In the Spotlight on Corruption report, it claims that the NCA is at a crossroads as “if it is to be at the forefront of the UK’s fight against serious and organised crime, including corruption, money laundering and fraud, it needs investment.”

In particular, the paper, authored by Dr Daniel Beizsley and Dr Susan Hawley, highlighted hiring, retention and salary challenges faced by the NCA. It said that more “upfront investment” is needed in the NCA’s technological capabilities, as that will provide long term value for the taxpayer, and help it protect the public from threats that are increasingly online and cyber related. 

Best and Most Advanced

It said: “Given the NCA’s role as the UK’s lead law enforcement agency, including in response to cybercrime, its technology needs to be among the best and most advanced in the country.

“But as the Joint Committee on the National Security Strategy found in 2023, when it comes to tackling crucial cyber threats such as ransomware attacks, ‘the NCA has insufficient resources and capabilities to match the scale of this challenge’.”

The paper also claimed that the NCA lost nearly a third of staff in key cyber and technical roles in the last two years.

In It For The Money

On the salary point, they said that the agency “should be ambitious enough to allow it to establish a cross-agency pay structure” so it can pay at an equivalent to the police, has enhanced flexibility to pay higher wages for mission-critical roles in cyber and legal; and can provide clear and attractive pay progression.

In a breakdown of salaries, the authors showed that the NCA’s head of Digital, Data & Technology command is paid £12,000 less than the average average salary for an IT director, while a salary of £32,892 was offered for a data scientist to be based at the NCA’s National Cyber Crime Centre; while the average salary for equivalent data scientist roles can be £48,000 per year.

The NCA has previously stated that its “current pay ranges are not sufficient for retaining specialist skills within enabling capabilities and non-powered roles” and “roles in the private sector are able to offer much more attractive packages.”

Beizsley and Dr Susan Hawley said that while there will always be differences between the private sector and public sector pay, if the NCA is to recruit and retain specialist cyber experts so that it can keep ahead of the game, it will need to have a strategy for tackling the significant difference between what these experts can earn in the private sector and its own pay range, especially for specialist niche roles.

Working to Address

In a statement sent to SC UK, an NCA spokesperson said that the Spotlight report highlights a number of issues regarding its funding, pay structures, staffing and investment – aspects it has identified in its own reports, and are actively working to address.  

“'We are committed to working with Government to ensure that the Agency has the right structure and operating model, and, crucially, is able to attract, retain and support a talented workforce,” the spokesperson.

“We know that it is imperative that we deliver value for money while achieving our mission of protecting the public from serious and organised crime, now and as the threat evolves.”

The spokesperson also made the point that the agency’s officer turnover is seven percent, much lower than a UK rate of 34 percent.

“Serious and organised crime threatens our national security, economic prosperity and the safety of the public we serve; the challenges we face when tackling it are immense, and growing,” the spokesperson continued.

“The Agency is world leading in many areas, and has achieved significant and continued success over its decade in operation. Last year alone, our officers made more than 4,700 disruptions, our most ever and more than a dozen every single day.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.