change in concept. A new layer such as advocated by long term activist and Harward Prof. Lessig, an identity layer. It should be portable, distributed and user friendly. Third party applications, such as banks and online businesses should be able to use it.

    Makaseh security has one and it is good trying it without having to change anything that is currently being used.

Recent Posts

The State of Quantum Security

No longer a technology on the distant horizon, quantum computing brings with it security challenges…

7 hours ago

US Carmakers Warn Over Upcoming Electric Vehicle Incentives

Climate and tax bill worth $430bn passed by US Congress last week could immediately eliminate…

8 hours ago

Mercedes-Benz And CATL To Build Massive EV Battery Plant In Hungary

Mercedes-Benz and world's biggest EV battery maker CATL to build 7.3bn euro battery plant in…

9 hours ago

ESA In Talks With SpaceX Over Launches To Replace Soyuz

European Space Agency confirms it is in talks with SpaceX over using Falcon 9 as…

9 hours ago

Disney Brings Ads To Streaming Platform As It Surpasses Netflix

Disney to introduce ad-supported version of Disney+ in December along with price hikes, as it…

10 hours ago

Meta Gathers AI Data As Chatbot Calls Zuckerberg ‘Creepy’

Facebook parent Meta gathers data from user interactions with latest chatbot as BlenderBot 3 criticises…

10 hours ago