Scottish Crime and Justice Survey 2016/17: main findings

8.1 Cyber-crime in Scotland

What is cyber-crime?

Defining cyber-crime is complex and there is no single definition. The main debate centres around the extent to which the internet and cyber technologies need to be involved for the crime to be termed 'cyber-crime'. This ranges from activities which would not be possible without the use of a computer, computer networks or other forms of ICT ( e.g. spread of viruses, hacking etc.) to traditional crimes where the internet and cyber technologies have a minor involvement ( e.g. a precursor to the crime).

There is therefore a spectrum of different types of incidents that can involve a cyber-element. This chapter presents a range of results, from the SCJS and elsewhere, on the extent to which the internet and cyber technology was involved in certain incidents. This includes where cyber technologies can be used as a locus for crime (for example, internet fraud) and other results where cyber-technologies can be involved more indirectly (for example video recordings of more traditional types of offences).

The section below first presents SCJS results relating to some online experiences of survey respondents and then outlines results on fraud (including perceptions of fraud and indicative findings on the extent of some types of fraud). It then briefly highlights new questions on cyber-crime which will be added to the 2018/19 SCJS and also provides some additional context by highlighting related results from the Crime Survey for England and Wales. As the following summary of SCJS findings related to cyber-crime brings together data from different sections of the survey, base sizes and variable names are generally provided in the footnote to highlight the survey questions which relevant findings are derived from.

Key findings from the 2016/17 SCJS: Cyber-crime

To what extent was crime occurring online?

The SCJS does not find many 'traditional' crimes that happen online/via the internet, however this is likely due to the way the questions are currently asked.

Where it is offered as a possible response for location of crime, online/internet is virtually never selected by respondents when they are asked to best describe where the crime happened.

The Crime Survey for England and Wales ( CSEW) use a 'cyber flag' approach (coding 'traditional crimes' that are cyber-related) to show in their latest findings that 0.2% of violent incidents were identified as a cyber-crime ^[77] .

The SCJS will include this 'cyber flag' in 2018/19.

Notwithstanding these findings, the SCJS does indicate that cyber technology may be involved in some traditional crimes. As reported in the ' Focus on violent crime' chapter, there were an estimated 231,000 violent crimes experienced by adults in Scotland in 2016/17. Of these crimes 6% included incidents where the force/violence used was recorded ( e.g. on a mobile phone, camera, CCTV etc.) ^[78] . Although it is not possible to look at the specific methods of recording, it is likely this will have included incidents where cyber technology and/or networks were involved.

To what extent were people being insulted, pestered or intimidated online?

In person experiences of being insulted, pestered or intimidated are much more common than those carried out in writing via electronic means.

In 2016/17 14% of adults were insulted, pestered or intimated in anyway, by someone outwith their household in the year prior to interview, up from 9% in 2014/15 but unchanged from 2008/09 ^[79] . More findings on harassment in general are reported in the later section on harassment and discrimination,

Of those who experienced this, 15% encountered such behaviour 'in writing via text, email, messenger or posts on social media' (unchanged from 2014/15 ^{[80] [81]} ), compared to 88% who experienced incidents in person in 2016/17.

What role was the internet playing in the selling of fake or smuggled goods?

The selling of fake or smuggled clothes or tobacco/cigarettes was more likely to take place via 'traditional' means rather than 'on the internet'.

In the year prior to interview, the vast majority of adults (86%) were not offered any of the fake and/or smuggled goods asked about, whilst the most common fake or smuggled good offered was cigarettes/tobacco (6%), followed by clothes (4%) ^[82] . When adults were offered fake or smuggled clothes or cigarettes/tobacco, this occurred 'on the internet', in 26% and 8% of instances respectively. Findings on fake and smuggled goods more generally are covered by a later section of this report.

Key findings from the 2016/17 SCJS: Fraud

Fraud can take many (sometimes related) forms and centres around a person dishonestly and deliberately deceiving a victim for personal gain. Although not confined to occurring online, the rise of the internet has offered potential new means for fraud to be committed.

The SCJS does not count crimes of fraud, however it does examine people's perceptions of fraud and their experiences of certain types of fraud (in the form of 'Victim Form Screener' questions) ^[83] . These screener questions provide indicative findings only. This is because respondents are not asked for full details of the incidents in the way that they are with other traditional SCJS crime incidents (which enables those incidents to be coded into valid/invalid SCJS crimes ^[84] ).

To what extent were people experiencing fraud in 2016/17?

5% of adults reported that they had their credit or bank cards/card details used fraudulently, whilst 1% reported that their identity had been stolen.

The SCJS asks respondents if in the year prior to interview, they experienced credit and bank fraud or had their identity stolen for fraudulent purposes. The questions provide indicative findings only (and do not cover whether it occurs online).

Notwithstanding these caveats, analysis shows that 5% of adults reported that they had their credit or bank cards/card details used fraudulently in 2016/17 ^[85] . This is unchanged from 2014/15 but is up from 3% in 2008/09.

Identity theft was less common, with 1% of adults reporting experience of such incidents in 2016/17 in the 12 months before the survey, unchanged from 2014/15 and 2008/09.

Although, as noted above, the SCJS only provides indicative findings here, it is notable that the CSEW ^[86] finds similar results where respondents were asked about plastic card fraud. For example, the latest figures for the year ending September 2017 show that 5.7% of plastic card owners were victims of card fraud, compared to a similar level of 5.3% for the previous year. ^[87]

How concerned were people about fraud in 2016/17?

As in recent years, respondents in 2016/17 were most likely to report being worried about acts of fraud rather than other types of crime.

One aspect of fraud is where criminals use a person's credit or bank details in order to obtain money or buy goods and services. In 2016/17, 52% of adults in Scotland were worried that this would happen to them ^[88] . This finding is similar to 2014/15 but has declined from 56% recorded in 2008/09. Across the time series adults were most likely to report worrying about this type of crime. In 2016/17 as with other years, this was followed by another aspect of fraud, identity theft ^[89] . In 2016/17 43% of adults were worried about having their identity stolen. This is similar to the 2014/15 finding but is down from 51% in 2008/09.

In 2016/17, for both of these fraudulent acts, worry varied according to demographic groups, for example women were more likely to be worried (57% worried about their credit or bank details being used fraudulently, 45% worried about identity theft) than men (47% credit or bank details, 40% identity theft).

In 2016/17, levels of worry about these two types of fraud were higher than for all other types of crime asked about. For example 31% of adults with a motor vehicle in the household were worried about this being damaged by vandals, whilst 28% of adults were worried about their home being broken into and 11% of adults were worried that they would be sexually assaulted.

Adults thought they were more likely to experience fraud than other types of crime.

The SCJS also asked respondents about crimes they thought they were likely to experience in the next year. In 2016/17, of the crimes asked about, respondents thought that someone using their credit card/bank details was the crime most likely to happen to them in the next year (28%), an increase from 17% in 2014/15 and 14% in 2008/09. In 2016/17 women were more likely to be of this view (30%) than men (26%). ^[90] As with the above findings on worry about crime, this was followed by having their identity stolen; 16% of adults thought this was likely to happen in the next 12 months, up from 11% in 2014/15 and 12% in 2008/09.

Respondents were more likley to think they would experience either of these crimes in the next 12 months compared to any of the other crime types asked about. For example, in 2016/17, 10% thought it likely their home would be broken into, whilst for sexual assault the figure stood at 2%, the lowest of any crime type included. However it is worth noting that half of respondents in 2016/17 (50%) did not think it likely that they would experience any of crimes listed in the next 12 months.

Developing the cyber-crime evidence base

A number of recently published strategies emphasise the challenges and risks of cyber-crime, including Scottish Government's Justice Vision and Priorities, Cyber Resilience Strategy and Policing 2026. To inform this on-going strategic work, a range of analytical work is being carried out with the aim of developing the evidence base around cyber-crime.

Future SCJS questions

Questions on cyber-crime/online behaviours have been developed in conjunction with internal and external colleagues and been cognitively tested. The questions will be included in the SCJS questionnaire from 2018/19 onwards. In addition, a 'cyber flag' question will be included in the victim form section of the 2018/19 questionnaire. This is a similar approach to that adopted by the CSEW and will enable us to examine the proportion of property and violent crime (currently included in the SCJS) that have a cyber-element. The first findings from these questions will be available in late 2019 / early 2020. They will not be included in the main SCJS crime estimates, however they represent an important step in developing the SCJS evidence in this area. More information, including the areas the questions cover is available in the SCJS 2018/19 Questionnaire Review Paper ^[91] .

Wider analytical work in Scotland

The Scottish Government has undertaken a review of cyber-crime, including exploring existing evidence ( e.g. SCJS, CSEW and recorded crime data) and literature in order to assess the scale, nature and impact of cyber-crime on individuals and businesses in Scotland. The review is available on the Scottish Government's website and will help inform next steps for developing the cyber-crime evidence base in the SCJS and more generally.

In addition, it is notable that other organisations are also developing their data. For example, from April 2016 there has been a requirement in the crime recording systems throughout Police Scotland to identify and record instances of cyber-crime using a defined marker. As this becomes fully embedded it should provide a valuable evidence source of police recorded crimes involving a cyber-dimension.

Crime Survey for England and Wales

It is also notable that the Crime Survey for England and Wales ( CSEW) has included and developed a module on fraud and computer misuse ^[92] since October 2015. The questions provide estimates on the incidence, prevalence and nature of these crimes and are included in the main crime survey estimates. These questions provide an estimate of the proportion of fraud and computer misuse incidents that are cyber-related.

The headline findings for the year ending March 2017 show ^[93] :

• 3.4 million incidents of fraud were experienced by 6.0% of adults in England and Wales.
• Over half (57%) of fraud incidents were cyber-related, amounting to approx. 1.9 million incidents.
• 1.8 million incidents of computer misuse were experienced by 3.0% of adults.
• The vast majority (97%) of computer misuse incidents were cyber-related, amounting to approximately 1.75 million incidents.
• Comparing these two crimes to other crime types in the CSEW suggests they are amongst the most numerous crimes experienced.

These findings are discussed in more detail in the Scottish Government's cyber-crime evidence review. The SCJS team is in regular contact with our CSEW counterparts about the development and implementation of cyber related questions. While we cannot and do not use crime data from other countries to predict underlying crime trends in Scotland there is no reason to necessarily expect that the extent of such online cyber-crimes would be markedly different in Scotland.