3.5 million cyber-crimes recorded, true figure could be 20.5 million
3.5 million cyber-crimes recorded, true figure could be 20.5 million

Fraud and computer misuse offences accounted for almost half of the 10.8 million criminal acts recorded by the Office for National Statistics (ONS) in its Crime Survey for England and Wales (CESW), accounting for some five million crimes.

These included 1.6 million computer misuse offences, and more than 3.3 million for fraud, which was up four percent on the previous year; more than half of fraud offences (57 percent; 1.9 million incidents) were cyber-related.

‘Bank and credit account fraud' was the most common type of fraud experienced (2.5 million incidents or 75 percent of total fraud), followed by ‘consumer and retail fraud' – such as fraud related to online shopping or fraudulent computer service calls (0.7 million incidents or 22 percent of total fraud). In addition, of the 1.6 million computer misuse incidents adults experienced, an estimated; around two-thirds (67 percent or 1.1 million incidents) of these were computer virus-related and around one-third (33 percent or 0.5 million incidents) were related to unauthorised access to personal information (including hacking).

Thus reported cyber-crime, including misuse and fraud, accounts for 3.5 million offences.

“The Survey remains our best guide to long-term trends for crime as experienced by the population in general." Says John Flatley, crime statistics and analysis, at the Office for National Statistics, though the CSEW suggests that only 17 percent of incidents of fraud either come to the attention of the police or are reported by the victim to Action Fraud.

If this figure is accurate and applies to both fraud and computer misuse, the true number of incidents would be in the order of 20.5 million incidents.

Fraud and computer misuse are classified as Experimental Statistics by the ONS, and not included in headline estimates as two full years of inclusion are needed for annual comparisons. The first set of figures that qualify for annual comparisons will be available on 25 January 2018.

"Today's estimates from the ONS once again emphasise the scale of the threat posed by cyber-crime and fraud. With Fraud and Computer Misuse offences accounting for very nearly half of all crime, and with over half of all fraud being cyber-enabled, it is imperative that law enforcement agencies be equipped with the tools and resources they need to tackle this challenge,” commented Henry Rex, programme manager for Justice & Emergency Services at techUK in an email to SC Media UK.

He adds, “Mechanisms must be put in place to allow the police to work closely with industry, civil society and other stakeholders in Government, to enable quick access to the appropriate capabilities and share best practice. Furthermore, improved mechanisms for the reporting of cyber-incidents would give a more accurate picture of the threat landscape and allow for better co-ordination in response to cyber-threats."

John Cannon, Commercial Director Fraud & ID, Callcredit Information Group, noted that these figures, “leave little doubt that fraud is now one of the main threats facing UK business. An unsurprising but worrying state of affairs considering the rapidly growing dependence on technology. Businesses are struggling to keep up with the constantly evolving fraud threat and are trying to use technology to tackle the problem.

In an email to SC Cannon adds, “Systems are only ever as strong as their weakest link. Though convenient for consumers, single point verification isn't the answer in terms of providing an end-to-end security process. It cannot be relied on as the only security measure for digital channels. If, for example, your fingerprint fails, your iPhone then asks for your pin, therefore it cannot be any more secure than the pin or password it purports to replace. Organisations should leverage a range of technologies as part of two-factor authentication....”

These figures make it less surprising that recent research found 60 percent of consumers are willing to accept any security measures needed to eradicate fraud, while 65 percent of consumers would accept the kind of proposals made by Amber Rudd, contradicting the widely-held belief that consumers value convenience and experience over security when shopping online. That's according to a research report by Paysafe, Lost in Transaction which also reports that more than half (52 percent) of UK consumers think fraud is an inevitable part of shopping online.

Another interesting finding is that 69 percent of businesses surveyed want to increase customer sign-ups and transaction volumes by reducing risk thresholds for ID verification. But 78 percent also want to produce more effective verification measures to reduce fraudulent transactions, a potential conflict with their revenue ambitions.

 “In many ways it is surprising to see such a consumer focus on security features rather than more convenient checkout processes. However, it's clear that protection against fraud is top of mind, and merchants will need to focus on delivering the right balance of fraud protection and frictionless experience,” commented Andrea Dunlop, CEO acquiring and card solutions, Paysafe.

Mark McClain, CEO and co-founder of identity company SailPoint noted how statistics on computer misuse indicated a decline from last quarter, commenting in an email to SC Media UK: “The decrease in cyber-crime cases demonstrates the beginning of an advantageous trend for the UK's digital landscape.

“It is imperative that businesses continue to make proactive changes to their data protection strategies. This ensures that greater security obligations are met, in line with the UK government's more hands-on approach to cyber-security.

However he adds, “To continue to drive down cases of cyber-crime and its wider effects, businesses can't rely on government initiatives alone. Companies must take proactive steps to mitigate threats by developing a user-focused defence strategy focused on managing user identities and protecting personally identifiable information. This approach will ensure there is complete visibility across entire systems, making it easier to locate potential vulnerabilities and protect from the debilitating effects of data breaches and leaks.”