'Growing 3x faster than police staffing': Surge in cybercrime and new laws on ransomware payment could put UK businesses (and their directors) — in a "compliance trap."

• Cybercrime cases climbed from 774 thousand to over 1.4 million
• Police staffing for cybercrime rose by only 31% during the same period
• Each officer now handles significantly more cases than four years ago

Cybercrime in the United Kingdom is expanding at a rate that exceeds the growth of dedicated policing resources, and new figures from Forbes Solicitors claim fraud and computer misuse offenses have increased sharply in recent years, while staffing levels in cyber and economic crime units rose at a slower pace.

Reported incidents climbed from 774,537 cases in 2020 to 1,458,704 in the latest figures, representing an increase of 88% - but over the same period, the number of personnel handling such offenses rose by 31%. This means that reported incidents are rising 3x faster than policing, creating a widening imbalance between workload and available resources.

As a result, each staff member is now responsible for substantially more cases than in previous years.

Offense volumes surge sharply within a short time frame

At the same time, regulatory changes are advancing through Parliament with the aim of strengthening national cyber resilience.

“The Cyber Security and Resilience Bill is expected to become law this year, and Government is also looking at new legislation for banning and preventing ransomware payments,” said Craig MacKenzie, Head of High Profile and Private Crime at Forbes Solicitors.

The proposed legislation is expected to introduce stricter requirements for organizations, alongside expanded enforcement powers and higher financial penalties for non-compliance.

Existing penalty limits could be replaced by fines linked to a percentage of global turnover, which would increase potential liabilities for large organizations.

“New laws are a positive move but would likely bring compliance requirements that will be tougher to meet without sufficient policing,” MacKenzie added.

Alongside broader reforms, the government is considering measures that would restrict or prohibit ransomware payments, an approach intended to reduce incentives for attackers.

However, ransomware incidents have already demonstrated their ability to disrupt operations for extended periods, often forcing companies into difficult decisions under pressure.

Proposed rules could introduce civil or criminal penalties for organizations and directors who choose to pay, even when operational continuity is at stake.

This will likely create a situation where compliance obligations may conflict with immediate operational realities.

The combination of increasing cybercrime and stricter regulation introduces a layered burden for organizations, particularly those lacking extensive internal security capabilities.

Businesses may be required to strengthen defenses, monitor systems more closely, and respond to incidents under tighter legal constraints with limited external resources.

“It’s hard to justify asking businesses and their staff to take on bigger responsibilities — and greater liability — when police staffing isn’t growing anywhere near as fast as the number of fraud and computer misuse offenses,” said MacKenzie.

However, organizations are advised to ensure strong cybersecurity by deploying up-to-date antivirus solutions and properly configured firewall systems to reduce exposure to evolving threats.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.