Cyber crime in Scotland: evidence review research findings

Summary findings from a review of the evidence around the scale and nature of cyber crime affecting individuals and businesses in Scotland.

Key findings - Crimes affecting individuals

The following provides an overview of the key findings to emerge from the review. Please see the glossary in the main review for definitions of the terms used.

Non-sexual crimes of violence

  • The available evidence suggests cyber technology appears to be having no significant influence on the scale or nature of non-sexual crimes of violence.
  • There is insufficient evidence to assess the role of cyber technologies in cases of threats and extortion in Scotland.

Sexual crimes

  • Cyber technology has had an impact on both the scale and nature of sexual crime in Scotland.
  • Estimated that the internet was used as a means to commit at least 20% of all sexual crimes recorded by the police in Scotland in 2016/17.
  • Online sexual crimes tend to be concentrated around non-contact offending but the internet may be a precursor in contact sexual crimes e.g. rape, sexual assault.
  • Both the number and proportion of police recorded 'other sexual crimes' [6] which were cyber-enabled (internet used as a means to commit the crime) has increased. In 2016/17, 51% of other sexual crimes were cyber-enabled, up from 38% in 2013/14 [7] . [8]
  • This increase has contributed to the growth in police recorded 'other sexual crimes', and sexual crimes as whole between 2013/14 and 2016/17.
  • When the specific 'other sexual crimes' of 'communicating indecently' and 'cause to view sexual activity or images' are cyber-enabled:
  • Victims and offenders tend to be younger (compared to non-cyber cases), with the majority of victims aged under 16.
  • Victims and offenders are more likely to know of one another.


  • Evidence suggests that fraud is one of the most numerous crime types, but this is not entirely driven by the internet.
  • Evidence from the Scottish Crime and Justice Survey ( SCJS) shows in 2014/15, 5% of adults reported that they were victims of bank and credit account fraud. This has increased in recent years but the data is subject to caveats.
  • Crime Survey for England and Wales ( CSEW) data shows 3.2 million incidents of fraud were experienced by 5.9% of adults in the year ending Sept. 2017.
  • For the year ending Sept. 2017, the CSEW estimates 56% of fraud incidents were coded as cyber (internet or any type of online activity related to any aspect of the offence), amounting to an estimated 1.8 million incidents.
  • As yet no victimisation survey has published data looking specifically at the victims, impacts and reporting of fraud committed via the internet. This could reflect methodological challenges.
  • Incidents of fraud (on and offline) are underreported to Action Fraud and the police. This is possibly linked to incidents generally being viewed as having no emotional or physical impact or as an inconvenience (rather than anything more harmful), in addition to the relatively high rates of financial reimbursement.
  • There is insufficient CSEW time series data in order to establish any trends in the incidence and nature of fraud including the role of cyber technology.

Computer misuse

  • The term 'computer misuse' is used to capture a number of crimes generally covered by the Computer Misuse Act 1990. Activities grouped under this label mainly centre around unauthorised access to and (sometimes subsequent) attacks on computer systems, networks and data e.g. hacking, computer viruses and Distributed Denial of Service ( DDOS) attacks.
  • Whilst evidence shows computer misuse to be numerous and fundamentally driven by the growth of cyber technology and the internet, in most cases there is either no resulting impact or such impacts tend to be of low severity.
  • The most robust and comprehensive evidence on computer misuse is data gathered via the CSEW, which incorporates incidents of unauthorised access to personal information (including hacking) and computer viruses.
  • CSEW evidence shows 1.5 million incidents of computer misuse were experienced by 2.6% of adults in the year ending Sept. 2017.
  • Almost all (97%) incidents were coded as cyber (internet or any type of online activity related to any aspect of the offence) for the year ending Sept. 2017, amounting to an estimated 1.46 million incidents.
  • Victimisation of computer misuse is generally spread across society but some groups are more at risk including higher income households.
  • CSEW evidence shows that in 49% of computer misuse incidents victims identified no resulting emotional or physical impacts and by far the most common impact was a 'loss of time/inconvenience', experienced in 31% of incidents (year ending March 2017) [9] .
  • Police recorded crime data for Scotland suggests that incidents of computer misuse are underreported. In 2016/17 only 30 incidents were recorded under the Computer Misuse Act 1990.

Other crimes

  • Available evidence suggests the vast majority of illicit drug users are still sourcing drugs via traditional means, with a very small proportion obtaining drugs online.
  • Concerns that increases in the amount and accessibility of information online would increase the likelihood of contempt of court issues ( e.g. jurors finding out information about a case), have yet to be borne out in police data.

Miscellaneous Offences

  • Evidence suggests that the internet may commonly feature in cases of stalking and harassment, yet being pestered, intimidated or insulted in-person is much more prevalent than experiences carried out via electronic means.
  • SCJS evidence indicates that of the 9% of adults 'insulted, pestered or intimidated' in Scotland in 2014/15, the vast majority (82%) experienced this in-person.
  • SCJS evidence shows that in 2014/15, the most common type of stalking and harassment (arguably more serious than the above) was threatening/obscene texts or emails, experienced by 45% of adults who had encountered at least one form of stalking/harassment in the 12 months prior to interview (6.4%).
  • Evidence suggests incidents of harassment and threatening/abusive behaviour are underreported to the police, with many viewing it as 'too trivial'.


Back to top