The nature of the risk or threat posed by ‘cyberfraud’ - fraud with a cyber dimension – is examined empirically based on data reported by the public and business to Action Fraud. These are used to examine the implications for a more effective risk-based response, both by category of fraud and also responding to cyberfraud generally, not just in the UK. A key characteristic of cyberfraud is that it can be globalised, unless there are major national differences in attractiveness of targets or in the organisation of control. This does not mean that all cyberfraud is international, however: not only do some involve face to face interactions at some stage of the crime cycle, but in online auction selling frauds, it appears to be common for the perpetrators and victims to reside in the same country. After reviewing patterns and costs of victimisation and their implications for control, the paper concludes that any law enforcement response must begin by being strategic: which other public and private sector bodies should be involved to do what; what should be the specific roles and responsibilities of the police and where ‘problem ownership’ should lie; what are we willing to pay for (in money and effort) for greater cybersecurity and how to reduce ‘market failure’ in its supply; and, how that security is going to be organised for and/or by the huge numbers of businesses and people that are (potentially) affected.