Intelligent CISO Issue 99 | Page 16

COVER story

About Will Lyne
Will Lyne is an experienced and internationally respected leader in the field of serious and organised crime. Currently the Head of Economic and Cybercrime at the Metropolitan Police, he leads the Commands that protect Londoners from threats such as fraud and ransomware.
Lyne has worked in law enforcement since joining the UK National Crime Agency as a trainee investigator in 2010. From 2011 to 2013, Lyne worked in Afghanistan delivering investigations with local, military and international partners, before joining the National Cyber Crime Unit in 2013. From 2016 to 2020, Lyne led the NCA’ s liaison team and online crime engagement with the FBI based in Washington D. C., USA.
He has led numerous high-profile investigations covering money laundering, fraud, kidnap and extortion and cyber-offending. This includes multiple disruptions of the world’ s most harmful cybercrime group, EvilCorp, and leading Op Destabilise, the UK’ s largest economic crime investigation that dismantled a multi-billion global Russian illicit finance network. Lyne has also led the development of pioneering Artificial Intelligence capabilities within the NCA, contributing to the related NPCC national standards.
A 2008 graduate of University College London and a 2018 graduate of the Johns Hopkins School of Advanced International Studies, Lyne graduated from the College of Policing Executive Leadership Programme in 2025. Alongside his role, Lyne is studying for a PhD at the University of Cambridge Institute of Criminology, with a thesis focused on online threats.
We have not yet observed AI running end-to-end cyberattacks in a consistent way, but it may be coming.
How can organisations better prepare for and respond to cyber-incidents from a law enforcement perspective?
Prevention is important, and people and organisations can strengthen their resilience through basic cyber-hygiene such as multi-factor authentication, patching and staff awareness. However, preparing for incidents is also important. No matter how protected you are, everyone is a potential victim. Understanding your cyber-risk and then having and regularly refreshing clear incident response plans is important, and I would encourage reporting incidents to law enforcement via Report Fraud, run by colleagues at the City of London Police, providing us important data to disrupt offenders, recover assets and prevent further harm.
What trends do you expect to shape cybercrime and economic crime over the next few years?
Cybercrime will be increasingly scalable and sophisticated, with the use of AI enabling more convincing fraud and social engineering, alongside continued growth in ransomware and data-driven extortion incidents. The boundary between cybercrime and economic crime threats such as fraud, and other threats, will continue to blur, reinforcing the need for strong collaboration between law enforcement, government and industry in protecting the public. The scale of the threat in terms of the volume of offending, especially for offences such as fraud, is likely to increase.
At the Met we are committed to protect Londoners against economic and cybercrime, and will continue to work tirelessly to disrupt those who seek to harm our communities.
How is Artificial Intelligence changing both the scale and sophistication of cybercrime investigations?
AI is increasing both the scale and sophistication of the different stages of cybercrime business models. Examples include perfecting more successful phishing emails to automating the exploitation of software vulnerabilities( which is something we have heard lots about in the media recently). We have not yet observed AI running end-to-end cyberattacks in a consistent way, but it may be coming. Whilst we know cybercriminals are using AI, the challenge for us in law enforcement is keeping pace to harness new technology to disrupt offenders.
What sectors or types of organisations are currently most at risk from cyber-enabled economic crime?
Every organisation is a potential victim – the majority of cybercriminal groups are broad and indiscriminate in their targeting.
How important is international co-operation in tackling modern cybercrime networks and cross-border attacks?
It’ s essential. Cybercrime is inherently cross-border, with offenders, infrastructure and victims often in different countries. For example, an attack may involve servers hosted in one country, perpetrators operating from another, cryptocurrency payments moving through jurisdictions, and victims located worldwide. No single nation can effectively address these threats in isolation.
16 WWW. INTELLIGENTCISO. COM