As UK police forces are revealed to have spent just £1.3m on cybercrime training in the last three years, security industry response is damning.
A freedom of information request enabled Parliament Street to determine that cyber-crime training expenditure by UK police forces is shamefully low. How low might that be? Well the 'Policing and Cybercrime' report revealed that in terms of cyber-crime training budgets the total spend across all forces that responded, including the British Transport Police and Ministry of Defence Police Service, was just £1,320,341 spread across the last three years.
The total number of officers and staff receiving cyber-crime training across all forces was 39,438. However, as with the training budgets themselves, the numbers varied greatly from force to force. Leading the pack in terms of expenditure was North Wales Police which trained 1,043 people on a budget of £375,488 (£360 per person). As far as numbers trained were concerned, then the leading force was Norfolk and Suffolk which educated 12,540 people but on a budget of just £70,100 (£5.59 per person).
Training police officers to understand cyber-crime with a budget of less than £6 per head seems a tad on the cheap side, although preferable to The Port of Dover Police who trained precisely nobody in 2015, 2016 or 2017. North Wales Police definitely shone as far as cyber-crime training was concerned, with a five day course for 147 key staff and one day 'Initial Police Learning and Development Programme' cybercrime input courses for 183 officer recruits and 68 CID officers.
What is both clear, and somewhat shocking, from this report is that there appears to be no central, national police cyber-training strategy. Individual police forces are pretty much left alone to develop training programmes and determine budgets for doing so. Or not, in the case of the Port of Dover.
Of course, we shouldn't forget that the National Cyber Crime Unit (NCCU) leads the UK response to cyber-crime and works with both the Metropolitan Police Cyber Crime Unit (MPCCU) and Regional Organised Crime Units (ROCUs) providing support and resources as deemed necessary. SC Media UK looked to the security industry itself to ask if we should be surprised that these training budgets were so low and that getting training is something of a police postcode lottery?
Kelvin Murray, threat research analyst at Webroot, was unhappy but not shocked about the numbers. "They reflect the wide gap in society between the criminal threat and the preparedness of average end users" Murray says, adding "police forces are the first port of call for citizens that are the victim of any crime, meaning that they need to be versed in the technical, criminal and legal aspects of these crimes to either investigate them or log them with the experts who can."
Ross Brewer, VP & MD EMEA with LogRhythm, expressed concern that the Parliament Street report reveals that less than 20 per cent of the UK police force has received cyber-crime training. "As this threat rises" Brewer warns "police forces will increasingly find themselves up against hackers, as well as traditional burglars and criminals, therefore it's essential they have adequate training in place to combat these complex investigations."
Kirill Kasavchenko, principal security technologist at Netscout Arbor, told SC Media UK that while "raw costs might not necessarily expose the readiness of the police ability to combat cyber-crime, a training spend of £1.3 million across three years sounds very minimal." Kasavchenko concluded that "it is essential that the police are ring-fencing adequate budget every year to ensure every officer is prepared for the new face of crime..."
We left the last word to John Wright, senior industry director with Unisys, who thinks that to achieve this "individual forces should sign up to the approach that is currently being developed by the National Police Chiefs Council, a national strategy in which all expertise and best practices across multiple forces are better aligned, thus increasing the capabilities to respond to these threats." After all, an increased understanding of the problem will allow forces to better triage these crimes and effectively identify those with a greater likelihood of successful investigation...