Cyber crime in Scotland: evidence review

A review of the evidence around the scale and nature of cyber crime affecting individuals and businesses in Scotland.


Footnotes

1. Wall, D.S., (2017). Crime, Security, and Information Communication Technologies: The Changing Cybersecurity Threat Landscape and its Implications for Regulation and Policing.

2. Scottish Household Survey, 2016

3. Of those asked about in the Scottish Household Survey

4. Representative of businesses in scope of the survey, excludes some sectors and businesses with no IT capacity.

5. 31% very high, 43% fairly high

6. This is one of four categories Police Scotland use to record sexual crimes - the other three being 'Rape and attempted rape', 'Sexual Assault' and 'Crimes associated with prostitution'. 'Other sexual crimes' are made up of a wide range of sexual crimes, with the three most common being 'Communicating indecently', 'Cause to view sexual activity or images' and 'Indecent photos of children'.

7. Based on a sample of crimes recorded by the police.

8. Recorded Crime in Scotland: Other Sexual Crimes, 2013-14 and 2016-17.

9. Emotional and physical impact on victims of incidents of computer misuse, Year ending March 2017, CSEW

10. Will provide indicative findings. Data will not be included in the main SCJS incident or prevalence estimates.

11. Whilst not a specific crime type on its own, bullying relating to online experiences will be considered within Group 6 for the purposes of this paper given its shared characteristics with harassment and threatening and abusive behaviour. Whilst bullying can involve physical violence, the aspects which are suspected to be most commonly related to online experiences are considered to more directly relate to the existing crime types in group 6.

12. Wall, D.S., (2017). Crime, Security, and Information Communication Technologies: The Changing Cybersecurity Threat Landscape and its Implications for Regulation and Policing.

13. Scottish Household Survey, 2016

14. Asked of adults who use the internet for personal purposes

15. Valid crimes are those which occurred in Scotland, during the reference period and concern crimes that are within the scope of the SCJS. Any incident that does meet any of these criteria is invalid.

16. Crime in England and Wales, Year ending September 2016.

17. Crime in England and Wales, Year ending September 2017, Experimental tables, Police Recorded Crime

18. The experimental data on the extent of cyber-related crime is derived from a 'flag' recently added to recorded crime records, so the quality of the data is still under review and may be improved in due course. The figures should therefore be interpreted with caution.

19. Incidents of threats and extortion are also discussed in the section on Group 6 offences which encompasses 'threatening and abusive behaviour.

20. Recorded Crime in Scotland, 2016-17

21. For instance, whilst someone obtaining illicit images of children via the internet would certainly be considered a cyber-crime, it is somewhat more challenging to assess the role of technology in facilitating 'contact' crimes between people who initially meet online, through a dating website for example.

22. Scottish Crime and Justice Survey, 2014-15.

23. Recorded Crime in Scotland, 2016-17

24. Includes crimes such as communicating indecently, taking, possessing and distributing indecent photos of children, sexual exposure, public indecency and causing to view sexual images or activity.

25. Recorded Crime in Scotland: Other Sexual Crimes, 2013-14 and 2016-17

26. HMICS Crime Audit, 2016

27. The SCJS does separately gather data on experiences of receiving (repeated) obscene or threatening communications. However such communications may not always involve a sexual component and so the available evidence is discussed in the section on Group 6- Misc. Offences

28. Crime in England and Wales, Year ending September 2017, Experimental tables, Police Recorded Crime

29. Includes crimes such as rape, sexual assault, sexual activity without consent, incest, exposure and voyeurism etc.

30. Crime in England and Wales, Year ending June 2017, Bulletin tables, Police Recorded Crime

31. There are differences between the respective Scottish Crime Recording Standard and the National Crime Recording Standard for England and Wales.

32. Crimes that weren't committed through the internet but involved some form of online communication prior to them occurring aren't classified as cyber enabled crimes. For example where a perpetrator arranges via social media to meet someone, and when they meet in person communicates indecently with them.

33. Recorded Crime in Scotland: Other Sexual Crimes, 2013-14 and 2016-17.

34. Cyber enabled victim base 405, not cyber enabled victim base 244. Cyber enabled perpetrator base 279, not cyber enabled perpetrator base 209.

35. May include friends, neighbours, colleagues, class mates, etc.

36. Related to recorded cyber-enabled sexual crimes as a whole. HMICS Crime Audit, 2016

37. For example Operation Latisse, a national initiative focused on tackling online child sexual abuse

38. A person with some form of professional responsibility towards the people involved in the crime ( e.g. a social worker, teacher, or care home staff etc.)

39. Crime in England and Wales, Year ending September 2017, Additional tables on fraud and computer misuse, CSEW

40. Overview of fraud and computer misuse statistics for England and Wales. This is an indicative finding.

41. It is worth noting that this will include crime reported by both individuals and business, as well as both traditional and cyber-related fraud.

42. Recorded Crime in Scotland, 2016-17

43. Crime in England and Wales, Year ending September 2017, CSEW

44. Crime in England and Wales, Year ending September 2017, Additional tables on fraud and computer misuse

45. Crime in England and Wales: Year ending March 2017, Experimental Tables, CSEW

46. Financial loss, including money stolen and additional charges or costs incurred, as well as loss of property or goods.

47. Money stolen or taken as a direct result of fraud or any additional charges or costs incurred ( e.g. bank charges etc.).

48. Cases where the internet or any type of online activity was related to any aspect of the offence.

49. Crime in England and Wales, Year ending September 2017, Additional tables on fraud and computer misuse

50. In response to an ad hoc request

51. Proportion of adult internet users experiencing negative online incidents, year ending March 2011 to year ending March 2017

52. Scottish Public Opinion Monitor June 2016. Question base 862.

53. Emotional and physical impact of incidents of fraud, by loss (of property or money), year ending September 2016 CSEW (Experimental Statistics)

54. Crime in England and Wales, Year ending March 2017, Experimental tables, CSEW

55. English Indices of Deprivation

56. For example, for the year ending March 2017, 1.6% of adults were victims of violence and 0.2% were victims of robbery. There were around 1.2 million incidents of violence and 142,000 robberies.

57. Action Fraud is the national recording centre for fraud offences in England, Wales and Northern Ireland, that were previously recorded by individual police forces. Individuals and businesses are advised to report any incidents directly to Action Fraud. Cases are passed onto the National Fraud Intelligence Bureau ( NFIB).

58. Crime in England and Wales, Year ending September 2016, Experimental tables, CSEW

59. This will not provide estimates about the extent of online fraud or victimisation and will not be included in main SCJS incidence or prevalence estimates.

60. Part of quarter sample module.

61. Cigarettes/tobacco, alcohol, DVDs/video games, jewellery, clothes, accessories, electrical goods, children's toys and something else.

62. Any unauthorised act in relation to a computer which causes material damage ( e.g. disruption of communication, supply of money etc.).

63. Computer Misuse Act 1990

64. Includes any computer virus, malware or Distributed Denial of Service ( DDoS) attack

65. Crime in England and Wales, Year ending September 2017, Additional tables on fraud and cyber-crime.

66. For example, for the year ending September 2017, 1.6% of adults were victims of violence and 0.2% were victims of robbery. There were around 1.2 million incidents of violence and 142,000 robberies.

67. Crime in England and Wales, Year ending September 2017.

68. Crime in England and Wales, Year ending September 2017, Additional tables on fraud and cyber-crime.

69. Proportion of adult internet users experiencing negative online incidents, year ending March 2011 to year ending March 2017, CSEW

70. Cases where the internet or any type of online activity was related to any aspect of the offence.

71. Scottish Public Opinion Monitor June 2016. Question base 862.

72. Malicious software that threatens to publish the victim's data or perpetually block access to it unless a money is paid.

73. Please see sources table on for methodological details.

74. Crime in England and Wales, Year ending March 2017, Experimental tables, CSEW.

75. Emotional and physical impact on victims of incidents of computer misuse, Year ending March 2017, CSEW

76. Crime in England and Wales, Year ending September 2016, Experimental Tables, CSEW.

77. This will not provide estimates about the extent of computer misuse incidents or victimisation and will not be included in main SCJS incidence or prevalence estimates.

78. Scottish Crime and Justice Survey 2014/15: Drug use.

Question contained within self-completion module of SCJS questionnaire.

79. Drug Seizures and Offender Characteristics, 2014-15 and 2015-16

80. SALSUS, Drug Summary Report. Fieldwork Sept 15- Jan 16. 25,304 pupils participated.

81. Tom Perterkin, Call for Contempt of Court review in internet age', The Scotsman (February 22 2015)

82. Police Recorded Crime, in-house analysis

83. Sheridan, L.P., and Grant, T.D. (2007) 'Is cyberstalking different?', Psychology, Crime & Law, vol. 13, 6, pp. 627- 640.

84. By anybody who is not a member of their household.

85. Scottish Crime and Justice Survey 2014/15: Quarter Sample Module Tables.

86. Scottish Public Opinion Monitor June 2016. Question base 862.

87. Via a self-completion module in the SCJS questionnaire.

88. Respondents are asked if they've experienced any six behaviours more than once: sent unwanted obscene or threatening cards/letters; sent unwanted obscene or threatening texts or emails; unwanted obscene or threatening approaches on social media; obscene, threatening, nuisance or silent calls; being followed or watched; and having someone wait outside their home or work.

Each of can be viewed as a form of stalking and harassment. However, the data do not show whether respondents themselves viewed their experiences as stalking or harassment.

89. SCJS 2014/15: Sexual Victimisation and Stalking

90. Cyberstalking: A course of action (more than one incident), perpetuated through electronic means, which causes stress or alarm.

Cyber harassment: Intimidation, repeated or otherwise, through electronic means.

91. SCJS 2014/15- 38% of crimes reported to the police. Estimated reporting rates ranged from 28% for 'other household theft' (including bicycle theft) to 62% for housebreaking. 44% of violent crime in the main SCJS survey was reported to the police.

92. Crime in England and Wales, Year ending September 2017, Experimental tables, Police Recorded Crime

93. Cyber-related incidents are defined as cases where the internet or any type of online activity was related to any aspect of the offence.

94. Scottish Crime and Justice Survey 2014/15

95. Cyber-bullying is described by ChildLine as: using the internet, email, online games or any digital technology to threaten, tease, upset or humiliate someone else. https://www.childline.org.uk/info-advice/bullying-abuse-safety/types-bullying/online-bullying/

96. Random stratified sample of 516 children who use the internet in the UK. Given the relatively small sample size, the lack of readily available information on the survey methodology, in addition to the age of the data (especially prominent given the growth and advancements in technology), findings should be treated with caution.

97. Livingstone, S., et al (2014) Net Children Go Mobile: The UK Report

98. Twenty-four hour confidential advice and support service for all aged under 19.

99. How safe are our children?, 2016, NSPCC

100. Businesses with no IT capacity or other online business presence were excluded from the survey, in addition to some business sectors.

101. Understanding the costs of cyber-crime, Home Office, 2018

102. Cifas is a UK wide fraud prevention service representing organisations from the public and private sectors. As part of its remit, Cifas runs a National Fraud Database consisting of data on fraud affecting its members. In 2016 277 member organisations contributed to the database.

103. Fraudscape 2017, Cifas

104. Consists of asset conversation; application fraud; false insurance claim; facility takeover; identity fraud; and misuse of facility.

105. Cifas Fraud National Statistics

106. FFA represents the UK payments industry and collates data on instances of fraud affecting their members. In July 2017 FFA UK integrated into Finance UK.

107. Fraud the Facts, 2017

108. Card details are fraudulently obtained and then used to undertake fraudulent purchases over the internet, phone or by mail order. It is also known as 'card-not-present' ( CNP) fraud.

109. Defined by the survey as 'wrongful or criminal deception intended to result in illegal gain.'

110. Defined by the survey as 'where someone cheated the business by diverting funds, goods or services for their own purposes'.

111. Base 1,523. Only representative of business sectors included.

112. Base 781 businesses who experienced a breach.

113. Fraudscape 2017, Cifas

114. Defined as having money stolen after being sent fraudulent emails or being redirected to a fake website.

115. Of those included in the survey: hacking, phishing, theft of money, theft of information, website vandalism, computer virus and other online crimes.

116. Administration and Support- 92% use computers, Transportation and Storage- 89%, Retail and Wholesale- 84%.

117. Defined as sending of emails purporting to come from a genuine company such as a bank etc., in an attempt to trick customers of that company into disclosing information at a bogus company website operated by fraudsters.

118. Included in the earlier card fraud estimates.

119. It is thought that the majority of this type of fraud involves the use of card details that have been fraudulently obtained through methods such as unsolicited emails or telephone calls or digital attacks such as malware and data hacks.

120. Involves the use of computers and/or networks.

121. Includes Ransomware; viruses, spyware, malware; website/online services vandalism; hacking/attempted hacking of bank accounts; impersonation of organisation in emails/online; staff receiving fraudulent emails/redirected to fraudulent websites; unauthorised use of computers, networks or servers by staff; unauthorised use or hacking of computers, networks or servers by externals; other.

122. See sources table and context section for caveats.

123. Base micro firms-479; large-175; information, communications and utilities-140; admin or real estate-96; professional, scientific or technical-120.

124. Cyber Security Breaches Survey, 2017

125. Base 781 who experienced a breach

126. Cyber Security Breaches Survey 2017

127. Any other online crimes which do not fall into the specific online crimes asked about (hacking, online theft of money, online theft of information, website vandalism and viruses).

128. Base 420 transportation and storage premises, 527 retail premises.

129. Whaling is a specific kind of malicious hacking which targets people in positions of power and responsibility e.g. company executives, senior management etc.

130. Base 1,160

131. Base 781.

132. Base 120.

133. Base 339.

134. Base-599 businesses who experienced a cyber-breach.

135. Concerns their most disruptive breach in the last 12 months.

136. Inclusion of breaches which did not result in an outcome leads to a median of £0.

137. Base 761.

138. Businesses who reported most disruptive breach to external body other than cyber security provider.

139. Base identified breach but didn't report externally-432; breach with an outcome but didn't report externally-166.

140. Understanding the costs of cyber-crime, Home Office, 2018

141. NCA Cyber-crime Assessment 2016

142. NCA press release 8 December 2015

Contact

Back to top