Cyber theft “a national emergency”

While facing one of the worst economic crises in its history, Britain is losing billions of pounds per year as a result of orchestrated cyber theft.

According to a well-known London law firm, cyber crime costs the UK economy between £18bn and £27bn per year. In the US, the National Security Agency estimates that losses amount to $3trn. Most of this money is thought to be lost by financial institutions such as high street banks.

The effects of cyber theft have more far-reaching consequences than only on the economy as, to remain profitable, financial institutions pass on their losses to customers in various potentially harmful ways.

For example, when a small business goes bankrupt because it can no longer pay increased interest on a business loan, it may be unknowingly paying part of the price of cyber crime.

Similarly, struggling families paying hefty mortgages may not realise it, but their bank or building society’s decision to foreclose rather than give them time to pay or grant an interest-only mortgage for a while may also make them the unwitting victims of cyber theft. Young couples may also find they are refused a mortgage to buy their first home because the banks are being forced into being overly cautious as a result of cyber fraud.

At first glance, it may seem strange the UK government has not done more to tackle this growing problem. But there is one main reason why the government has taken little or no action to staunch this potentially fatal flow of cash; namely the banks are reluctant to admit the scale of the problem, even to themselves.

Any bank that breaks the industry silence on the subject to reveal the true scale of its growing losses risks losing in customer confidence.

When forced to admit that it cannot stem the losses effectively, it might see customers rush to withdraw their money, which would force it to close. It would then have to turn to a cash-strapped and reluctant government for a bailout.

Some government mambers have access to information through GCHQ that would give them an indication of the scale of the problem. However, fearing the political backlash of another big bank bailout so soon after the last financial crisis, ministers are, in the run-up to the next election, understandably happy to leave the banks to solve their own problems.

But, as yet, this country’s financial institutions have, for the most part, proved incapable of addressing the problem. Few chief executives fully grasp the true nature of the problem and mostly delegate responsibility to their chief information officers. In turn, these IT executives are often slow to reveal the leaky nature of their IT infrastructure to their boss. Although the banking industry was one of the first to introduce IT, it has fallen behind in its ability to safeguard its rapidly aging infrastructure.

Unfortunately, hackers have outstripped legitimate organisations in their ability to find backdoors in the banks’ outdated IT systems.

Banks and governments in countries such as the UK and the US, where the banks’ losses are now being measured in trillions of dollars, also often have outdated notions about the nature of 21st century hackers and cyber criminals, with many still carrying the image of social misfits with a genius for computers hacking from their bedroom. The truth is, though, that computer hacking is now a multi-trillion dollar global business mostly run by organised criminals and often used to fund terrorist activities. For example, it is has been reported that the Surakarta church bombing that took place in 2011 in Central Java was funded by cyber hacking. According to Indonesia’s National Police, one of the men arrested was IT expert Rizki Gunawan, who used his computer skills to gather funds illegally on the internet. He is accused of stealing $625,000 from a single corporate website. The police believed that some of these funds were used to support the church bombing.

Police investigations have also revealed that the 2002 Bali bombings were also allegedly partly funded by online credit card fraud.

The growing links between cyber crime, organised crime and terrorism mean that banks must urgently start taking the problem more seriously than they have in the past.

First, financial institutions and other vulnerable organisations should stop relying entirely on internal processes to safeguard themselves and their customers and appoint reputable external advisers to identify and mend their leaky IT infrastructure.

Often, this can also involve educating executives about the use of IT and passwords and the need to monitor safeguard mobile devices such as laptops, phone or tablets.

If organisations do not act quickly on this, the rising level of cyber theft could start to threaten to sink not only the banking industry but the UK economy.

Stuart Poole-Robb founder and CEO of Knightsbridge Company Services, strategic intelligence and risk management consultancy