In July, news outlets around the world reported that online hackers unsuccessfully attempted to obtain confidential Covid-19 vaccination research from pharmaceutical companies and research centres in the UK. While the true identity of the group behind these cyber-attacks remains unknown, a source from the UK's National Cyber Security Centre (NCSC) revealed that the group was likely to be of Russian origin. This isolated case is merely one example of the thousands of attacks directed at the private sector each year by organised crime groups.
In the last 30 years, organised criminal groups have increasingly targeted the private sector both to commit crimes, such as theft or counterfeiting and to exploit the sector as a vehicle in the commission of other crimes such as money laundering. According to a recent study by the Global Initiative Against Transnational Organised Crime (GITOC), the impact of organised crime on the private sector may amount to USD 870 billion per year.
Pricewaterhouse Coopers’ (PwC) Global Economic Crime and Fraud Survey shows that private companies lost a staggering USD 42 billion in 2020 to criminal activities. Most of this amount can be attributed to organised crime types such as cybercrime, money laundering or insider trading. Businesses suffered significant damages, with 13% of the companies surveyed declaring individual losses of over USD 50 million in the last 24 months. The costs absorbed by corporate victims of criminal activity are not only monetary, as these enterprises also suffer indirect costs such as loss of market position, brand damage, opportunities and organisational disruption. As stated by a recent OECD report, the economic cost of the September 11 attacks in 2001 totalled around USD 120 billion. This is a problem worldwide. In 2019 the National Crime Agency’s Director-General Lynne Owens declared that organised crime in the United Kingdom had reached unprecedented levels: “Against a backdrop of globalisation, extremism and technological advances, serious and organised crime is changing fast, and law enforcement needs significant new investment to help combat it”.
Fifty or sixty years ago, the private sector mainly relied on public security frameworks to prevent and combat crime. Security departments were virtually non-existent and anti-crime strategies and policies were being slowly introduced by compliance departments. If an attack or crime was detected by a company, options were to ignore it or formally involve law enforcement. In parallel, government offices tried to stay away from private firms’ security incidents, only intervening when directly requested by the companies or the legal system.
Since then a lot has changed. It is now common to encounter private companies either targeted by organised crime or acting as facilitators for other crimes. Globally, companies face losses from organised crime through asset misappropriation, contraband, forging, hacking, extorsion and fraud among other crimes. When taken advantage of as facilitators, private companies are frequently used as conduits for money laundering, tools of pressure against governments or as sources for highly demanded specific materials as happens with arms dealers. This situation has forced both the private sector and governments to adopt a more proactive approach to crime prevention.
To keep pace with the evolving sophistication of organised crime, private sector companies are investing an increasing amount of money in security systems. Global security-related spending is expected to reach USD 133 billion by 2022, while the global video surveillance market is expected to grow from USD 45.5 billion to USD 74.6 billion in the same timeframe. In the cyberspace, companies invested around USD 120 billion in information technology security services and products in 2019 alone. As private security spending has been steadily rising (for example the physical security sector is expected to grow 7.3% annually till 2023, reaching USD 119.4 billion by that year), the public sector has often lagged behind, mainly due to financial constraints. In the United Kingdom, austerity strategies from former governments have resulted in the loss of over 45,000 police officers since 2010. By contrast, in most countries, private security now outnumber police, with the industry expected to be worth USD 240 billion this year.
There remains much room for improvement. In the first instance, as a study by GITOC has found, there are very few examples of public and private sector co-operation against organised crime. The private and public sector has an enormous opportunity to increase cooperation in information exchange, best practices exchange, joint training and building of joint task forces.
Secondly, governments and law enforcement agencies would benefit from incorporating valuable lessons learned by private companies in their independent fight against organised crime. For example, private sector organisations increasingly have the capacity to display and store images from thousands of CCTV systems. In London alone there is one camera for every 14 people. The majority of these cameras are owned by private sector companies, with statistics from as early as 2013 demonstrating that only 1 out of every 70 CCTV cameras in the UK are state owned. Additionally, with the introduction of video analytics, companies have developed capabilities to identify individuals, transit patterns and also introduced early systems that can and have proved very valuable amidst terrorist attacks and other violent incidents. While most governments regulate the installation of CCTV systems, and guarantee themselves access to camera recordings, few have advanced in more complex cooperation schemes such as online/real-time camera access. Further, few governments have deployed law enforcement liaison officers in large and crucial private command and control centres, despite the value and effectiveness of this strategy being demonstrated for years in large sports stadia.
Thirdly, there is much room for growth in the ways in which private companies and governments can benefit from information exchange. When I served as Argentina’s Drug Enforcement Deputy Secretary of State, one of my responsibilities was to monitor precursor chemical commerce. This important duty to prevent drug manufacturing while regulating a perfectly legal commerce forced me to introduce novel measures that involved an increased interaction with private chemical companies. For example, my office received regular information about chemical manufacturing, exports and imports, as well as valuable intel about potential cases of precursor deviation. Concurrently, we held regular training workshops for these companies on how to prevent inside-thefts and detect potential drug manufacturing or cutting. Both sides significantly benefitted from that enhanced cooperation framework.
Finally, there is a need to elevate the importance of internal security management and oversight positions. Security management roles inside private companies have traditionally been considered a secondary role of inferior importance to Chief Executive Officers (CEOs) or Chief Financial Officers (CFOs). Today, new regulations such as: compliance frameworks; security system integrations; network systems and widespread use of CCTV; and access control systems and detectors, are all forcing companies towards the inevitable creation of a Chief Security Officer (CSO) position. In this regard, the private sector is demonstrating the importance of public security expertise in private spaces, as law enforcement officers are perfectly positioned for these roles.
In the future we will see increased cooperation between private companies and law enforcement agencies. There will be an expansion of information sharing arrangements, mutual training workshops, and best practices exchanges between the public and private sector. The provision of high-level security or crime prevention advice will be regarded as a vital service. Still, there are some challenges that will have to be addressed to achieve the desired level of interaction. Local laws and guidelines will need to be altered to properly define the boundaries of the states’ use of information from private sources. In these essential discussions, both sectors must be willing to compromise.
Martin Verrier is a RUSI Associate Fellow and SHOC Member.
The views expressed in this article are those of the author(s) and do not necessarily reflect the views of RUSI or any other institution.