RCIPS lacks ‘analytical understanding’ of cybercrime

In boardrooms, businesses and homes across the Cayman Islands, threats from internet and email scams generally referred to as cybercrime are increasingly becoming a major concern.

However, the Royal Cayman Islands Police Service lacks both an operational plan and a “proper analytical understanding” of these types of crimes, according to a report made public last month by the government’s Ministry of Home Affairs.

The RCIPS was contacted for comment about the ministry’s evaluation, which was completed more than six months ago, and noted steps have been taken to improve the situation since.

Following a December 2015 government directive issued to the Information and Communications Technology Authority and the e-government initiative, a police spokesperson said RCIPS developed a cybercrime strategy in consultation with those two entities and representatives from the local financial services industry.

“Since then, we’ve been enhancing our skill set and improving our technology infrastructure,” a police statement indicated.

The ministry’s annual report for the 2015/16 fiscal year stated, “Phishing, trolling, malware, online scams, revenge pornography and the proliferation of child abuse imagery are each largely unreported and unrecorded. Moreover, the RCIPS currently lacks a strategic framework and operational action plan for tackling cybercrimes.

“Consequently, criminals are continuing to exploit technology and the tools to preserve anonymity online [at] a disproportionately faster rate in comparison to the speed with which the RCIPS has introduced the skills, resources and the tools to combat cybercrime.”

The issue is well recognized in Cayman and has been discussed extensively at various financial industry conferences in recent years.

In December 2015, presenters at the Cayman Captive Forum noted estimates that cybercrime and data breaches caused US$450 billion in damages worldwide in 2014, with just $2.5 billion paid in premiums to insure against computer crime.

That gap was expected to widen by 2020, when losses from cyber-related crimes were estimated to hit US$3 trillion, according to information given at the captives forum.

The ministry, which is responsible for funding the RCIPS operations each year, said it is imperative that the Cayman police service incorporates new policing measures in order to “keep pace” in the modern era.

“Cybercrime investigations differ significantly from traditional criminal investigations,” the ministry’s annual report reads. “They have a greater requirement for operating in online environments through open source analysis and covert means, and obtaining and analyzing data – and potential digital evidence – to drive investigations and support prosecutions.”

Demand for such specialized work is expected to increase in the future, as cybercriminals become even more tech savvy, the report noted.

Child abuse

The RCIPS has received some specialized training during the last budget year to deal with child pornography and exploitation crimes that occur on the internet.

The RCIPS received an $8,750 grant from Hedge Funds Care in late 2015 to bring in a U.K. trainer in child exploitation investigation procedures.

Former RCIPS Detective Inspector Mike Cranswick said at the time that local police did not know how big the internet-child abuse issue was in Cayman, but that it would be “dangerous to ignore it.”

Scam training

The Cayman Islands government has recently embarked on its own cybercrime training for employees.

In one such example from early February, about 3,000 government employees got a bogus “phishing” email purporting to be a traffic summons from the Cayman Brac courthouse. All employees who received it were supposed to report it to the government as part of the training procedure.

All staff who were chosen to participate were notified at the end of the day that it was part of a training exercise the government was conducting.


  1. “All staff who were chosen to participate were notified at the end of the day that it was part of a training exercise the government was conducting.”

    How many DID report it and how many fell for the (fake) scam?
    It really just takes ONE person to fall for this type of phishing scam and the entire system is compromised.

    The hacking at Sony that cost them billions was the result of a scammer penetrating not Sony but the suppliers of a vending machine that Sony had installed. As the supplier was linked to Sony the hacker was able to worm his way into the main Sony system.

    A bigger problem is so-called “spear-phishing” attacks. This is where one high value individual is personally targeted.

    For example: (I’m not picking on him) an email is sent to the government email account of Mr. Ezzard Miller. It has a Word doc attachment, is addressed Dear Ezzard, it appears to come from the email account of another MLA and asks for his support on a proposed piece of legislation.

    Would Mr. Ezzard open it (would you, would I) and unwittingly introduce a virus or Trojan into the system?

Comments are closed.