It is knowledge instilled into UK citizens from a young age – to phone 999 for life-threatening emergencies, 111 for medical help and advice, or 101 for non-emergency inquiries. Whether you’re looking for medical assistance, mental health counselling or support as the victim of a crime, knowing who you can turn to in your hour of need is critical.
But where do you go if you’re the victim of a cybercrime – if you’re the target of a hacking incident, or you’re being conned by a digital scam, or you’re facing harassment online? This was the question asked by Rory Innes, a longstanding cybersecurity professional, and founder and CEO of The Cyber Helpline – a provider of free help and expertise to victims of cybercrime and online harm.
“During my career in cybersecurity, I saw the huge gap in support for these victims and the opportunity to try and mobilise the cybersecurity community to step in and fill some of that protection gap,” he said. “And I had this moment of realising ‘somebody has to do this, so why don’t I?’”
In the early days of setting up the helpline, Innes quickly discovered a knowledge gap at the heart of the challenge facing the cybersecurity industry. So many cybersecurity resources are targeted at protecting corporates, he said, while the police and other support services often don’t have the level of cyber and technology expertise – or capacity – to be able to support individual victims in a meaningful way.
“But that gap isn’t just about technology and cyber expertise,” he said. “Just because you understand IT and cybersecurity as a cybersecurity professional doesn’t mean you know how to respond to cyberstalking or revenge porn or sextortion – or any of these really complex human issues where technology is involved. I realised there wasn’t a playbook for these things, nobody had really identified how we can keep victims safe.
“Having worked in cybersecurity for a long time, I knew first-hand that it’s a really good industry where people do a lot of volunteering and look to give back to a lot of causes. But there simply wasn’t the vehicle for them to offer help and support to cybercrime victims. So the question was how to mobilise these good people, train them up, vet them for this work and help them to help individuals and families through these experiences.”
Innes set up a website offering support to people who have been hacked or scammed online and saw an influx of thousands of people coming forward for help. The story of the last six years has been one of growth and scale-up, he said, as the charity has worked to mobilise the resources and support of the wider cybersecurity industry, backed by the support of critical partners including its long-term corporate sponsor AXIS.
“We’re now a charity with 120 volunteers, some full-time staff and we’re opening 2,000 cases a month,” he said. “We’ve helped around 40,000 people so far and we have about half a million people a year coming to our website and accessing our guides. How we work is by connecting cybersecurity experts with individuals and families who have suffered some malicious activity online; from hacked email accounts, to cyberstalking, to digital fraud.”
For Stuart Quick, head of global cyber and technology business delivery at AXIS, his involvement with The Cyber Helpline started on a personal level. Having known Innes for some time, he said, he became aware of the supply-side problem the helpline was having in those early days, and so he started volunteering. From there he became an ambassador of the charity and later a trustee of the charity.
“At the same time the global cyber and technology unit within AXIS has a strong history of supporting social causes linked to the cyber environment,” he said. “And we were coming to the natural conclusion of a couple of partnerships we already had. So, about two years into my time at AXIS, I pitched The Cyber Helpline to our senior leadership team and they recognised that it was a great fit.
“That’s because you can really see where your support is going to go and the tangible impact it will have both on the charity and helping that to grow and scale, but also the impact it will have on people. Something that our unit is very focused on is the social value of insurance and I think a lot of people in the cyber community naturally think about the impact of cyber incidents on people and on organisations. There’s a natural need and desire to help.”
There’s sometimes a misunderstanding about cyber insurance and the protection that it offers in the wider cybersecurity ecosystem, he said. And so, the partnership also provided a natural link to showcase the fundamental role cyber insurance and cyber insurance providers have to play in protecting individuals and communities.
“We could easily see where not just our financial support but also all the partnerships we have around access to law enforcement and legal advice and specialist skills such as forensics and threat intelligence would play a huge role in supporting The Cyber Helpline,” he said. “And these are all people we engage with not just on the response side but the preparatory side as well.
“So, we saw this is an opportunity to raise awareness of the charity but also to bring other people from the cyber community in to support The Cyber Helpline. We were their first corporate sponsor and we continue to support it today.”
The insurance sector might be very competitive but it’s also inherently collaborative, Quick said, and a key component of how AXIS can support The Cyber Helpline – in addition to direct funding – is by raising awareness of the initiative in the context of that collaborative environment. AXIS is not possessive of its partnership with the charity, but actively works to engage the support of other insurers, reinsurers, brokers and vendors.
“We’ve had a lot of traction with that approach,” he said. “Recently we’ve had a couple of law firms who are interested, as well as digital forensics and incident response companies that are interested in talking to Rory to see how they can help. Because it’s not just about money, it’s skills and services that the helpline needs as well.”
Digging into the impact of the support pledged by AXIS and the wider cyber ecosystem, Innes highlighted the difference having access to funding makes. While the time so generously given by the charity’s 120 volunteers is free, he said, each volunteer costs the helpline north of £750 a year between training, tooling and background checks.
Also essential, he said, is the power of having the support of established and trusted brands such as AXIS, particularly in the context of dealing with people who have recently been scammed or hacked or faced online abuse. Rightfully, these individuals are extremely cautious, but being able to leverage the power of AXIS’ brand as well as access to its expertise is rapidly building the charity’s credibility.
What’s important to recognise Innes said, is the incredibly complex and interconnected risk environment that The Cyber Helpline is working within – which is why having a network of support partners is so crucial. Because the reality is that when it comes to governance, compliance and the law enforcement structures around safety on the internet, it’s still such early days.
“We’re just not in a place where we can regulate big tech firms and where we can keep people safe online,” he said. “We’re at this really pivotal moment where we’re looking at the Online Safety Bill and we’ve got the National Fraud Strategy that’s just been released by the UK government. But we’re only at the start of this journey of realising how we can deal with these ethical issues and grapple with these international crimes and international organisations.
“As a charity, when we talk to law enforcement and government, we see they’re just not far enough along to provide the levels of support that we need to help the millions of victims in the UK every year. And so it’s interesting to see is how the cybersecurity community and organisations like AXIS are really leading the charge in helping to fill the gap on this.”
Innes expressed his hope that as The Cyber Helpline continues to grow it will do so in the context of a changing legal and regulatory framework which dedicates more funding and better resources to victim support. That’s when it will get really interesting, he said, though for now, it feels quite far away. This is illustrated by the findings of the National Fraud Strategy which highlighted that 40% of all crime is cybercrime or digital scams, while less than 1% of police resources are allocated to this space.
“There's this massive job to try and adapt to this online threat that individuals face,” he said. “And where The Cyber Helpline and our partners are operating is within that gap - until the police and the wider ecosystem can catch up with the way crime is happening now.”
Are you looking to find out more about this initiative? Whether you’re looking for support or to get involved as a volunteer or sponsor, you can find more by contacting The Cyber Helpline.
