UK's top cop tells banks not to refund cyber-crime victims, even as online defenses declared useless

© Ina Fassbender
Banks shouldn't compensate customers who are victims of cyber-crime because it “rewards” them for sloppy internet security, Britain’s highest-ranking police officer has said.

Metropolitan Police Commissioner Sir Bernard Hogan-Howe said banks should refuse to reimburse people who fail to update anti-virus software and tighten their passwords.

His remarks come days after internet security firm Webroot warned traditional computer defenses are “useless” in the face of modern cyber-attacks.

Hogan-Howe compared refunding bank customers who are victims of cyber-crime to rewarding “bad behavior.”

If you are continually rewarded for bad behavior, you will probably continue to do it but, if the obverse is true, you might consider changing behavior," he told the Times.

The system is not incentivizing you to protect yourself,” Hogan-Howe said.

"If someone said to you: 'If you've not updated your software, I will give you half back', you would do it."

Hogan-Howe’s comments were criticized as “misjudged” by Richard Lloyd, executive director of consumer group Which?.

"The priority should be for banks to better protect their customers, rather than trying to shift blame on to the victims of fraud,” he said.

Cyber-crime is the fastest growing economic crime in the UK, according to a report published last month by PricewaterhouseCoopers (PwC) which measured a 20 percent increase since 2014.

Internet security firm Webroot described 2015 as a “record year for cyber-crime” in a recent report which labeled traditional computer defenses as “useless.”

More malware, malicious IPs, websites and mobile phone apps were discovered in 2015 than in any previous year, Webroot Chief Technology Officer Hal Lonas said.

The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it’s truly possible to defend against a persistent attacker,” he added.

We conclude that we can only succeed by being more innovative than our criminal opponents.

Lonas said the vast majority of malware and potentially unwanted applications (PUAs) have become polymorphic, with 97 percent of malware morphing to become unique to an endpoint device.

By changing attributes to evade detection, polymorphic threats pose a major problem for traditional, signature-based security approaches, which often fail to discover singular variants,” he said.

Lonas believes organizations and corporations need to invest in next-generation security to protect themselves and customers.