Practical Law

The annual meeting of the World Economic Forum took place at Davos in Switzerland between 20 and 23 January 2016.

One of the central themes of Davos 2016 was the future of the internet. Whereas the meeting focused on the various opportunities of development, the challenges were similarly considered.

A key challenge discussed was the extent to which the internet is secure. In a live debate on the subject, delegates agreed that as the amount of individual data grows, there will be an ever greater need for digital security services focused on protecting the integrity of devices connected to the internet.

Incidents of cybercrime are rising significantly. The meeting reported that in the United Kingdom, 2.5 million computer-related criminal offences were reported in the 12 months leading up to June 2015. This is of course only a fraction of the true number. The high volume of spam emails tempting internet users with ever more elaborate ways of parting with their money or their personal data was not included in this figures.

The meeting also distinguished cyber threats from cyber crime. The United States reported the most attacks, with its industrial sector, governments and education institutions the most frequent targets. The meeting stated:

 “Cybercrime is considered to be the number one motivation behind the attacks, followed by hacking and cyber espionage. The increase in the range and sophistication of attacks, as well as the potential brand damage due to loss of data or blackmail, have pushed cybersecurity up the agenda for large and small organizations”.

At the conclusion of the meeting, the World Economic Forum published a comprehensive set of recommendations for countering cybercrime through public-private collaboration. The US Department of Justice, Interpol and numerous private-sector organisations have endorsed the proposals, acknowledging the risks of cybercrime to business and society.

The recommendations are:

Recommendation 1: To better combat cybercrime, public and private sectors should cooperate through:

• The creation of permanent and secured information sharing channels between law enforcement authorities and the private sector.
• The real time sharing of information with both Computer Emergency Response Teams (CERTS) and law enforcement, related to hacking cases and to new modus operandi.
• The sharing of experiences from investigations and prosecutions.
• The sharing of technical prevention and protection measures.
• The sharing of information on technological development trends and achievements.
• The sharing of best practices related to  education and training of end users.
• The creation of a common cybercrime taxonomy.
• The fostering of technology innovations and investment to meet global security challenges.

Recommendation 2: Private and public sectors should work to:

• Create, or support the creation of, both global and regional public/private cooperation platforms to promote better cooperation between law enforcement authorities and the private sector.
• Encourage law enforcement authorities and the private sector to join existing public/private cooperation platforms and to enhance and increase coordination between them.
• By doing so, the public and private sectors can together increase the efficiency and the impact of the fight against cybercrime.

Recommendation 3: Public and private sectors should seek to promote greater global adherence to, and coordination of, the rule of law relating to cybercrime. This includes:

• Public and private sectors should seek to promote the adoption of the Convention on Cybercrime 2001 (Budapest Convention) – at least the key principles on substantive law (Articles 1-9 of the convention).
• Participants of cooperation platforms should respect the rules generally admitted regarding the sharing of information as well as the rules related to mutual legal assistance treaties (MLATs) in force at the time of information-sharing.
• Public and private sectors should promote the adoption and harmonization of national laws that capture the spirit and key principles of the Convention on Cybercrime (2001).

Recommendation 4: Public and private sectors should work towards greater mutual cooperation to build trust and create opportunities for discussion and resolution of issues related to cybercrime. This includes:

• Law enforcement and the private sector having open and constructive discussion on current issues which could be obstacles to the implementation of recommendations 1 -3.
• Law enforcement authorities and the private sector working to create incentives within their respective communities, enabling them to commit to recommendations 1-3.
• Public and private sectors collaborating to promote and/or create capacity-building programmes.

Recommendation 5: Public and private sectors can engage in other initiatives, such as collective action, to enhance the impact of unilateral private sector action to combat cybercrime.

The recommendations are wide ranging, but have the common theme of public and private sector collaboration. This perhaps mirrors the approach taken with many other areas of business crime, including the need to self-report suspected money laundering and the requirement to have adequate procedures in place to prevent bribery. The extent to which previous public/private collaboration has been successful in reducing or tackling crime is open to debate.

For an overview of cybercrime England and Wales, see the Practical Law Practice note, Cybercrime: overview.

For details of the specific cybercrime risks for business, including steps a company may consider taking to reduce those risks, see the Practical Law Practice note, Cybercrime risks for business.