HMIC report highlights concern over cybercrime plans

  • Published
Person typing on a computer keyboardImage source, Reuters

Three out of 43 police forces in England and Wales have a comprehensive plan to deal with a large-scale cyber-attack, a report has found.

Her Majesty's Inspectorate of Constabulary (HMIC) warned only Derbyshire, Lincolnshire and West Midlands had sufficient plans in place.

It also found only 2% of police staff across 37 forces had been trained on investigating cybercrime.

The report examined how prepared police are for a series of national threats.

Last year, the government identified five threats as priorities for police to prepare for. These are:

  • Terrorism
  • Civil emergencies
  • Organised crime
  • Public order threats
  • Large-scale cyber-attacks

As part of its Strategic Policing Requirement (SPR), the Home Office called for a nationally-required policing response to counter each of the threats.

The report is the first in a series of inspections looking at how individual forces have responded to the guidelines.

However, it found the response to national threats by individual forces has "not changed appreciably".

HMIC inspectors said they were "struck by how incomplete the police service's understanding of the national threats was" and that more needs to be done "collectively by all forces".

'Growing threat'

The report called for "much greater attention" from police leaders.

"The capacity and capability of the police to respond to national threats is stronger in some areas than others - with the police response to the cyber-threat being the least well developed," HMIC's Stephen Otter said.

Police plans to deal with counter-terrorism, public order, civil emergencies and organised crime were in "stark contrast" with the capabilities for cyber-related threats.

Inspectors found the ability to deal with cyber-threats remains "largely absent" in some forces and that some senior officers across England and Wales are still "unsure of what constituted a large-scale cyber-incident".

They found forces were "silent" when it came to preventing cybercrime and protecting people from the harm it causes, despite the fact it is "fast becoming a dominant method in the perpetration of crime.

"The police must be able to operate very soon just as well in cyberspace as they do on the street," the report said.

According to the government's definition, a large-scale cyber-incident could be "a criminal attack on a financial institution to gather data or money" or an "aggregated threat where many people or businesses across the UK are targeted".

It also includes "the response to a failure of technology on which communities depend and which may also be considered a civil emergency".

The HMIC report covered police forces in England and Wales.

In Scotland, police have tried to tackle cybercrime by forming a "cyber-resilience group" with industry experts and academics, which aims to spread awareness of cybercrime and help businesses protect themselves.

Last year it was estimated cybercrime costs Scottish businesses £5bn a year.

The Police Service of Northern Ireland has focused on protecting young people from the dangers of cybercrime aimed at individuals.

Chief Constable Justine Curran, the national policing lead for public order at the Association of Chief Police Officers, said police had "continued to improve" and to "develop our understanding of the threats we face".

However, she said there was "more to do to develop a clear, consistent approach," particularly when it comes to cybercrime, which she said remained "a growing threat".

"This report will assist chiefs and the College of Policing in this ongoing work and provide useful ideas for enhancement where this can be achieved within the current financial austerity across policing," she said.