Cyber crime in Scotland: evidence review research findings

Summary findings from a review of the evidence around the scale and nature of cyber crime affecting individuals and businesses in Scotland.


This review has drawn attention to the increase in the number of people in Scotland using the internet and the potential for criminals to exploit this growth, under the banner of cyber-crime. There is a lack of clarity and consistency in the terminology used around cyber-crime, and moving forward it may be helpful to start to shift the focus towards cyber-crime being seen as the method or locus of a crime, rather than a distinct type or group.

Whilst this review has found that incidents of cyber-crime tend be concentrated around sexual crimes, fraud and computer misuse, a number of different types of crime can and likely do involve the use of the internet and cyber technologies, either as a precursor to a crime or in the committing of a crime itself.

The review has highlighted four key ways in which cyber technology is influencing crime:

1. Cyber-crime is forming a large proportion of certain crime types. For example evidence from the CSEW for the year ending Sept. 2017 estimates that over half (56%) of fraud incidents (which is one of the most numerous crimes) were cyber-crimes. This amounts to 1.8 million incidents during this time period.

2. The internet and cyber technologies are changing the volume of certain crime types. This is perhaps most evident amongst sexual crimes. Detailed evidence shows that both the number and proportion of police recorded 'other sexual crimes' in Scotland which were cyber-enabled increased. Consequently such incidents contributed to the growth in all 'other sexual crimes' and sexual crimes as a whole.

3. The internet and cyber technologies are changing the nature and victimisation of certain crimes. The police recorded 'other sexual crimes' research found that when the specific crimes of 'communicating indecently' and 'cause to view sexual activity or images' were cyber-enabled, both victims and offenders tended to be younger compared to non-cyber incidents. With cyber-enabled incidents, victims and offenders were also more likely to know of one another.

4. Cyber-technologies have given rise to the introduction of an entirely new and high volume category of crime – computer misuse. Without the internet, these crimes (including computer viruses, hacking etc.) would not be possible. Evidence from the CSEW for the year ending Sept. 2017 shows there were 1.5 million incidents of computer misuse, making it one of the numerous crimes.

However, we are operating in a complex landscape. The review has drawn attention to the challenges faced by authorities to investigate and take action against online risks. These include inconsistent terminology and the spectrum of possible internet involvement in crimes. Such situations also challenge the capability of research and statistics to accurately capture the scale, nature and impact of cyber-crime.

This review has also identified gaps in our knowledge. We still need to know more about cyber-crime in Scotland, such as the prevalence of different types of cyber-crime, the extent of underreporting, the cost and the harm of cyber-crime. Furthermore little evidence is available which allows for the comparison between cyber and non-cyber incidents of the same crime. This review has also drawn attention to gaps around cyber-crime offenders, in particular the extent to which different kinds of individuals and groups account for cyber-crime offences in Scotland.

Throughout, this review has found evidence that cyber-crime is underreported to the police and other authorities. Figures from the victimisation surveys are consistently higher than in police data, most notably for instances of fraud, computer misuse, abusive/threatening behaviour and stalking and harassment. Suggesting these occurrences are often not being reported to the police. Where apparent, the review has highlighted the possible links between underreporting and the perceived low severity of impacts resulting from many incidents, especially in relation to fraud and computer misuse. Underreporting may be inhibiting the ability of the police to take action and to assign resources accordingly.


Back to top