Businesses need to be able to report cyber- and electronic crime to a number of organisations, and not only to the police, according to Cambridge University computer security expert Richard Clayton.
Companies can currently report serious cybercrime to different police forces and units in the UK, including units in the Metropolitan and City of London police.
However, it is unclear which organisations deal with high-volume, low impact e-crime, Clayton said on Thursday. E-crime should be dealt with by the UK Trading Standards Institute, or an equivalent body, Clayton told ZDNet UK.
"The issue is that lots of things the general population think of as e-crime come under trading standards rather than the police," said Clayton.
The Trading Standards Institute, or equivalent, should be trained to deal with reports of petty e-crime, Clayton said.
Businesses tend to report the majority of serious financial cybercrime to the National Fraud Intelligence Bureau (NFIB), which is run by the City of London police. ZDNet UK understands that NFIB analysts screen reports: some are sent to local police forces for investigation, and some to the Metropolitan Police Central eCrime Unit (PCeU).
PCeU collaborates with the Serious Organised Crime Agency (SOCA), and also with international crime agencies such as the FBI. The unit has also investigated incidents associated with hacktivist groups including Anonymous and TeamPoison.
National Crime Agency
PCeU is in the process of being rolled into the upcoming National Crime Agency (NCA) which is due to start operations after the London 2012 Olympics. PCeU will become part of a new National Cybercrime Unit within the NCA, PCeU head Charlie McMurdie told ZDNet UK last Wednesday.
McMurdie said the NCA will consist of "four pillars of business" — economic crime, child protection, the UK Borders Agency, and serious and organised crime. The National Cybercrime Unit will be involved in all of those areas, and is likely to expand PCeU's remit.
"The cyber piece will be mapped out in three chunks," said McMurdie. "It's still under discussion, but it will increase on [PCeU's] current capability."
The three National Cybercrime Unit parts will be an operations team, a unit to focus on working with other law enforcement and intelligence agencies, and a third unit to put national programmes in place and co-ordinate with the rest of the NCA.
The police encourage businesses to report electronic crime to local police forces in the first instance — an area where companies have run into problems in the past. ACPO is in the process of training local police officers to deal with reports of electronic crime.