Extent of spending on cybercrime training revealed as forces `working alone` on skills strategy

Huge pressure is mounting on forces across England and Wales to ensure that officers, staff, new recruits and trainees are fully prepared to handle increasingly complex investigations.

Some 17 million Britons were reportedly targeted by phishing, ransomware, online fraud and hacking in 2017 with security firm Norton estimating that £130 billion was stolen from consumers.

These skills aren’t only vital for modern policing, they are essential to support and protect businesses across the country.

With forces by and large “working alone” on strategy, the new Policing and Cybercrime policy paper published on Tuesday (March 20) recommends establishing a national approach – enabling security specialist companies to provide an agreed standard of training for all officers and staff across the service. It would also prevent variation of standards and skills between forces, it believes.

The key findings from the Parliament Street research sees North Wales Police top the list of 33 forces across England and Wales that submitted information – with £375,488 spent on cybercrime training for 1,043 officers and staff between 2015 and 2017.

The leading ‘spending’ force in the report made up a quarter of the overall total of £1,320,341 on cybercrime training courses.

This included a dedicated five day ‘Main Stream Cyber Training’ course for 147 key staff, totalling £160,000. There was also a one-day cyber-crime input course for all new Initial Police Learning and Development Programme recruits for 183 officers which cost £29,900. An additional £52,300 was spent on a similar course for 68 detectives.

West Mercia and Warwickshire forces submitted a joint response, totalling £125,633 and involving 263 officers and staff, followed by Lincolnshire Police which stated it had spent £119,834 on training 1,443 officers and staff. This was followed by West Midlands Police on £91,200 and Police Scotland on £83,121.

In terms of detail, Norfolk and Suffolk forces provided information on their combined spend of £70,100. This included sending 3,882 officers and staff on a Cyber Crime and Digital Policing First Responder course, 147 on a digital media investigator course costing £6,500, and £15,000 on an open source level 2 course for 87.

At the other end of the table, the lowest number of officers and staff trained by a Home Office force was 11 by Gloucestershire Constabulary while under the combined heading – South Yorkshire Police spent £25,745 on training budgets for 78 personnel sent on its Sy-Mainstream Cyber Crime training programme and a course entitled Sy/Hp-Cyber Hacking Inside The Minds Online Criminals.

Some 18 forces submitted information on both their training budget and the numbers of staff trained while 13 forces restricted their replies to ‘staff trained’ only.

The report authors note that the information disclosed is for “educational purposes only”, to illustrate the preparations being made by individual forces – and does not necessarily represent all resources allocated for cyber training, with many police training programmes overlapping.

Sheila Flavell, chief operating officer of hi-tech FDM Group, told <i>Police Professional</i> “With cybercrime on the rise, it’s clear that all organisations are urgently seeking to recruit, train and equip staff with the latest security expertise and cyber skills.

“Whether it’s online courses or specialist programmes, it’s encouraging to see forces taking steps to improve IT skills of serving officers and staff.

“These skills aren’t only vital for modern policing, they are essential to support and protect businesses across the country. That’s why so much more needs to be done to address the UK’s chronic skills crisis, to ensure we have the highly skilled workers to protect companies and the public from malicious online attacks.”

The report concludes that while occasionally forces are working together to develop cybercrime training programmes, the clear majority are working alone in this process.

“While we appreciate that individual forces have varying challenges in terms of crime, headcount and volume of citizens to protect, it would make sense to develop a more standardised approach to cybercrime strategy,” added the policy paper.

The key recommendations for consideration include:
1) Establish a national police cyber strategy – this would enable security specialist companies to provide an agreed standard of training for all officers and staff across the country. It would also prevent variation of standards and skills between forces;
2) Increase recruitment of officers with existing cyber skills – work closely with schools, colleges, universities and private companies to ensure a pipeline of highly skilled workers are encouraged to join the police; and
3) Sharing of key security training services – if a specific police force has developed a respected training course on cybercrime, it should be made available to other forces or replicated to share best practice.

Ciaran Martin, CEO of the National Cyber Security Centre, has stressed:  “We can only properly protect UK cyberspace by working with others with the rest of government, with law enforcement, the Armed Forces, our international allies and, crucially, with business and wider society.”