Scottish Crime and Justice Survey 2018/19: main findings

8.1 Cyber crime in Scotland

What is cyber crime?

Cyber crime can be understood as either cyber-enabled or cyber-dependent crime.

Defining cyber crime is complex, with no agreed upon definition of the term. The main debate centres around the extent to which cyber technology^[93] needs to be involved for the crime to be termed 'cyber crime'.

For the purposes of the SCJS and the results in this section of the report, a broad definition of cyber crime is adopted that includes crimes in which cyber technology is in any way involved. This ranges from offences which would not be possible without the use of cyber technology, known as 'cyber-dependent crimes' (such as the spreading of computer viruses), to 'traditional' offences which can be facilitated by the use of cyber technology, known as 'cyber-enabled' crimes (such as online harassment).

How did the 2018/19 SCJS collect data about cyber crime in Scotland?

Internet users were asked about what types of cyber fraud and computer misuse they had experienced in the previous 12 months and a 'cyber flag' was added to questions capturing characteristics of violent and property crime.

The 2018/19 SCJS questionnaire contained a new set of cyber fraud and computer misuse questions, which are listed below. Detailed information on the new questions can be found in the documentation related to the review and development of the questionnaire for 2018/19. It is important to note that the findings from these new questions are not included in the main SCJS crime estimates, and are not comparable with them. However, they represent an important step in developing the cyber crime evidence base in Scotland. Only SCJS respondents who had accessed the internet in the 12 months prior to the survey were asked about their experiences of cyber fraud and computer misuse (87% of respondents).

Respondents were asked about what types (not how many individual incidents) of cyber fraud and computer misuse they had experienced in the previous 12 months while accessing their own internet-enabled devices (thus excluding, for example, workplace-owned devices). Up to three types of cyber fraud and computer misuse were recorded per individual and it is possible that certain crimes might relate to the same experience: for example, a specific incident could involve both a scam email and a virus.

Furthermore, when collecting information about people's experiences of cyber fraud and computer misuse, the survey does not seek to capture instances in which a crime was only attempted in a very broad sense (for example, when a scam email was received but the person simply deleted it).

A new 'cyber flag' question was also added in the victim form section of the questionnaire. This is central to understanding what proportion of property and violent crime has a cyber element.

Finally, the SCJS also collects information about stalking and harassment, which may also include a cyber element.

Drawing on the data collected across the survey, this section of the report presents results from the 2018/19 SCJS on the extent to which cyber technology is involved in a wide range of offences in Scotland. It is divided into four main sections:

• Fraud and computer misuse
• Cyber elements in property and violent crime
• Cyber elements in stalking and harassment
• Widening the focus: How does wider analytical work complement the evidence provided by the SCJS on cyber crime?

It is important to note that the data presented in this section comes from the analysis of SCJS results. Police Scotland is also collecting data about cyber crime. More information on the police's recording of cyber crime can be found towards the end of this section.

New cyber fraud and computer misuse questions

Respondents were asked if any of the following had happened to them in the previous 12 months:

• They had their personal details (e.g. their name, address, date of birth or NationalInsurance number) stolen online and used by someone else to open bank/creditaccounts, get a loan, claim benefits, obtain passport/driving license etc., hereafterdefined as "personal details stolen online"
• They had their devices infected by a malicious software, such as a virus or otherform of malware, hereafter defined as "virus"
• They had their social media, email or other online account accessed by someonewithout their consent for fraudulent or malicious purposes, hereafter defined as"online account accessed for fraudulent purposes"
• They were locked out of their computer, laptop or mobile device and asked to make apayment to have it unlocked (known as ransomware), hereafter defined as "ransomware"
• They had their credit card, debit card or bank account details (e.g. account number,sort code) stolen online and used to make one or more payments, hereafter defined as"card/bank account details stolen online"
• They received a scam email claiming to be from their bank or another organisation(e.g. HMRC), asking to providing their bank details or making a payment as a result,hereafter defined as a "scam email"
• They received a phone call or message from someone claiming there was a problemwith their computer or mobile device, and let them access their device and/or paying them afee, only to find out it was a scam, hereafter defined as "phone scam"
• They were victim of online dating fraud (e.g. sending money to someone they hadbeen chatting to, or were in a relationship with, online but then discovering that theirdating profile was fake, or never heard from them again), hereafter defined as"online dating fraud"

Fraud and computer misuse

Fraud involves a person dishonestly and deliberately deceiving a victim for personal gain of property or money, or causing loss or risk of loss to another^[94]. While 'traditional', face-to-face fraud persists, a large number of incidents of fraud have moved online in recent years, with new types of fraud having been developed which can only be carried out online, such as some types of email scams. On the other hand, computer misuse crimes always include the use of cyber technology, and are set out in the Computer Misuse Act 1990. They include offences such as the spread of malicious software.

Most types of cyber crime covered by the new SCJS questions are types of fraud, with the exception of the questions relating to malware and ransomware, which are types of computer misuse.

This section first explores fraud and computer misuse in Scotland through the analysis of the new cyber crime questions. It then explores fraud levels from another perspective, by presenting the analysis of the already-established questions in the SCJS about identity and card theft. While it may be reasonable to assume that a large proportion of identity and card theft happen online^[95], the extent of cyber involvement is unknown in these latter questions.

How common were experiences of cyber fraud or computer misuse in 2018/19?

One-in-five adults who use the internet said they had experienced one or more types of cyber fraud and computer misuse in the year 2018/19, with one-in-twenty having been victims of more than one type.

The new questions introduced in 2018/19 show that over three-quarters (79.2%) of internet users in Scotland did not experience cyber fraud or computer misuse in 2018/19. When asked about their experiences, 20.4% said they had experienced at least one type of cyber fraud or computer misuse in the year 2018/19^[96], with 5.2% having been a victim of more than one type^[97].

For context, the Crime Survey for England and Wales (CSEW) estimates that 3.8% of adults were victims of cyber fraud and that 1.8% were victim of computer misuse in the year ending March 2019^[98]. However, the CSEW and SCJS data are not directly comparable, as the two surveys ask notably different questions and follow different processes.

For example, the CSEW captures detailed information about specific incidents, which enables them to be examined by specially trained coders and recorded as a crime in a similar way to how other crimes are recorded by each survey.

In contrast, the cyber fraud and computer misuse questions in the SCJS are new and designed to provide relatively high level and indicative information about the extent of reported victimisation in order to start building up evidence on cyber crime in Scotland (they do not include detailed follow up questions). This means that, for example, some incidents might be included where only an attempt was made, where it involved a work device or where the incident occurred prior to the 12 month period asked about.

Which types of cyber fraud and computer misuse were most common?

In 2018/19, the type of cyber fraud and computer misuse that people were most likely to have experienced was having their device being infected by a virus. However, overall, cyber frauds were more common than computer misuse offences.

The type of cyber fraud and computer misuse that people were most likely to have experienced in 2018/19 was having their device being infected by a virus (experienced by 8.0% of internet users). This is in contrast with ransomware, another type of computer misuse offence, which was reported much less frequently, having been experienced by 0.8% of respondents.

Other relatively common types of cyber fraud and computer misuse experienced by internet users in Scotland were having someone access their online accounts for fraudulent purposes (4.8%) and having their card/bank account details stolen online (4.5%). When it comes to scams, 4.5% of internet users said they had been a victim of a scam email, while 4.1% reported having been a victim of a scam phone call. This means that overall, when combining categories into fraud or computer misuse^[99], online fraud was a more common occurrence than computer misuse offences (Figure 8.1).

Base: All internet users. 2018/19 (4,560) Variable: CYBER2.

How did experiences of cyber fraud and computer misuse vary amongst the population?

The likelihood of experiencing any type of cyber fraud or computer misuse was lower for those aged 60 and over, but there is variation in victimisation rates when looking at particular types of cyber fraud and computer misuse.

Overall, the likelihood of being a victim of any type of cyber fraud or computer misuse in 2018/19 was lowest for those aged 60 and over, with no differences detected amongst the different categories of younger adults (to illustrate, 16.7% of those aged 60 and over compared to 23.1% of 16 to 24 year olds).

However, when looking at specific types of cyber fraud and computer misuse, the SCJS found variation in the likelihood of experiencing different types by age. For example, internet users in the youngest age group (16 to 24 years old) were more likely (7.9%) than users aged 60 and over (2.4%) to report someone had accessed their online account for fraudulent purposes. There were also differences between the two younger age groups, with 16 to 24 year olds being more likely (7.3%) than 25 to 44 year olds (3.9%) to be a victim of a scam email. Figure 8.2 shows how each type of cyber fraud and computer misuse experienced varied by age. The relationship between age and specific types of cyber fraud and computer misuse appears to be a complex one.

Base: All internet users. 2018/19 (4,560) Variable: CYBER2.

The likelihood of experiencing cyber fraud or computer misuse overall did not vary according to gender, but there are variations when looking at particular crime types.

The 2018/19 SCJS found that there was no difference between male and female internet users saying they had been a victim of any type of cyber fraud or computer misuse. However, the SCJS did find a gender element in some cases:

• male internet users were more likely than females to have had their devices infected by a virus (9.4% and to 6.5%)
• male internet users were less likely than females to say they had their card or bank account details stolen online (3.7% and 5.4%)

The 2018/19 SCJS found no difference in experiences of cyber fraud and computer misuse between those living in urban and rural areas, or by area deprivation, with the exception, respectively, of email and phone scams.

Rurality and area deprivation were not found to impact on the likelihood of becoming a victim of cyber fraud or computer misuse. However, looking at specific types of cyber crime:

• internet users in rural areas were more likely to be a victim of a scam email than people living in urban areas (8.0% and 3.9%)
• internet users living in the 15% most deprived areas of Scotland were less likely to be a victim of a phone scam, compared to internet users living in the rest of the country (2.3% and 4.3%)

What impact did cyber fraud and computer misuse have on victims, and how did experiences affect their online behaviours?

Most victims said that cyber fraud and computer misuse incidents had no impact on them, but they reported having changed some of their online behaviours as a result.

Victims were asked about the impact of their experience of cyber fraud and/or computer misuse crime, and whether the incident led to them modifying their online behaviours. The impacts and behaviour changes asked about in the survey are listed below.

Respondents were presented with a list of possible impacts and behaviour changes, and were able to choose more than one option. The section below presents figures for each type of cyber fraud and computer misuse^[100].

The survey found that in 2018/19 a large proportion of cyber fraud and computer misuse victims said their experience had no impact on them^[101] (48% of virus victims; 55% of people who had their online account accessed for fraudulent purposes; 74% of scam email victims; 87% of scam phone call victims). The most notable outlier was in the case of people who had their card or bank account stolen online, with more than three-quarters (78.1%) saying that the incident led to them losing their money, but that they were able to get it back in full.

Figure 8.3 below presents commonly reported impacts for each type of cyber fraud and computer misuse, alongside commonly reported behaviour changes. The results for the full list of reported impact and behaviour changes can be found in the online data tables.

Impact of cyber fraud and computer misuse:

• You lost money, which you did not get back or did not get back in full
• You lost money, but you were able to get it back in full
• You had to pay for something new (e.g. a replacement PC)
• You had to take time off from work/studying/other responsibilities
• You lost your job
• You were unable to access your computer, laptop, mobile device, or the internet
• Your relationships with others suffered
• Your mental health was affected e.g. anxiety, depression etc.
• You were afraid you might be intimidated or physically threatened
• Your physical health was affected
• You lost sleep or had trouble sleeping
• You lost confidence in going online/using the internet
• Other (specify)
• None of these

Behaviour changes as a result of cyber fraud and computer misuse:

• No longer use the internet
• Less likely to buy goods online
• Only buy goods from websites with the padlock symbol
• Less likely to bank online
• Less likely to give personal information on websites generally
• Only visit websites you know and trust
• Only use your own computer / mobile device to access the internet
• Installed anti-virus software
• Automatically update systems and software when prompted to do so
• More likely to back up data
• Less likely to click on links to unknown websites (e.g. in adverts, emails etc.)
• Less likely to share/send links to friends etc.
• Do not open emails from people you don't know
• Use different passwords for different websites
• Regularly change your passwords
• Took steps to learn more about online safety
• Other (specify)
• None of these

Base: All victims of: Device infected by malicious software (330); Card or bank account details stolen online (190); Someone accessed online account fraudulently (190); Scam email (190); Scam phone call (170); Variables: CYBER3_2; CYBER3_3; CYBER3_5; CYBER3_6; CYBER3_7; CYBER4_2; CYBER4_3; CYBER4_5; CYBER4_6; CYBER4_7.

Did victims report cyber fraud and computer misuse and to which authorities were the crimes reported to?

The majority of victims of most types of cyber fraud and computer misuse did not report the incident to the authorities. When the crime was reported, victims rarely turned to the police.

The new cyber fraud and computer misuse questions in the SCJS also asked victims whether they reported the crime they experienced, and if they did, to whom^[102]. If people had experienced more than one incident of a particular issue, they were asked to answer in relation to the most recent incident of that type of cyber fraud or computer misuse.

The SCJS found that, overall, the majority of victims of most types of cyber fraud and computer misuse did not report the incident they experienced. This was particularly true in the case of scam phone calls and viruses, with 84% and 79% of victims respectively not reporting such incidents to anyone. The only type of cyber fraud and computer misuse which was reported by most victims was the online theft of a bank card or bank account details (74%)^[103].

Base: All victims of: Someone accessed online account fraudulently (190); Card or bank account details stolen online (190); Scam email (190); Device infected by malicious software (330); Scam phone call (170); Variables: CYBER5_2; CYBER5_3; CYBER5_5; CYBER5_6; CYBER5_7.

As shown in Figure 8.5, only a small proportion of victims reported these crimes to the police.

Base: All victims of: Card or bank account details stolen online (190); Online account accessed for fraudulent purposes (190); Scam email (190); Scam phone call (170); Device infected by malicious software (330). Variables: CYBER5_2; CYBER5_3; CYBER5_5; CYBER5_6; CYBER5_7.

Victims turned to a number of other authorities when it came to reporting cyber fraud and computer misuse, as shown in Figure 8.6^[104].

Base: All cyber crime victims who reported the crime themselves: Device infected by malicious software (70); Someone accessed online account fraudulently (70); Card or bank account details stolen online (140); Scam email (70). Variables: CYBER6_2; CYBER6_3; CYBER6_5; CYBER6_6.

Why did most victims of cyber fraud and computer misuse not report the incident to the police?

Most victims did not report cyber fraud or computer misuse to the police because they dealt with it themselves, or because they felt that it was too trivial and not worth reporting. However, victims whose card details were stolen online often thought or were told that the first authority they reported the crime to would contact the police.

When asked why they did not report the incident to the police, victims of cyber fraud and computer misuse tended to provide the same main reasons:

• because they dealt with the issue themselves (44% of people who had their devices infected by a virus; 34% of victims of fraudulent access to their online accounts; 31% of scam email victims; 36% of phone scams victims)
• because they felt the matter was too trivial and not worth reporting (30% of victims who had their devices infected by a virus; 37% of victims of fraudulent access to their online accounts; 30% of scam email victims; 24% of phone scam victims)

On a different note, the most cited reasons for not reporting their card or bank account details being stolen to the police was that victims thought (26%) or were told (17%) that the incident would be reported to the police by the first authority they had turned to^[105], or that the victim thought that the police do not deal with this sort of incident (21%). This is in line with the finding that almost all of the victims of card and bank account fraud who reported the experience turned to their bank only, as presented in Figure 8.6 above.

Base: All cyber crime victims who did not report the crime to the police: Online account accessed for fraudulent purposes (180); Scam email (180); Card or bank account details stolen online (170); Virus (320); Scam phone call (170). Variables: CYBER7_2; CYBER7_3; CYBER7_5; CYBER7_6; CYBER7_7.

What else can the SCJS tell us about fraud in 2018/19?

Indicative findings suggest that 5.8% of adults had their credit/bank card details stolen and 0.9% had their identity stolen, however the extent of cyber involvement is unknown.

In addition to the new cyber fraud and computer misuse questions, since 2008/09 the SCJS has captured evidence on people's experiences of certain types of fraud, as well as their perceptions of fraud using wider measures. It is important to note that, unlike the new cyber fraud and computer misuse questions, these are asked to all adults, not only to internet users.

These questions provide indicative findings only, as respondents are not asked for full details of the incidents that would enable them to be coded into valid/invalid^[106] SCJS crimes in the way that they are with other 'traditional' SCJS crime incidents. Nevertheless, the data remains valuable for time-series analysis purposes. It is reasonable to assume that a number of the fraud experiences being recorded by the SCJS have a cyber component, however, the extent to which this is the case is unknown.

SCJS analysis shows that 5.8% of adults in 2018/19 reported that they had their credit or bank card details used fraudulently in the previous 12 months. This is unchanged from 2017/18, and has increased from 3.6% in 2008/09. Identity theft was less common, with 0.9% of adults reporting experiences of such incidents in 2018/19, unchanged from both 2017/18 and 2008/09^[107].

Although the findings from the SCJS are only indicative, it is notable that the CSEW finds relatively similar results on prevalence using a more expansive set of questions added in recent years to robustly capture experiences of fraud. The CSEW figures for the year ending March 2019^[108] show incidents of fraud (excluding computer misuse) were experienced by 6.8% of adults in England and Wales.

What can the 2018/19 SCJS tell us about concerns about fraud?

As in recent years, respondents in 2018/19 were most likely to report being worried about acts of fraud, as well as thinking these were likely to happen to them in the next year, compared to other types of crime.

The SCJS also asks respondents which crime types they worry about happening, or think are likely to happen to them.

In 2018/19, half (50%) of adults in Scotland were worried about their bank/credit card details being used to obtain money, goods or services^[109]. As in previous years, the next most worried about crime type was identity theft^[110] with 41% of adults worrying about this issue in 2018/19. Levels of worry about these two types of fraud were higher than for all other crime types asked about in 2018/19. Looking over time, worry about both types of fraud has fallen since 2008/09 but has not shown any change compared to 2017/18.

As in previous years, worry about both of these acts in 2018/19 varied by demographic characteristics. The SCJS found that women were more likely to be worried about fraud (55% worried about their credit or bank details being used fraudulently, 44% worried about identity theft) than men (46% and 38% respectively).

People between the ages of 16 and 24 were also less worried than all other age groups about having their identity stolen (15%) and about someone using their credit or bank details fraudulently (33%)^[111].

In 2018/19, half of respondents (50%) did not think it was likely that they would experience any of the crimes listed in the next 12 months^[112]. However, the crime that respondents most commonly thought would happen to them was someone using their credit card/bank details fraudulently (26%). As with worry about crime, this was followed by people thinking their identity would be stolen (15%). The perceived likelihood of both of these types of fraud happening was unchanged from 2017/18, but has increased from 2008/09. Worry and the perceived likelihood of experiencing a range of other crimes is discussed in more detail in Chapter 7.

While there was no difference in perceived likelihood of being a victim of identity theft between women and men, a higher proportion of women than men thought it was likely they would have their credit/bank details stolen (28% compared to 24%).

Age also played a major role in defining people's beliefs about the likelihood of being the target of fraud, with young people least likely to report thinking they would become a victim of identity theft (4%) or of card/bank account fraud (18%)^[113].

Respondents living in the 15% most deprived areas of Scotland were less likely than respondents in the rest of Scotland to think that their credit/bank card details would be used to fraudulently buy goods/services (19% and 27%) and that their identity would be stolen (11% and 16%) in the next year.

It is interesting to note that while the perceived likelihood of becoming a victim of fraud has increased over time, worry about fraud has decreased over the same period as shown in Figure 8.8 below. Please note that the extent to which people's levels of concern for fraud relate to cyber fraud incidents is unknown.

Base: All adults 2008/09 (16,000), 2009/10 (16,040), 2010/11 (13,010), 2012/13 (QWORR identity theft: 12,010; card theft: 12,020; QHAPP: 12,050), 2014/15 (11,470), 2016/17 (5,570), 2017/18 (5,480), 2018/19 (5,540). Variables: QWORR; QHAPP.

Cyber elements in property and violent crime

To what extent did property and violent crimes have a cyber element in 2018/19?

Only a small proportion of property and violent crime in 2018/19 had a cyber element.

A 'cyber flag'^[114] was added to the 2018/19 survey in order to enable the SCJS to examine the proportion of property and violent crime traditionally picked up by the survey with a cyber element^[115]. Analysis shows that only 2% of property crime and 1% of violent crime in 2018/19 had a cyber element.

The SCJS also asks victims of violent crime whether the crime was recorded for instance on a mobile phone or camera, or by CCTV^[116]. In 2018/19, 11% of violent crimes experienced by adults were recorded on a device, unchanged from the previous year.

Cyber elements in stalking and harassment

The SCJS asks respondents about their experiences of being stalked or harassed. A quarter of the whole sample are asked if they have been insulted, pestered or intimidated in any way by someone outwith their household in the year prior to interview, by what means, what it involved, where the incidents happened and what, if anything, might have motivated the incident. More detailed findings for the year 2018/19 are provided in the Focus on Harassment and Discrimination section.

The whole sample is then invited to complete the self-completion module on stalking and harassment^[117], which collects data on arguably more severe examples of stalking and harassment. Respondents are asked whether they have experienced any of six forms of stalking and harassment more than once in the previous 12 months. Then, for the latest incident they experienced, who the offender was and what their relationship with the respondent was, whether the incident was reported to the police, and how the incident made them feel. Data collected by the self-completion element of the survey is published biennially^[118]. The latest available data which covers 2016/17 and 2017/18 was combined (2016/18) and published in the 2017/18 SCJS Main Findings Report.

To what extent were people insulted or harassed online in 2018/19?

Most adults did not experience being insulted, pestered, or intimidated in 2018/19, but among those who did encounter such behaviour, experiences in person continued to be more common than online.

In 2018/19, 12% of adults said they had been insulted, pestered or intimated in any way by someone outwith their household. This was unchanged from 2017/18^[119]. Of those adults that said they experienced harassment in the year prior to interview, the vast majority (87%) were insulted, pestered or intimidated 'in person', whilst 16% (equal to 2% of all adults) encountered such behaviour 'in writing via text, email, messenger or posts on social media sites'^[120] (unchanged from 2017/18^[121]).

Repeated incidences of stalking and harassment are most commonly experienced by electronic means, including online.

Turning to findings from the 2016/18 self-completion module, the SCJS found that in the 12 months prior to interview, 11.1% of adults experienced at least one type of stalking and harassment. The most common type of stalking and harassment which was experienced repeatedly by victims was being sent unwanted messages by text, email, messenger or posts on social media sites. This was experienced by two-thirds (67%) of all those who had experienced at least one form of stalking and harassment. A further 4% of respondents who had experienced at least one incident of stalking and harassment in the 12 months prior to interview said that the perpetrator shared intimate pictures of them – a crime which is also likely to have a cyber element. The combined self-completion data for 2018/19 and 2019/20 will be reported on in the 2019/20 Main Findings Report.

Widening the focus: How does wider analytical work complement the evidence provided by the SCJS on cyber crime?

A number of recently published strategies emphasise the challenges and risks of cyber crime, including Scottish Government's Justice Vision and Priorities, its Cyber Resilience Strategy and Policing 2026.

To inform this on-going strategic work, a range of analytical work is being carried out with the aim of developing the evidence base around cyber crime. The sections below briefly highlight where the Scottish Government's Cyber Crime Evidence Review, the Crime Survey for England and Wales and Police Scotland's cyber marker can tell us more about the involvement of cyber technology in sexual crimes, computer misuse and police recorded crime.

Sexual crimes in the Scottish Government's cyber crime evidence review

While the SCJS provides evidence on the prevalence of sexual victimisation in Scotland, the survey does not currently collect data which enables an assessment of whether sexual crimes involved an online element.

The Scottish Government recently published an evidence review of cyber crime, exploring existing evidence (such as the SCJS, CSEW and recorded crime data) and literature in order to assess the scale, nature and impact of cyber crime on individuals and businesses in Scotland.

This review includes reference to research undertaken by Scottish Government analysts which studied a sample of police records from 2013/14 and 2016/17 and included consideration of the influence of cyber technology on sexual crime in Scotland^[122]. This research found that both the scale and nature of sexual crime has been impacted by cyber technology in Scotland in recent years. For example:

• the research estimated that a rise in cyber enabled 'other sexual crimes' has contributed to around half of the growth in all police recorded sexual crimes in Scotland between 2013/14 and 2016/17
• it is estimated that the internet was used as a means to commit at least 20% of all sexual crimes recorded by the police in 2016/17
• when the specific 'other sexual crimes' of 'communicating indecently' and 'cause to view sexual activity or images' are cyber-enabled, victims and offenders tend to be younger (three-quarters of victims aged under 16 and more than half of offenders under 20) and are more likely to know of one another

Computer misuse and fraud in the Crime Survey for England and Wales

As discussed previously, the Crime Survey for England and Wales (CSEW) has developed and included a substantial module to robustly capture experiences of fraud and computer misuse since October 2015. The questions provide estimates on the incidence, prevalence and nature of these crimes and also the proportion of fraud and computer misuse incidents that are cyber related.

The CSEW estimates that, in the year ending in March 2019, just under 1 million incidents of computer misuse were experienced by 1.8% of adults in England and Wales.

Recorded crime from Police Scotland's cyber marker

Since the introduction of cyber crime markers on crime recording systems in April 2016, Police Scotland has continued to develop its marking practices across other Police Scotland recording systems and databases. This activity is being undertaken by the Cybercrime Capability Programme under Police Scotland's 'Policing 2026 Strategy'. According to a recent Police Scotland report, the tagging, marking, and logging of cyber crime has risen significantly in April-December 2018/19 compared to the same period last year, mostly as a result of the "Tag it, Mark it, Log it" campaign launched in October 2018 with the aim of improving Police Scotland's ability to identify occurrences of cyber crime. As this marker becomes fully embedded across Police Scotland systems, it should provide a valuable evidence source of police recorded crimes involving a cyber element.

What's next?

The new cyber fraud and computer misuse questions, reported for the first time in the 2018/19 SCJS, represent an important step in developing the cyber crime evidence base in Scotland. We welcome feedback from users on this data, the role it can play in the wider cyber crime evidence base, and areas for potential future development.

Scottish Crime and Justice cyber crime section – provide feedback

We welcome feedback at any time. Pleasecontact usif you have any comments or suggestions. For more general queries on evidence and data around cyber crime beyond the SCJS, please contactjustice_analysts@gov.scot