Cybercrime is the most under reported, under investigated crime in the UK

Cybercrime is the most under reported, under investigated crime in the UK

Today, you are more likely to be mugged online than in the street

Cybercrime is the most under reported, under investigated crime in the UK

Press Release: Sunday April 5th 2015

Each year tens of thousands of online crimes are under reported and go under detected.

The Computer Misuse Act 1990 was established to combat hacking, viruses, spyware and theft of data yet the latest statistics show that over the last 23 years there has been one successful prosecution per month. This is critically deflating crime figures.

The UK is a digital nation with most individuals spending almost 42 hours a week on their computers and mobiles. The government is encouraging both individuals and businesses to embrace the benefits of digital but there are huge risks.

Harry Fletcher, director of Digital-Trust and a highly successful criminal justice campaigner for over twenty years, said “legislation hasn’t kept up with technology-enabled crime. For example, if you are a victim of digital abuse there are over twenty different pieces of legislation that could be applied, but many of them need amending to make them effective against today’s digital crime”.

When it comes to cybercrime, the police have focused their efforts on fraud committed by organised criminals. The threshold to investigate such crimes is huge – not the hundreds or thousands that most individuals lose, resulting in most people not reporting the crime.
The National Fraud Intelligence Bureau showed that for the UK as a whole, more than £670m was lost to the ten most common online frauds between 1 September 2013 and 31 August 2014.

The government does not know the actual loss to both business and people because cybercrime is vastly under-reported. The FBI says that cybercrime is now more lucrative than drug trafficking worldwide.

The low reporting rate is partly due to the fact that in the UK it is very uncommon for an offender to be charged under the Computer Misuse Act, one of the key pieces of legislation introduce in 1990 to combat hacking and other crimes.

According to the House of Commons Library document (27 February 2015 – 1502-208) the original intention of the computer misuse act was:

  • To prevent unauthorised access to computers or data (hacking)
  • To prevent unauthorised access with intent to commit or commission offences
  • To prevent unauthorised acts with intent to impair the operation of a computer (including circulating viruses, deleting files and inserting a Trojan horse to steal data)

In the last twenty five years, the number of prosecutions under the CMA is incredibly low.  The working of the CMA was criticised in 2008 in an article in the Criminal Law Review because of this. In the sixteen years from 1990 to 2006 only 183 defendants were proceeded against with 134 found guilty. That’s less than one per month on average.

Over this period there were five years when there were no prosecutions, and a further ten with fewer than 20.

There have been attempts to strengthen the law in the past. The Police and Justice Act of 2006 increased the penalty for attempting to gain unauthorised access to a computer.  It would cover Trojans, hacking, fraud and theft which were increasing at exponential rate. Unfortunately, the change in the Act didn’t radically change the prosecution rates.

An analysis of the most recent figures by Digital-Trust shows that there has been little improvement. A parliamentary answer to Elfyn Llwyd MP (see link) shows that from 2007 to 2013 there were 156 prosecutions with 128 leading to a finding of guilt which is only 1.5 per month. The peak year was 2013 with 55 prosecutions of whom 40 were found guilty. This is still only three convictions per month.

The CMA was amended again this year under The Serious Crime Act 2015. It introduced new provisions to make illegal any access to a computer which causes, or creates a risk of, serious damage either materially or to human kind.

The latest amendments recognise the impact of cybercrime can cause not only financial damage through loss of Intellectual property and fraud but also national security and infrastructure.

The Serious Crime Act also makes it an offence for a British national to commit any offence under the CMA 1990 whilst that individual is outside the UK. These new offences could lead to prosecutions where in the past national boundaries would have been a hindrance.
The National Crime Agency remit is to deal with organised cybercrime. The new change in the CMA may be helpful in organised crime cases, but not where the victims are individuals.

Cybercrime is happening day in day out, in every force, involving not just big companies but small and medium business and individuals. They aren’t being targeted just for their money, they are attacked by abusers, paedophiles, trolls, stalkers, racists and other hate campaigners. These cases are rarely reported and when they are, often there is no action taken and few prosecutions result. This adds to the victim’s distress which is already significant. Digital abuse can lead to mental health issues, self-harming, suicide or even murder” says Jennifer Perry CEO of Digital-Trust. 

Digital-Trust believes there is an urgent need for a change in the criminal justice culture as well as both new and consolidating legislation.
Fletcher said “the police still concentrate their resources on traditional offences offline, when most people are more likely to be mugged online than in the street. They lack confidence or appreciation of the scale and impact cybercrime can have on victims”.

Fletcher goes on to say that the laws covering cybercrime are making the police and Crown Prosecution Service job more difficult. “Currently on-line and cybercrime is covered by over twenty different statutes. It isn’t clear which laws are broken and how the police and the CPS should apply them. The under reporting and investigation artificially deflates crime figures by tens of thousands per year”.

It should, for example, be an offence to use any technological device to locate, listen to or watch a person without legitimate purpose. In addition, restrictions should be placed on the sale of spyware without lawful reasons. It should also be against the law to install a webcam or any other form or surveillance device without the target’s knowledge”.

Digital-Trust believes that training in technological threats, for everyone from government to individuals, is urgently needed. Police need confidence and more resources to help make them a digitally competent, modern force so all victims can rely on the criminal justice system to take action and reduce the impact of cybercrime on their lives.

Parliamentary question: 222192
Asked by Mr Elfyn Llwyd (Dwyfor Meirionnydd)
Asked on: 27 January 2015
Ministry of Justice: Computer Misuse Act 1990

Keeping up with online criminals

Keeping up with online criminals

Digital Trust Appoints Advisory Board

Digital Trust Appoints Advisory Board