Law-enforcement agencies are challenged in fighting cybercrime because criminals are spread out globally, but companies can help address the issue by working more closely with authorities, experts say. 

“We’re all anxious to better work with our business partners in order to make sure we can stop these huge attacks that are going on,” said Robert Shull, deputy bureau chief, cybercrime and identity theft bureau, with the Manhattan district attorney’s office.

Mr. Shull was among those who spoke during a session Thursday on law enforcement and cyber insurers as partners in fighting crime during the Minneapolis-based Professional Liability Underwriters Society’s 2021 cyber symposium, which was held virtually.

Edward Chang, assistant U.S. attorney for the District of Connecticut in New Haven, said law-enforcement authorities are challenged not just because the criminals are located all over the world, but because so are their tools. This necessitates reaching out to “a multitude of foreign countries to make any kind of progress,” he said.

Ryan Leszczynski, supervisory special agent, cyber division, with the FBI in Washington, referred to a task force report issued last week that called for a coordinated, international response to ransomware. “We could not have effective investigations without strong international partnerships,” he said.

Speed is a critical factor in these investigations because adversaries move quickly “before law enforcement can really catch up,” Mr. Leszczynski said, and get the appropriate evidence. International partnerships help minimize the time between the discovery of a crime and obtaining evidence, he said.

Another big problem, Mr. Chang said, is “the technology and the way it’s moving to make things more anonymous.” This includes bitcoin, as well as computer services that can be anonymously acquired by cybercriminals, he said.

Mr. Chang said increased cooperation between the public and private sectors would be a big step toward addressing cybercrime.

“We need everybody’s cooperation if we have any chance” of investigating cybercrime and stopping it, Mr. Shull said.

Companies that have been cyberattacked may end up contacting multiple authorities, depending on the size of the attack and other factors, he said. Because of the challenge of knowing which agency to reach out to, they should set up contacts in advance, he added.

Mr. Shull said it’s advantageous from a public relations perspective if companies report in news releases that they’re cooperating with law enforcement.  “It makes the company look like they’re on top of things,” he said.

Insurers can be valuable in addressing cybercrime because of the larger perspective they can provide in terms of attack vectors, said Craig Guiliano, a director with Aon Reinsurance Solutions in Chicago.

Looking to the future, Mr. Leszczynski said that as mobile devices increasingly become the “platform of choice” there will be a rise in mobile-based targeting by cybercriminals, including through phishing, social engineering or taking control of phone numbers.

Cryptocurrency is another concern as prices rise, he said, predicting more theft. Email fraud is also “not going away any time soon,” he said.

The PLUS session was moderated by Beth Diamond, New York-based group head of claims for Beazley PLC.