UK National Crime Agency: Criminals Winning 'Cyber Arms Race'

Businesses and law enforcement agencies are losing the "cyber arms race" with online criminals, the UK's National Crime Agency has warned.

The technical capabilities of criminal gangs are outpacing the UK's ability to deal with their threat, the NCA added.

It said there were 2.46 million "cyber incidents" last year, including 700,000 frauds - with the biggest threat coming from "a few hundred" criminals.

The government is to spend £1.9bn over the next five years on cyber-defences. The NCA's annual assessment of cybercrime found a key threat to the UK comes from international gangs. Some are so well-developed they run call centres and employ translators.

"Cybercriminals targeting the UK include international serious organised crime groups as well as smaller-scale, mostly domestic, criminals and hacktivists," it said.

"The NCA assesses that the most advanced and serious cyber-crime threat to the UK is the direct or indirect result of activity by a few hundred international cyber criminals, typically operating in organised groups, who target UK businesses to commit highly profitable malware-facilitated fraud.

"These cyber-attacks include attacks directly targeting business systems and attacks against individuals."

The NCA said the "accelerating pace of technology and criminal cyber-capability development" currently outpaces the UK's collective response to cybercrime.

"This 'cyber arms race' is likely to be an enduring challenge, and an effective response requires collaborative action from government, law enforcement, industry regulators and, critically, business leaders," the report added.

The NCA says the true scale of criminality is likely to be far bigger because of what it calls "a serious problem" of under-reporting.

It urged businesses to report when they are victims of cybercrime and to share more intelligence, "both with law enforcement and with each other".

In response to the threat, the UK government plans a new National Cyber Security Centre, as well as working with internet service companies to block online attacks.

BBC

« UK IP Bill Will Allow Government To Spy On Journalists
A Strategic Company: The Internet of Things & How ARM Fits In »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

CYDEF

CYDEF

CYDEF provides comprehensive, state-of-the-art cybersecurity protection that is accessible and affordable to organizations of any size.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.

12Port

12Port

12Port network security solutions help companies tackle modern cybersecurity threats cost-effectively while implementing zero-trust architectures.

Bastion Security Group

Bastion Security Group

Bastion Security combines the skills, expertise and leadership from Quantum Security, ZX Security, Helix Security and Cassini.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.

Redblock

Redblock

Redblock's mission is to eliminate the drudgery and repetitive 'eye on the glass' work done by Security Teams.