I recently had the opportunity to present at the 14th Annual Counter Fraud, Cybercrime and Forensic Accounting Conference at the University of Portsmouth. The topic I explored was how fraud has evolved into a global business opportunity for organised criminals – and the considerable challenges this presents for disruption and prevention efforts. Below is an overview of the key points we covered during that session. 

The scale of the challenge

Fraud now accounts for 43% of all crime in the UK, with 1 in 14 adults falling victim (ONS). Of the frauds reported, 70% have an international element (City of London Police), with total annual losses estimated at £219bn across all sectors (Crowe), including £55bn in the public sector alone (NAO). 

On a global scale, the Global Anti-Scam Alliance (GASA) estimates losses could exceed $1 trillion, with half the world encountering fraud weekly. These figures may still be underestimates – 70% of global victims and 86% of UK victims are believed not to report fraud, often due to shame, embarrassment, or a belief that little will be done in response. 

Regional trends in fraud

According to Interpol, fraud patterns vary by region. In Europe, business email compromise and investment fraud dominate, while in Africa, romance scams and advance-fee frauds are more prevalent. 

Interpol has referred to the situation as an ‘epidemic’, pointing to rapid technological change and the industrial scale of organised crime operations. Criminals increasingly leverage AI to enhance scams and use cryptocurrencies to move illicit proceeds globally, complicating law enforcement efforts. 

The rise of fraud factories

One of the most striking illustrations of organised criminality is the emergence of fraud factories – highly structured criminal operations functioning like corporations. These are often staffed by trafficked individuals who believed they were applying for legitimate jobs in marketing or IT but were instead taken to compounds across Southeast Asia. 

Since the COVID-19 pandemic disrupted traditional laundering routes (e.g., casinos), criminals have shifted focus. It’s estimated that over 220,000 people are being held in fraud compounds in Asia, with global losses exceeding $75bn between 2022 and 2024. 

These factories train individuals to run romance and investment scams targeting victims across the USA, UK, Europe, and China. Interpol and the UNODC report strong links between these activities and other organised crime such as human trafficking and narcotics. 

Organised threat in the UK also

The UK is not immune to this sophisticated threat landscape. For example, Operation Destabilise, led by the NECC, NCA and international partners, disrupted a global money laundering network that used crypto assets to facilitate luxury lifestyles for sanctioned individuals. 

The results were significant: 

• 84 arrests 
• £700m in assets seized 
• £200m in crypto assets recovered 

This and other operations demonstrate the corporate structure of organised crime, with UK links to multi-national syndicates conducting phishing, trafficking, and large-scale fraud.

Fighting back with technology and collaboration

To counter these threats, we must match criminals in their use of technology and innovation. This includes: 

• AI-powered analytics to detect anomalies in financial systems 
• Cross-jurisdictional intelligence sharing 
• Data-driven resource prioritisation 

Successful disruption efforts – such as those by Interpol, the NCA and others – underscore the importance of partnerships between law enforcement, industry, and government. 

Equally critical is the protection of trafficked workers in fraud compounds, some of whom are victims themselves. Support services and, where possible, rehabilitation efforts must be prioritised, despite the complexities posed by varying legal systems and approaches to justice.

Clue’s role in tackling economic crime

At Clue, we provide a powerful investigative platform trusted by law enforcement, government, and private sector teams. Our software is built to help intelligence and investigation professionals connect data points, manage cases efficiently, and drive smarter decision-making. 

We empower users to: 

• Uncover hidden relationships in vast datasets 
• Collaborate securely across agencies 
• Streamline complex fraud and financial crime investigations 

We’re proud to support organisations in their mission to disrupt economic crime – and are committed to evolving our tools to stay ahead of organised criminal threats. 

Want to learn how Clue can support your organisation? Book a meeting with me here.

Also, catch up with our Joining the Dots podcast, with guests including Professor Mark Button and the NECC’s Nick Sharpe discussing some of these themes in more depth. Listen to Joining the Dots 

Fraud remains the most widespread crime in the UK, and it’s growing in both complexity and scale. Law enforcement and intelligence agencies need continued support from government, industry, and technology providers to remain agile and effective. 

Meanwhile, tech and social media platforms must take greater responsibility to remove fraudulent content – whether false job ads, bogus investment schemes, or crypto scams. 

Clue has released a new report exploring the growing risk of insider threats and how organisations can build intelligence-led capabilities to prevent them before harm is done.

As insider incidents grow in scale and severity – from data leaks and sabotage to ransomware and espionage – Insider Threat Assessment: The Case for Intelligence-Led Prevention highlights the urgent need for a proactive, joined-up approach to this rising security challenge.

In the report’s foreword, Matt Horne, Director of Intelligence & Investigations at Clue, writes:

“Insider threats are not merely technical anomalies – they are intelligence failures. Failing to anticipate, contextualise, and understand insider behaviour is a failure to see the full risk picture.”

Drawing on real-world case studies from policing, defence, and corporate security, the report reveals how traditional detection tools often miss key warning signs and how organisations can move beyond reactive response to strategic prevention.

The report explores:

• The evolving motivations behind insider behaviour—from ideology to coercion
• Critical case studies from national security and corporate environments
• A behavioural-led framework for risk detection and cross-functional response
• Why traditional tools like SIEMs are falling short
• How Clue enables integrated, intelligence-driven insider threat prevention

Insider threats are no longer fringe risks – they’re a mainstream security challenge impacting governments, businesses, and institutions alike. The report calls on organisations to rethink outdated approaches and embrace intelligence as a core function of insider risk management.

The report is available to access here.

Ransomware attacks are no longer the exclusive domain of faceless hackers exploiting remote digital vulnerabilities. Increasingly, they hinge on a more accessible and exploitable asset: insiders. Whether negligent, compromised or complicit, employees, contractors and third-party partners are now central to the ransomware threat landscape. 

Rethinking the narrative

The traditional story of ransomware centres on brute-force attacks, phishing or vulnerability exploitation from the outside. But recent high-profile incidents reveal a more complex picture – one where the “attack surface” includes people inside the organisation. Social engineering, third-party compromise and credential misuse are the new frontlines of ransomware campaigns. 

The insider factor in ransomware: sector highlights

Retail sector

Marks & Spencer (April 2025) 
The Scattered Spider group impersonated M&S IT staff to bypass service desk protocols. By disabling multi-factor authentication, they deployed ransomware that disrupted online shopping, payments and loyalty systems – wiping £300 million from operating profits and £1 billion from market value. 

Co-op Group (April 2025)
A ransomware attack exploited third-party vendor vulnerabilities to access and compromise Co-op’s back-office and customer service systems, exfiltrating sensitive data and crippling daily operations. 

Harrods (April 2025)
Although ransomware was not deployed, a thwarted attack prompted a lockdown of internet access across Harrods’ sites. The attempt exposed weaknesses in third-party access control and the importance of insider vigilance. 

Victoria’s Secret (UK) (May 2025)
A ransomware attack took systems offline for days and delayed financial disclosures. Internal credential mismanagement provided the entry point. 

Law enforcement sector

Greater Manchester Police (September 2023)
Over 12,500 staff had personal data compromised when ransomware targeted their ID card supplier. Exposed information included names, photos and badge numbers – valuable assets for coercion or impersonation. 

Metropolitan Police (August 2023)
A third-party supplier breach led to unauthorised access to sensitive personnel records, raising concerns over both officer safety and insider exposure. 

Eurofins Forensics (June 2019)
The ransomware attack that halted forensic services across the UK forced law enforcement to delay thousands of investigations. Reports indicate the ransom was paid to restore operations. 

Healthcare sector

NHS 111 / Advanced (August 2022)
Attackers used a compromised third-party credential to deploy LockBit 3.0 ransomware, disrupting ambulance dispatch, referrals and mental health services. The impact lasted weeks, and data exfiltration was confirmed. 

Local government

Hackney Council (October 2020)
Pysa ransomware actors exploited a dormant internal account and an unpatched vulnerability, crippling council services from housing to benefits. The recovery cost exceeded £12 million. 

Redcar & Cleveland Council (2020)
A phishing email led to a total systems lockdown and weeks of manual operations. The financial impact surpassed £10 million – all triggered by a simple staff mistake. 

What ransomware groups look for in insiders

Ransomware operators increasingly exploit: 

• Financially vulnerable individuals – those under economic stress are more susceptible to coercion or bribery 
• Privileged access holders – admin-level users offer the fastest route to mission-critical systems 
• Disgruntled employees – workplace dissatisfaction can drive malicious intent or indifference to risk 
• Third-party vendors – external partners with internal access, often less monitored, are easy prey 

Why traditional cybersecurity falls short

Security protocols typically assume threats come from outside. This leaves insider actions – whether malicious or accidental – dangerously under-monitored. 

Key shortcomings include: 

• Trusted status – insiders bypass many traditional cyber defences simply by operating within the perimeter 
• Limited behavioural monitoring – subtle anomalies like off-hour access or unusual data transfers may not raise alerts 
• Under-scrutinised third-party access – external partners often enjoy extensive access with limited oversight 

An intelligence-led insider risk strategy

To counter this evolving threat, organisations must adopt a more holistic, intelligence-driven approach: 

• Behavioural analytics – leverage tools that detect deviations in user behaviour and access patterns 
• Cross-functional collaboration – align IT, HR, compliance and security teams to create a unified risk profile of users 
• Third-party risk management – rigorously vet and continuously monitor vendors, especially those with privileged access 

Reframing the ransomware risk

Recent incidents involving M&S and Harrods make one thing clear: ransomware is no longer just a cybersecurity problem – it’s a human and operational risk. Defenders must understand that ransomware may not start with a firewall breach. It could begin with a message to an employee’s personal device, or a compromised contractor logging in with trusted credentials.

Want to stay ahead of insider threats?

Access our latest Insider Threat Assessment to understand why insider risk is increasing and why traditional cybersecurity tools like SIEMs aren’t enough. This report uncovers a new intelligence-led approach for early detection and prevention.

Inside you’ll find:

• The evolving tactics and motivations behind insider incidents
• Real-world case studies from government, law enforcement, defence and private sectors
• Why insider threats often evade traditional cyber defences
• A practical framework for behavioural monitoring and cross-functional response
• How Clue enables organisations to uncover hidden risks through integrated intelligence

Get the full report and strengthen your insider risk strategy today.

On June 3rd, Clue Software convened a high-level Public Sector Economic Crime Leadership Event at the TLT headquarters in London. Bringing together senior figures from across government, law enforcement, and regulatory bodies, the closed-door session addressed one of the UK’s most pressing challenges: economic crime.

Chaired by Ian Dyson QPM, former Commissioner, City of London Police, distinguished attendees included senior leaders from:  

• City of London Police (COLP) 
• Department of Health and Social Care (DHSC) 
• National Economic Crime Centre (NECC) 
• NHS Counter Fraud Authority (NHSCFA) 
• Serious Fraud Office (SFO) 
• Insolvency Service 
• Driver and Vehicle Standards Agency (DVSA) 
• Public Sector Fraud Authority (PSFA) 
• HM Revenue & Customs (HMRC) 
• The Office of Trade Sanctions Implementation (OTSI) 
• TLT

Hosted by Clare Elford, CEO of Clue Software, the event was held under the Chatham House Rule to encourage open, candid discussion and cross-sector collaboration. The day concluded with a private dinner, reinforcing relationships and dialogue among stakeholders committed to combating economic crime.

The following insights reflect the key themes and takeaways shared across sectors during the event. 

Urgency, scale, and public confidence

Economic crime accounts for nearly half of all reported crime in the UK, with estimated public sector losses reaching £59 billion annually. The scale of the threat – from individuals to organised crime groups and state-level actors – poses systemic risks to financial stability and public trust. A shared understanding emerged: economic crime is not a victimless offence, and failure to respond effectively undermines confidence in policing and public services.

The need for crime prevention as the core mission – not just detection and prosecution – was reaffirmed, supported by credible strategies, resourcing, and partnerships.

Technology, AI, and the changing threat landscape

Criminals are adopting advanced technologies at pace, exploiting AI, digital platforms, and commercially available fraud tools. Financial services organisations remain under pressure, often lagging in tech adoption due to regulatory constraints and governance layers.

Key threat trends include a rise in ‘CEO’ and impersonation scams, social engineering powered by AI, and fraud-as-a-service operations. With 80% of fraud now originating online and 70% of it linked internationally, the case for cross-border, tech-enabled collaboration is more urgent than ever.

Civil vs. criminal approaches

There was consensus that disrupting economic crime requires flexible tools – including both civil and criminal powers. Asset tracing, sanctions, and regulatory enforcement are increasingly used to tackle high-impact targets and enablers. However, deploying these tools effectively demands new skill sets, cultural change, and clearer decision-making frameworks across public sector bodies. 

Civil action can deliver faster, more scalable outcomes – particularly in cases involving complex financial structures and international actors – but remains underutilised.

Coordinated disruption and poly-criminality

Strategic case studies, such as Operation Destabilise, highlighted the power of coordinated multi-agency disruption. Targeting crypto-enabled laundering networks linked to ransomware, drugs, and sanctions evasion, the operation resulted in significant arrests, asset seizures, and global enforcement actions.

These examples show the growing convergence of threat types and the critical importance of targeting enablers – individuals, infrastructure, and services – to deliver broader system impact. 

Partnership, talent, and innovation

Across agencies, challenges persist around recruitment, retention, and skills development. Initiatives like the City of London Police’s Economic Crime Academy and secondment programmes and alignment to the Government Counter Fraud Profession were cited as promising models. There is strong support for professionalising economic crime functions and enhancing interoperability across public bodies.

Public-private partnerships emerged as a critical enabler – particularly in complex investigations. Technology platforms like Clue are helping bridge resource gaps, improve intelligence sharing, and accelerate investigations, but more strategic investment and longer-term procurement thinking are needed.

Measuring success and driving change

The event highlighted a shared recognition of the need to better communicate the meaningful impact made by those combating economic crime in the public sector – whether through criminal sanctions, civil recovery, or a combination of both. 

A clear call to action emerged: greater collaboration between the public and private sectors is essential to strengthen prevention and disruption strategies. This includes sharing intelligence, pooling resources, and aligning incentives to address the root causes and enablers of economic crime. 

Notably, insight from the banking sector underscored the power of regulation in driving action – emphasising that, as a regulated industry, they prioritise controls they must implement, not just those they should. This prompted reflection on whether a similar regulatory clarity and enforcement could help focus public sector investment and commitment to counter-fraud functions. 

Clue is proud to support the agencies and individuals leading the fight against economic crime. If you’d like to learn more about our work, technology, or how we’re supporting the public sector, please contact us or visit our website to explore Clue for Economic Crime.