Cyber fraud a national security issue, says Rusi report

Fraud conducted online against UK citizens, businesses and organisations has reached such heights that it now constitutes a threat to the country’s national security, requiring a calculated response from the intelligence services, according to a report published by the Royal United Services Institute (Rusi).

The report, titled The silent threat: The impact of fraud on UK national security, argues that despite increased attention to fraud – particularly since the advent of the pandemic – the prevailing political narrative doesn’t properly convey the full £190bn impact of fraud on the UK, and the country’s response to it is badly under-resourced, meaning both individuals and organisations are being let down.

“Given the wider social and economic damage caused, the case for placing fraud in the national security context should no longer be overlooked. On this basis, this paper makes the case for a new national security approach to tackling fraud, based on a whole-of-system response, including a greater role for the government intelligence architecture, a better resourced and coordinated policing response and increased coordination with the private sector,” wrote the report’s authors.

The paper argues that if the UK’s response to fraud is to be successfully reframed, its interplay with established national security concerns such as organised crime and terrorism needs to be better understood. The report points out that fraud ought to be considered as a vector of serious and organised crime, and as a means of financing the needs of terrorist groups.

“The very scale and nature of the most prevalent fraud typologies denote the involvement of organised crime groups, given either the sheer volume or the need for specialist skills to perpetrate the fraud.

“Despite this, there are considerable intelligence gaps surrounding fraud as an organised crime. This is particularly the case with regard to the threat emanating from overseas,” said the authors.

“The wider social and economic impacts of fraud make a clear case for reframing the UK’s fraud problem as a national security priority…and for considerably augmenting the resources within the policing and intelligence community specifically assigned to tackling fraud.

“We should no longer be making the case for fraud as a national security concern – we should question the risk of not doing so,” they said.

The Rusi report makes a number of recommendations for policymakers to consider. At its core, it advocates that the National Security Council commissions a whole-of-system public-private fraud strategy, including a local networked criminal justice response, pathways for cross-government collaboration, and a clearer role for the financial, e-commerce and telco sectors.

Looking specifically to cyber-enabled fraud, Rusi argues that despite accounting for 85% of reported fraud in 2019/20, the growth of fraud as a cyber threat may not have been entirely clear when the first National Cyber Security Strategy was launched in 2016.

It believes there is a drive for policymakers to embrace the overlaps between cyber, fraud and financial crime, this has yet to translate into an appropriate operational response, in particular from policing, which is still culturally inclined towards physical modes of investigation, not virtual ones.

Moreover, the “low value, high volume” nature of cyber fraud means it can struggle for operational priority under the Management of Risk in Law Enforcement (MoRILE) scoring system, which police forces use to prioritise what they investigate.

The report calls for the incoming National Cyber Security Strategy (2021-26) to establish a “more explicit mandate” for GCHQ (ultimately the parent body of the National Cyber Security Centre or NCSC) to protect the public from cyber fraud, and lay out a long-term resourcing plan for the NCSC’s successful Suspicious Email Reporting Services (Sers).

It also calls on the National Police Chief’s Council to commission a review to establish better relationships between the specialist fraud and cyber security capabilities within policing.