At the end of January, the Office for National Statistics (ONS) released its crime survey for the year to September 2024. Of the 13 different categories of crime listed, there are two that pertain to the cybersecurity profession – Fraud, and Computer Misuse.
As recently as 2022, Fraud and Computer Misuse offences had their own dedicated report, separate from the main crime statistics. The fact that this is no longer the case is striking, especially given that the report itself highlights a 19% rise in fraud cases to 3.9 million, making it the primary driver of a 12% increase in overall “headline crime.”
Fraud is now the most common category of crime in England and Wales, and the second fastest growing after violence (27%) over the last 12 months. We’ve all heard the stories, or perhaps know someone impacted by fraud. Romance scams are running rife, with cybercriminals posing as celebrities to con people out of money. Phishing texts sent around shopping days are convincing people to check the status of a delivery, only to then ask them for their bank details. Wherever there is opportunity, there’s a cybercriminal looking to take advantage of it.
If this point needs any further reinforcement, the recently released Munich Security Index ranked cyberattacks as the fourth greatest threat to countries – in the UK, it ranked second. To put that into context, the top three were all environmental factors such as extreme weather. Economic or financial crisis, political polarisation, the use of nuclear weapons and rising inequality all featured lower than cyberattacks. And yet, recognition of cybersecurity by bodies such as ONS seems to be sliding.
As a profession, we’re used to being pushed to the sidelines. Cybersecurity is often seen as a nuisance, or disruptive. It’s something that people over there do, or as a subset of IT. As such, cybersecurity is not seen as a discipline in its own right and being deprioritised. We need to start disproving these attitudes.
Those in the profession know that cybersecurity is a nuanced and skilled practice – one with its own unique set of challenges. But those on the outside do not always appreciate this, which often influences decisions around budgets or means people don’t take security as seriously as they should. The knock-on effect is that cybercrime thrives.
For cybersecurity to be viewed as a profession, we must start acting like one. Regulators are starting to recognise the profession and are enforcing new rules, in the same way they have for other sectors. Legislations like DORA, SEC rules on cybersecurity disclosure, the UK’s upcoming Cyber Security Resilience Bill are becoming more regular. These are the Sarbanes-Oxley of the cybersecurity world, and prove that cybersecurity is maturing, which can only be a good thing. Cybersecurity professionals also need to prove their maturity.
This can be done in many ways. Industry agreed and recognised standards and skills frameworks are one example of professionalism that is common throughout other sectors. But Chartering is one of the most overt ways to prove professionalism. Workers from almost every discipline – accountants to healthcare professionals, marketers and engineers – have the opportunity to become chartered professionals. This brings a number of benefits for the individual – recognition, a point of difference, development opportunities and the chance to shape their industry – to name but a few. For the profession as a whole, it lays a marker down, increasing credibility and helping to build trust from outsiders.
However, we must collectively recognise the benefits of chartering, as individual actions in isolation won’t change perceptions from the outside in.
