“Conversely there are a small number of organized gangs who…
…We understand that the police are concentrating their efforts on the second set of criminals. This appears to be a sound decision.”

Which raises the question,

“For how long?”,

Or,

“When is police or bank action against this group going to be sufficiently successfull to cause a change in tactics by the group, so that they look like the other group or a new type of group?”

Potentialy your work can act as a barometer or “sea state” indicator and show when there is a change on the way and importantly from which direction.

Not only would that be of interest to the Police, but also to the banks. However I’m not sure the companies the banks employ would like it.

If you are company A with clients XYZ you are not only in competition with company B or C but with yourself.

On the assumption that as company A you are compleatly honest what do you do when you are aware of an attack against a bank who is not one of your clients there are several things you can do,

1, Nothing,
2, Take action against it yourself,
3, Tell your competitor so they can take action.
4, Inform the banks senior managment.

If you take option 4 it might help you when it comes around to the time when the bank looks to renew contracts.

If option 3 you are effectivly acting as an unpaid agent for one of your competitors, who are under no obligation to repay the favour or inform their employer of where the “tip” came from.

Likewise for option 2 only you are also expending further resources needlessly for no apparent gain.

Which is why option I on the surface looks to be the most cost effective for any of the companies.

But there is also a hidden point here, if you and your competitors become overly successfull then the attacks as they currently are will stop as they will no longer work for those commiting them.

Either they will give up (unlikley) or move to new methods.

Either way your company loses out, either because there is no need for the banks to pay for your services or because you will have to learn new ways to deal with the new methods employed by the attackers.

Now if you remove the assumption that one or more of these companies are honest you get an interesting dynamic arising.

As some will remember there have been past claims that virus companies where creating “lab only” viri to keep the competition busy and themselves in work. Similar claims have been made about malware in more recent times.

If a company where less than honest they would ensure that there was a stedy stream of new attacks not just against their competitors banks (ie make them look like poor performers by their slow response) but also against their own banks so that they can look like good performers by their very rapid response. It would take very few but noisy attacks to skew any one companies odds significantly.

So your work might just show up companies that are involved with less than honest behaviour (if any).