Public reports of computer-linked crimes are soaring thanks to a huge rise in data breaches, even as prosecutions against Computer Misuse Act offenders slump.
The Crime Survey for England and Wales said it recorded 1.8 million computer misuse offences in the 12 months ending June 2021, matching the number it recorded in 2017.
“This was an 85 per cent increase compared with the year ending June 2019, largely driven by a 161 per cent increase in ‘Unauthorised access to personal information (including hacking)’ offences,” said the Office for National Statistics, which owns the survey.
Jed Kafetz, head of pentesting at UK-based infosec firm Redscan, described the latest stats as “a useful barometer for understanding how cybercrime impacts UK citizens in their day-to-day lives.”
“The 1.8 million estimated computer misuse offences are likely to be a fraction of the real number, when you consider how many details are lost, stolen and sold during big data breaches in a typical year,” said a rather gloomy Kafetz. “I’m sure hacking incidents are grossly underreported, because people increasingly expect them in day-to-day life.”
The ONS added that according to a 2019 survey it carried out, 68 per cent of those who reported being included in a data breach said they were “not affected at all” by it.
In the 11 months between July 2017 and June 2018, the Crime Survey recorded 1.1 million “computer misuse” crimes in its telephone survey of a nationally representative sample of Britons – though the ONS claimed these figures are not comparable to this week’s telephone survey because the older data includes teens aged 16-18 and is not restricted to adults only.
The survey’s data is different from data collected by police forces because, so the ONS says, it captures information about crimes that are not reported to police.
Despite the large jump in computer misuse crimes experienced by the population, prosecutions brought under the Computer Misuse Act over a similar time period dropped by 20 per cent.
Reporting computer misuse crimes to the police can have varying outcomes. In 2019 we reported how crime reports to Action Fraud rarely do more than get added to a row in a spreadsheet. While police and related agencies are notably good, in the UK, at diverting wayward youth away from hacking and towards legitimate infosec life choices, there is a balance to be struck between shying away from investigations and prosecutions and ensuring the law is actually enforced. ®
Bootnote
A little-known fact is that the Computer Misuse Act can be applied to crimes committed overseas, similar to how the US Department of Justice regularly announces charges against overseas criminals. Strangely, this provision is rarely used – possibly because, in the absence of a firm sentencing guideline for the CMA, prosecutors fear foreign criminals getting a slap on the wrist instead of a strong prison sentence.