Neal Jetton, cybercrime chief of international policing body, tells event that the dawn of quantum and AI has complicated the threat landscape, and public and private bodies must share data
Interpol cybercrime director Neal Jetton has called for a “total 360-degree strategy” to tackle the global cybercrime crisis.
Speaking at the International Law Enforcement in a Digital Age event held in Glasgow this week by PublicTechnology sister publication Holyrood, Jetton told delegates the rise in cases is “staggering”, urging for a “team effort” approach to ensure people and the economy remain safe.
He cited research which shows cyberattacks have increased by 30% in the second quarter of 2024 and the average global cost of cybercrime stands at $18m (£13.9m) per minute. Police Scotland records almost 50 cybercrimes daily.
Jetton said: “This isn’t just a statistic, it’s a wake-up call. Cyber is all-encompassing; with the emergence of AI and quantum computing combined, combating cybercrime will only get more complicated. No one agency, no one organisation, no one country can do this on their own. It obviously involves law enforcement officers on the physical and digital front lines. It involves the private sector sharing data and expertise. We require academics and researchers to develop the latest tools and technologies. We need trained legal experts to ensure justice is served, and we need every citizen to practice better cyber hygiene.”
Research suggests there is a global skills shortage of almost 4 million cybersecurity experts, and in the UK it is estimated that around half of businesses have a basic skills gap, with employees responsible for cybersecurity lacking the confidence to carry out basic tasks.
Related content
- Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals
- Cyber Security Week: How the police is leading a resilience revolution
- Police Scotland to launch dedicated cybercrime unit
Freha Arshad, managing director of Accenture said: “At the end of the day, you do need a well-rounded security technical architecture team to have a robust secure-by-design programme. And again, the advantage there generally lies with the larger organisations, so the small SME’s may need a little longer to fully implement. I would hope that as secure-by-design guidelines and implementations become the norm we’d see more of a roll-out, but it’s going to take time. We needed it yesterday and we’re not going to get it by tomorrow. That’s the challenge with secure-by-design, but it’s absolutely stepping in the right direction.”
Detective Sergeant of Cybercrime Investigations in Scotland, Kelly Thorburn, highlighted how the expertise shortage is impacting authorities north of the border, pointing out a training divide within organisations: “What you find is that you only get that [cyber-training] when you come to specialist departments like what I’m in now. Obviously on the front line, they are getting a much, much lower level of that because they have to cover every topic that we need to police.
She added: “It’s a massively steep learning curve and it’s moving so quickly that the public sector is always going to struggle to keep up with that. Because everything just naturally moves slightly slower in public sector areas, which we all know. So, it’s good to get that insight from private sector… We know that we have limitations.”
Jude McCorry, chief executive of the Cyber and Fraud Centre Scotland, urged delegates to move on from a “victim-blaming” approach to encourage people to report crimes and allowing for a better sharing of intelligence between stakeholders.
“We don’t treat the victims of cybercrime in the same way as we would treat somebody who was a kidnapped or somebody was assaulted on a street,” she said. “We have to make sure that people [who suffer from a cyber-attack] do realise that they are victims of crime, and that they do report it. Just because it hasn’t physically happened to them, it doesn’t mean that they shouldn’t be reported to the police. If it’s not reported, we don’t have the intelligence and we don’t know the extent of the problem.”
A version of this story originally appeared on PublicTechnology sister publication Holyrood