The Office of National Statistics (ONS) has trialled new ways to incorporate cyber-crime into official statistics.
For the first time the ONS released preliminary estimates on cyber-crime. As part of its annual release of crime stats, the Crime Survey for England and Wales (CSEW) the ONS estimated several new and shocking developments.
The ONS estimated there were 5.1 million cases of fraud during the 12 months to June. This figure includes cyber-fraud but also traditional types as well. In addition to that, 2.5 million incidents were estimated to be in breach of the Computer Misuse Act. Of those cases, 404,000 involve actual hacking while 2,057,000 were cases of infection with a computer virus.
Previously not included in official crime statistics, the inclusion of figures for fraud and cyber-crime will paint a different picture from the traditional view of crime as a physical act involving theft or violence.
The survey recorded 6.5 million offences covering non-cyber crimes such as theft, robbery, assault and murder, an eight percent decline on the previous year. But when you factor in fraud and cyber-crime, the figures jump by over 100 percent.
The UK officially measures crime in two ways. First, the official police statistics, which track recorded crime. Second is the CSEW, an independent survey based on interviews in households, which includes crimes that have not been reported to the police.
The results of this CSEW are the results of a field trial carried out between May and August of this year and based on a sample size of 2000.
The ONS has stated that crime has been broadly falling over the years but, as the ONS itself acknowledges, this is because the figures have until now not included cyber-crime or fraud. "As shown in CSEW estimates, crime is down from 19 million at its peak in 1995 to under 7 million offences in the year ending June 2015. It has been argued that crime has not actually fallen but changed, moving to newer forms of crime not captured by the survey measurement," the authors stated in the report.
Earlier this year, Adrian Leppard, commissioner of the City of London Police, told the Telegraph that around a quarter of organised crime groups in the UK are involved in financial crime. A report on UK crime statistics by researchers at the University of Cambridge, released at the same time, showed that six out of ten cyber-criminals had criminal records which were completely unrelated to cyber-crime, showing that, “those traditional offenders are changing their behaviour and moving to the internet”.
Given the growing awareness of cyber-crime in recent years, why has it taken authorities this long to include cyber-crime in the annual crime survey?
Joe Traynor of the ONS spoke to SC, offering some insight: “Since taking over responsibility for the crime statistics in April 2012, ONS has been working to improve their coverage and developing and testing questions on fraud and cyber-crime over the last 12-18 months.”
Traynor added that there are a range of complex issues surrounding the recording of cyber-crimes. “For example, with traditional crimes it is generally easy to identify and recall the number of separate incidents and therefore estimate them accurately. Fraud and cyber-crime raises difficult issues such as whether or not you include attempts to commit crime as crimes (as we do for traditional crimes)” or, “whether or not you count a series of linked fraudulent transactions as a single or multiple crime”.
One of the traditional problems with recording cyber-crime is that often people either don't know it has happened or don't report it at all and so may not turn up on the police statistics.
SC Magazine UK interviewed Adrian Leppard last month who echoed this view: “The British crime survey [the old name for the CSEW] that comes out next year is expected to indicate that there are about three million (fraud) crimes a year in the country, of which only 250,000 get reported, and the capacity of the police service means they deal with about a quarter of that – so one of the biggest challenges we have is to make it easier for industry to report.”
The ONS feel the same, saying that its 2.5 million figure is only what they could collect and that they actually “estimate that there were more than seven million fraud and computer misuse incidents in the past year”.
The UK has been shown to be the world's top target for cyber-criminals. A recent survey by PwC showed that nine out of ten large organizations suffered from some kind of breach in the last year. In 2012, Norton, creators of Norton Anti-Virus software, released a report which estimated that 12.5 million people had been victims of cyber-crime in the previous year.
The view that cyber-crime exceeds the official figures is widespread.
Louise Pordage, a senior manager at KPMG's cyber security practice, told SC: “While the figures released today may appear high, I am certain that cyber-crime remains one of the most under reported areas in our crime statistics.”
James Murphy, associate director of defence and security at techUK agreed that these stats are probably lower than the reality of cyber-crime in the UK: “Given these crimes are often under-reported, it's likely the actual figures are even higher than those published today. The only way we can successfully tackle the growing threat to people and businesses is for police, industry and victim support to work together to better protect and prevent against such crimes.”
The release of these figures was generally met with cautious applause by the industry, who have been talking about these kinds of crimes for years, to little response. When speaking to SC, Pordage added that “the incorporation of these figures into the Crime Survey of England and Wales is a vital first step towards a more robust reporting regime for cyber-crime, and an important recognition that such crimes can have every bit as much of an impact on our lives as more conventional crime.”
Richard Olver, VP for the EMEA region at Tanium said: “It comes as no surprise that cyber-crime has officially become the UK's most common offence. The ONS report rightly brings to attention cyber-crime figures which have been steadily increasing year on year, whilst hackers continue to use the same methods they've been using for decades.”
As this new kind of crime comes to the irrefutable fore, law enforcement bodies are also facing budget cuts, potentially hamstringing their abilities to deal with cyber-crime.
But Mike Penning, minister for policing, crime, criminal justice and victims, doesn't think so. He told the press in a statement, that "We are committed to tackling fraud and cyber-crime. This is not a new threat, and the Government has been working to get ahead of the game."
He said that since 2010, the National Crime Agency has been created and endowed with a £860 million pound investment in the National Cyber Security programme, and the Home Office plans to publish info on cyber-security to do with online banking and retail services so customers will be informed how to stay safe online.
The statistics were welcomed by the City of London Police who have been asking for extra funding to help combat cyber-crime. Spokesman Edward Townsend told SC that, "We have been calling for the British Crime Survey to carry questions on fraud and cyber-crime for some time and this analysis will ensure government and police forces can prioritise fraud alongside other more reported crimes."