A “worrying” lack of certainty about the definition, understanding and measurement of cyber fraud is hampering efforts to tackle cyber fraud, a United Kingdom think tank has warned.

The Royal United Services Institute (RUSI), in its latest report The UK’s Response to Cyber Fraud: A Strategic Vision said there is a need to standardise terminology and reporting practices to strengthen the fight against cyber fraud.

It said: “There are differences in the way incidents are defined and recorded between financial institutions and law enforcement agencies.”

The report said the UK’s current model “suffers from contrasting levels of prioritisation of cyber fraud across different stakeholders”

It said: “Some financial institutions see cyber fraud as a high priority due to the risk of reputational damage, while others are more likely to think of it as just another cost of doing business.

“Meanwhile, for most law enforcement agencies, it is not always considered a high priority compared to violent or drug-related crimes due to its less visible and less physically harmful nature. The lack of sufficient funds for police to respond to cyber fraud cases effectively is another by-product of its seemingly victimless nature.

“Moreover, when operations are conducted successfully, their impact does not always receive sufficient visibility and recognition. This can make prioritising cyber fraud for law enforcement a thankless pursuit and therefore undesirable”

It also warned that information-sharing between law enforcement agencies and financial institutions “lacks buy-in” due to limitations in the process and a lack of quality data. “An effective system, proposed in this paper, would require sustainability, scalability, reciprocity and multi-functionality. None of the existing partnerships are assessed as fulfilling these four criteria,” it said.

It said prosecution of cyber fraudsters is a barrier due to a reliance of cross-border alignment and costs. Instead, RUSI calls for alternative models to be considered. “Law enforcement efforts should be built around a ‘pursue’ response that uses disruption activities like technical takedowns, while exploring practical avenues for arrests and asset recovery where possible,” it said.

The report makes 11 recommendations overall (see box below) including the introduction of key performance indicators for cyber policing, government published guidance for private sector organisations, wider use of pre-emptive technical takedowns and a strengthening of information-sharing.

The RUSI findings were based on research including a literature review, interviews, workshops and a survey of 180 law enforcement agency and financial services experts.

The findings come a week after the UK government revealed a 21% increase in the number of cyber security firms in the country.


RUSI’s recommendations in full:


  • The National Crime Agency and City of London Police should embark on upscaling ‘pursue’ activities to include a more prominent role for pre-emptive technical takedowns and private sector partnerships. in
  • Prosecutions and arrests must remain a core part of the overall law enforcement approach to raise the risk and reduce the rewards of committing cyber fraud, but only where there is a realistic chance of securing convictions or recovering the proceeds of crime.
  • The National Police Chiefs’ Council should work with the Home Office to implement a set of key performance indicators for cyber fraud policing. This will reflect the value of an effective ‘protect’ function for actual and potential victims, and a ‘prevent’ function focused on deterring potential criminals and reoffenders.
  • As the National Cyber Security Centre has done for cyber security, the National Economic Crime Centre should act as the central agency for ‘protect’ activities and publish clear advice for potential victims.
  • The National Crime Agency, in consultation with the Information Commissioners’ Office, should publish comprehensive guidance for private sector organisations on how they can lawfully assist law enforcement in preventing and investigating cyber fraud through information sharing.
  • The National Economic Crime Centre should take primary responsibility for ensuring that at least one of the relevant information-sharing programmes satisfies four key criteria for effectively sharing information on cyber fraud threat actors: 1. Permanence. Operating on more than an ad-hoc basis. 2. Scalability. Encompassing a significant number of participants, which the Joint Money Laundering Intelligence Taskforce does not do. 3. Two-way cooperation. Allowing both private–public and public–private information sharing. 4. Multi-functionality. Being used for investigation purposes rather than only cyber security, which the Cyber Security Information Sharing Partnership does not allow.
  • The National Crime Agency, UK Finance, Cifas and City of London Police should bring partners together for a pilot initiative focused on more effective integration of cyber, anti-money laundering and fraud data, and disseminate sanitised examples of best practice.
  • Law enforcement agencies should consistently acknowledge the role of companies involved in cooperative takedowns of cybercriminal infrastructure.·
  • Organised by the City of London Police and the National Economic Crime Centre, a large-scale national secondment programme for staff of financial institutions and cyber threat intelligence companies should be rolled out to equip police forces with improved skills in investigating cyber fraud.
  • The Economic Crime Academy should create a new Specialist Cyber Fraud Investigator course, which focuses specifically on the intersection between cyber and fraud investigations.
  • The Home Office should provide increased resourcing for the National Economic Crime Victim Care Unit to ensure that the service can reach a wider range of residents in more force areas.