London police chief admits cyber-crime failings

News by Doug Drinkwater

Adrian Leppard, the City of London police commissioner, has said that police don't have any resources to deal with increasingly sophisticated cyber-criminals - with banks part of the problem.

Speaking at a TechUK event in London this week, Leppard said that police don't have the resources in light of cyber-criminals becoming more proficient at stealing and extorting money online, and added that low reporting rates were partly down to banks writing off incidents as unavoidable costs.

According to reporters invited to the event, Leppard said that 80 percent of cyber-crimes go unreported and, of the 20 percent that do, only one in five receive a “proper” response from law-enforcement agencies. He even said that cyber-crime could become bigger than the drugs trade.

Kevin Williams, general manager at TC-UK, previously worked for the National Cyber Crime Unit (NCCU) under the National Crime Agency (NCA) and he says that the policing gap is keenly felt at the local level.

“There has been an investment in improving law enforcement numbers at the national and regional level to respond to the threat of cyber-crime. That gap still remains at the local level,” he told

“Whilst there is still under-reporting of cyber-crime formally there  are excellent arrangements at the national level to share information both legally and appropriately. The results of such sharing can be seen in the increased number of arrests and botnet take downs. This has included the banks and internet security companies working collectively with the likes of CERT-UK, the NCA and regional policing to tackle the threat.”

Williams continued that more education is needed, especially on driving people to the Action Fraud reporting website as well as advice sites such as Get Safe Online and Cyber Streetwise. “We need to help the potential victims to help themselves.”

“Of course we could always do more and let's hope the next elected Government invests wisely in the cyber-security issue, but we're moving in the right direction.”

Sally Annereau, data protection analyst at international law firm, Taylor Wessing, added in an email to SC.

"Perceived lack of police resource and low cyber-crime reporting levels are two sides of the same problem. No one party is to blame but the lack of a coordinated approach to cyber-security between national governments, law enforcement agencies, business and the public, all effectively contribute to create a repeating cycle of inaction in which cybercriminals can flourish. 

“From a legislative standpoint we can also see how delays in agreeing and finalising new  European data protection law is perpetuating an climate of uncertainty where businesses and  individuals are left holding their breath, waiting for clarity around their obligations, rights and new legal controls around the handling personal information."

Ross Brewer, vice president and managing director for international markets at LogRhythm, meanwhile, said that the warning should too be noted by industry.

“What Adrian Leppard has said rings very true for those of us working to tackle cyber-crime at the front line.  While his comments mainly call for a change in the way the authorities deal with the investigation of threats, organisations themselves should also take heed of his warnings.  Cyber-criminals don't care about a couple of firewalls or other point security solutions – they can, and will, easily get past them.  Attempting to prevent a breach has therefore become relatively futile, and instead focus needs to be placed on identifying and dealing with threats as quickly as possible.

This isn't the first time police have personally expressed concern over cyber-crime reporting, with the Met Police's Mark Jackson providing a damming assessment at the first SC Congress London last year.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews