CEO Annual Review & Impact Report for Financial Year 2020 - 2021

Our mission has never felt more critical than it has in the last 12 months (this report covers our financial year from 1st of June 2020 to 31st of May 2021). With the first Covid-19 lockdown only a month old, we entered a financial year that we knew would have a lot of uncertainty and challenges. What transpired was a huge surge in cybercrime and online harm that led to a 362% growth in caseload. 

Our team, which is now over 70 volunteers and a chatbot, has been incredible. Our remote model meant minimal disruption, but each team has had to work extremely hard to meet the challenge of a huge jump in service users. This wasn’t just our Helpline Responders, but our human resources & training teams who onboarded and trained a huge number of volunteers to help us meet demand and our IT team who ensured we had the tools in place to scale effectively.

One thing that makes me most proud of the team is that the feedback from our users remains extremely positive. Even with exponential growth we have maintained excellent standards. Our average satisfaction score given to our Helpline Responders was 9.2 out of 10 and our chatbot experience consistently scored 4 out of 5 for satisfaction. The help we are giving is good and we are doing it well.

The Cyber Helpline is a movement by the information security community to come together to fill the enormous gap in support for victims. What we have seen over the past 12 months is the wider cybersecurity community coming together to support our work - AXIS Insurance joined as our first ever sponsor, Saepio Information Security has worked hard to fundraise for us and organisations like Custodian360 and PhishTool have provided tools and expertise to help us operate. However, to achieve our mission we need more help from the wider community and we need it pretty quickly. 

We are run entirely on volunteering - everything we do is based on the goodwill of good people. We receive no government or statutory organisation funding to run our service. This makes our achievements even more special. To be running a community funded, free incident response service for the general public, to have helped almost 6,000 people, to be leading in areas like cyberstalking all with a volunteer only model is incredible.   

Even with our significant growth there is still not enough being done to support victims of cybercrime and online harm. The law, the police, global cooperation, funding, the national cyber security strategy, education of the public and the cooperation of tech platforms all need to progress quickly if we as a country are to protect our citizens from harm. We can, and must, do better.

Cybercrime & Online Harm - An accelerating problem

Internationally we are failing to slow the growth in cybercrime and online harm. During the financial year we have just finished, 414,308 individuals reported fraud or cybercrime to Action Fraud. These individuals reported total losses of £1.8 billion. However, less than a quarter of our service users have reported their issue to the police and we estimate that there are closer to 1.6 million victims in the UK every year who could have lost up to £7 billion. 

Even with the more conservative numbers, that is 34,525 victims every month! We have grown quickly and are now supporting just under 500 victims per month, but we are still only scratching the surface of the problem. Investment and support will be needed for us to meet the challenge. 

As an industry we talk a lot about the volume and monetary losses of online fraud and cybercrime, but we rarely talk about the true impact on individuals. In fact, financial loss comes almost last in terms of impact for the six areas we assess. The top impact was mental and personal health - scoring an average of 7.5 out of 10.

The economic impact is huge, but it is not the whole story. It also isn’t the most important story. We must start looking at the impact of cybercrime and online harm in terms of mental health, how it impacts individuals lives and their online confidence.

Digital transformation, already well underway in most governments and industries, has been accelerated by the COVID pandemic. That more and more of our lives will be carried out online is now a given, but a key enabler is having IT literate employees and service users who are confident online citizens. If criminals continue to erode online confidence and mental health then it may impact digital transformations globally. We all have a vested interest in getting this right.

What types of cybercrimes and online harms are we seeing?

A good summary is that we are largely seeing everyday accounts and devices being used against people in a malicious way. Very few of our cases involve complex technological attacks, instead threat actors are taking advantage of known information, physical access and low levels of online security & privacy. 

Many of our attacks are about human relationships and behaviours being played out online. Purely technical attacks like ransomware are significant, but the majority of issues are things like stalking, harassment, bullying, grooming, revenge porn and sextortion. The internet and technology are simply facilitating these behaviours.

Almost a quarter of our cases are focused on cyberstalking and online harassment and this continues to be an area of real expertise for us. The development of our Cyberstalking Action Plan has enabled us to lead on response strategies and train other offline stalking experts across the UK. 

Covid has brought a number of new online scams, but the majority of these are just new variations of old scams. More significantly, investment scams around virtual currencies have grown rapidly over the last 12 months with victims losing a lot of money that they have very little chance of getting back.

Our impact

What impact do we want to make?

At The Cyber Helpline we want to:

• Minimise the impact of cybercrime and online harm on individuals by injecting expert advice into the issue as soon as possible

• Minimise the chance of repeat victimisation and reduce general online vulnerability

• Ensure all victims have free access to cybersecurity experts who will help them understand, contain, recover and learn from their issue

• Shine a light on the key issues facing individuals and be the voice of the general public pushing for change

• Provide a route into information security careers, help cyber security experts develop their skills and understanding of the impact of poor corporate cyber security practices

• Further the knowledge, tools and techniques used to support victims of cybercrime and online harms

• Prove that the current landscape is not good enough and that it is possible to provide a better service to the general public.

Our impact to date

From our first case in May 2018 to the 31st of May 2021, we have been rapidly making progress in terms of our impact on our key focus areas. 

Over the previous 12 months we have opened 4,486 cases bringing our all time total to 5,762. In addition, more than 100,000 unique visitors to our website have engaged with our online guidance. 

We have seen less than 2% of our users come back and open a new case on the same issue - corroborated with the extremely positive feedback hints that repeat victimisation after engaging with us is very low. 

Our data and experience has also proven valuable to understand the threat facing individuals, but also as a basis for academic research. We have supported more than ten research projects over the last 12 months - most notably a partnership with University of Kent to support research for the Home Office into technology-facilitated intimate partner violence. 

Our training programs and mentoring support has enabled a number of individuals to not only gather cyber security experience, but also for some to get their first paid roles in the industry. Helping Sergiu go from lorry driver to SOC analyst is just one example of how we have been able to help. 

Finally, we have developed a number of tools and processes to evolve how individuals can deal with a wide range of cybersecurity issues. Our Cyberstalking Action Plan, phishing email check service and online footprint service have pushed forward the thinking and capability around response in these areas.

The Next Twelve Months

We are predicting, and planning for, continued rapid growth over the next 12 months. It would be surprising if we didn’t double our caseload and support close to 10,000 cases. 

Many things will continue to drive this growth: Some COVID restrictions are still in place, the acceptance of carrying out more of our lives online and the fact there are tens of thousands of victims out there that need our help. 

Our model will also evolve as we scale. We have applied for charity status and hope to be operating as a charity in the coming months (rather than a not-for-profit). We will also offer our first staff positions, using some of the money we have to add part-time staff to help us run and grow the helpline. 

Key focus areas for the team will be 1) funding - we need more money so we can build our service and help more people, 2) raising our brand awareness with the general public - more victims need to know we are here and 3) increasing our ability to scale safely - expertise, tools and processes to help us on our journey. 

The Cyber Helpline is on a mission to ensure that everyone has access to immediate and free cybersecurity help when they need it. We want a world where the cybercriminals don’t win. I am confident that in the next 12 months we will take a giant step forward in playing our part.

How can you help?

If you are reading this you have an interest in cybercrime and online harms in some way. You can join the movement we have started to ensure victims of cybercrime and online harms get the support they need when they need it.