There were nearly six million fraud and cyber crimes committed in the UK in the 12 months to March 2016, according to the latest figures from the Office for National Statistics (ONS) . This is the first year that such cyber crimes have been included in the ONS statistics, so it is not possible to consider overall trends — nevertheless, it suggests that approximately half of all UK crime is now cyber-related.
“This is the first time we have published official estimates of fraud and computer misuse from our victimization survey,” said ONS statistician John Flatley. “Together, these offenses are similar in magnitude to the existing headline figures covering all other Crime Survey offenses. However, it would be wrong to conclude that actual crime levels have doubled, since the survey previously did not cover these offenses. These improvements to the Crime Survey will help to measure the scale of the threat from these crimes, and help shape the response.”
One area that can be measured over time is plastic card fraud, which has been monitored since 2006. This increased until peaking in 2008-2010, and then declined following the introduction of the EMV chip and pin card. Current findings indicate that 4.7% of plastic card owners were victims of card fraud in the year ending March 2016.
The ONS figures suggest that there were 2 million computer misuse incidents; more than two-thirds of which were virus related, with the remainder involving unauthorized access to personal information (including hacking). 51% of fraud incidents are now cyber-related.
Kaspersky Lab’s principal security researcher David Emm is not surprised by the figures. Criminals follow the money. “With so much financial activity moving online, criminals have capitalized on this by moving their activity into the cyber world,” Emm said.
“It’s clear that crime is becoming cyber enabled as our world becomes digital. Greater transparency around the scale of this problem is vital, helping set the national priorities for law enforcement resources, and underlining the need for industry and government to work together to combat this growing menace,” said Paul Taylor, head of cyber security at KPMG.
The extent of this criminal move into online crime means that people are now six times more likely to be a victim of plastic card fraud than a victim of theft from the person, and around 17 times more likely than robbery.
Victims of fraud differ from other crime victims. They come from higher income households than victims of violence. They tend to be in managerial and professional occupations rather than manual occupations, students or long-term unemployed. There is also some indication that those living in rural areas and least deprived areas are more likely to be affected than those in urban and deprived areas. This is not in itself surprising since it is the same groups that are most likely to be involved in online financial transactions.
One important message from the statistics shows that fraud really is not a ‘victimless crime’. There is still a common belief that victims will be reimbursed for any online fraud losses. The ONS shows that this is not necessarily true. “Victims received a full reimbursement in 43% of fraud incidents (1.6 million), typically from their financial provider. In 690,000 cases, the victim received no or only partial reimbursement,” says the ONS. Having said that, in incidents involving bank and credit card fraud, 84% of victims received full reimbursement.
The majority of recorded incidents are caused by viruses. Technology can be used to defend against technology. “It is vital,” warns Kaspersky’s Emm, “that people use a reliable Internet security solution on all connected devices, apply security updates as soon as they become available, download software only from trusted sources (such as official app stores and vendors) and be cautious about e-mail and other messages that include attachments and links – even if they appear to come from friends.”
Earlier this month, the UK’s National Crime Agency (NCA) released its Cyber Crime Assessment 2016, which argues that criminal capability is outpacing industry’s ability to defend against attacks, and suggests that “only by working together across law enforcement and the private sector can we successfully reduce the threat to the UK from cyber crime.”
Related: Criminal Capability Outpacing Ability to Defend Attacks in UK