Scottish Crime and Justice Survey 2019/20: main findings

Main findings from the Scottish Crime and Justice Survey 2019/2020, including self-completion findings covering the period 2018/19 to 2019/20.

This document is part of a collection


8.1 Cyber crime in Scotland

What is cyber crime?

Cyber crime can be understood as either cyber-enabled or cyber-dependent crime.

Defining cyber crime is complex, with no agreed upon definition of the term. The main debate centres around the extent to which cyber technology[95] needs to be involved for the crime to be termed 'cyber crime'.

For the purposes of the SCJS and the results in this section of the report, a broad definition of cyber crime is adopted that includes crimes in which cyber technology is in any way involved. This ranges from offences which would not be possible without the use of cyber technology, known as 'cyber-dependent crimes' (such as the spreading of computer viruses), to 'traditional' offences which can be facilitated by the use of cyber technology, known as 'cyber- enabled' crimes (such as online harassment).

How did the 2019/20 SCJS collect data about cyber crime in Scotland?

Internet users were asked about what types of cyber fraud and computer misuse they had experienced in the previous 12 months. Additionally, violent and property crimes which involved online activity or internet-enabled devices were marked with a 'cyber flag'.

The SCJS asked respondents about their experiences of a range of different types of cyber fraud and computer misuse, which are listed below. These questions were asked for the first time in 2018/19 following a review and development of the questionnaire.

As this is only the second year these questions have been included in the survey, any changes between years should be treated with caution as no trend can be identified at this stage.

It is important to note that the findings from these questions are not included in the main SCJS crime estimates, and are not comparable with them. However, they represent an important step in developing the cyber crime evidence base in Scotland.

Only SCJS respondents who had accessed the internet in the 12 months prior to their interview were asked about their experiences of cyber fraud and computer misuse (87% of respondents).

Respondents were asked about what types (not how many individual incidents) of cyber fraud and computer misuse they had experienced in the previous 12 months while accessing their own internet-enabled devices (thus excluding, for example, workplace-owned devices). Up to three types of cyber fraud and computer misuse were recorded per individual and it is possible that certain crimes might relate to the same experience: for example, a specific incident could involve both a scam email and a virus.

Furthermore, when collecting information about people's experiences of cyber fraud and computer misuse, the survey does not seek to capture instances in which a crime was only attempted (for example, when a scam email was received but the person simply deleted it).

A 'cyber flag' question was also first added to the victim form section of the questionnaire in 2018/19. This is central to understanding what proportion of property and violent crime involved the internet, any type of online activity, or an internet-enabled device.

Finally, the SCJS also collects information about stalking and harassment, which may also include a cyber element, for example if taking place on a social media website, or via email.

Drawing on the data collected across the survey, this section of the report presents results from the 2019/20 SCJS on the extent to which cyber technology is involved in a wide range of offences in Scotland. It is divided into four main sections:

  • Fraud and computer misuse
  • Cyber elements in property and violent crime
  • Cyber elements in stalking and harassment
  • Widening the focus: How does wider analytical work complement the evidence provided by the SCJS on cyber crime?

It is important to note that the data presented in this section comes from the analysis of the SCJS results. Police Scotland also collect data about cyber crime. More information on the police's recording of cyber crime can be found towards the end of this section.

Cyber fraud and computer misuse questions

Respondents were asked if any of the following had happened to them in the previous 12 months:

  • had their personal details (e.g. their name, address, date of birth or National Insurance number) stolen online and used by someone else to open bank/credit accounts, get a loan, claim benefits, obtain passport/driving license etc., hereafter defined as "personal details stolen online"
  • had their devices infected by a malicious software, such as a virus or other form of malware, hereafter defined as "virus"
  • had their social media, email or other online account accessed by someone without their consent for fraudulent or malicious purposes, hereafter defined as "online account accessed for fraudulent purposes"
  • were locked out of their computer, laptop or mobile device and asked to make a payment to have it unlocked (known as ransomware), hereafter defined as "ransomware"
  • had their credit card, debit card or bank account details (e.g. account number, sort code) stolen online and used to make one or more payments, hereafter defined as "card/bank account details stolen online"
  • received a scam email claiming to be from their bank or another organisation (e.g. HMRC), asking to provide their bank details or make a payment as a result, hereafter defined as a "scam email"
  • received a phone call or message from someone claiming there was a problem with their computer or mobile device, and let them access their device and/or paying them a fee, only to find out it was a scam, hereafter defined as "phone scam"
  • were victim of online dating fraud (e.g. sending money to someone they had been chatting to, or were in a relationship with, online but then discovering that their dating profile was fake, or never heard from them again), hereafter defined as "online dating fraud"

Fraud and computer misuse

Fraud involves a person dishonestly and deliberately deceiving a victim for personal gain of property or money, or causing loss or risk of loss to another.[96] While 'traditional', face-to-face fraud persists, a large number of incidents of fraud have moved online in recent years, with new types of fraud having been developed which can only be carried out online, such as some types of email scams. On the other hand, computer misuse crimes always include the use of cyber technology, and are set out in the Computer Misuse Act 1990. They include offences such as the spread of malicious software.

Most types of cyber crime covered by the SCJS questions are types of fraud, with the exception of the questions relating to malware and ransomware, which are types of computer misuse.

This section first explores fraud and computer misuse in Scotland through the analysis of the newer cyber crime questions. It then explores fraud levels from another perspective, by presenting the analysis of the longer-standing questions in the SCJS about identity and card theft. While it may be reasonable to assume that a large proportion of identity and card theft happen online,[97] the extent of cyber involvement is unknown in these latter questions.

How common were experiences of cyber fraud or computer misuse in 2019/20?

Just over one-in-ten adults who use the internet said they had experienced one or more type of cyber fraud and computer misuse in 2019/20, with less than one-in-twenty having been victims of more than one type.

The 2019/20 SCJS found that over four-fifths (85.9%) of internet users in Scotland did not experience cyber fraud or computer misuse in the 12 months prior to interview. When asked about their experiences, 13.9% said they had experienced at least one type of cyber fraud or computer misuse in 2019/20,[98] down from 20.4% in 2018/19. Of those, 3.0% experienced more than one type.[99]

As this is only the second year these questions have been included in the survey any changes between years should be treated with caution as no trend can be identified.

For context, the Crime Survey for England and Wales (CSEW) estimates that 3.6% of adults were victims of cyber fraud and that 1.6% were victim of computer misuse in the year ending March 2020.[100] However, the CSEW and SCJS data are not directly comparable, as the two surveys ask notably different questions and follow different processes.

For example, the CSEW captures detailed information about specific incidents, which enables them to be examined by specially trained coders and recorded as a crime in a similar way to how other crimes are recorded by each survey.

In contrast, the cyber fraud and computer misuse questions in the SCJS are newer and designed to provide relatively high level and indicative information about the extent of reported victimisation in order to start building up evidence on cyber crime in Scotland (they do not include detailed follow up questions). This means that, for example, some incidents might be included where only an attempt was made, where it involved a workplace-owned device or where the incident occurred prior to the 12 month period asked about.

Which types of cyber fraud and computer misuse were most common?

In 2019/20, the types of cyber fraud and computer misuse that people were most likely to have experienced were having their device infected by a virus and having their card or bank account details stolen online.

The 2019/20 SCJS found that the types of cyber fraud and computer misuse that people were most likely to have experienced were having their device infected by a virus (experienced by 4.6% of internet users) and having their card or bank account details stolen online (experienced by 4.5% of internet users).

Figure 8.1 shows the proportion of people experiencing each type of cyber fraud and computer misuse. Overall, when combining categories into fraud or computer misuse,[101] online fraud was a more common occurrence than computer misuse offences.

Figure 8.1: Proportion of people having experienced types of cyber fraud and computer misuse
Chart showing proportion of people having experienced types of cyber fraud & computer misuse

Base: All internet users (4,670) Variable: CYBER2.

How did experiences of cyber fraud and computer misuse vary amongst the population?

Men were more likely than women to experience computer misuse.

The 2019/20 SCJS found that men were more likely than women to experience cyber fraud or computer misuse overall (15.3% compared to 12.6%, respectively). When looking at individual types of cyber fraud and computer misuse, men were more likely than women to experience both types of computer misuse (viruses and ransomware). There were no differences in the likelihood of experiencing any of the types of cyber fraud asked about in the SCJS.

There was no clear pattern when looking at the likelihood of experiencing any type of cyber fraud and computer misuse by age.

Overall, variation in the likelihood of being a victim of any type of cyber fraud or computer misuse with age did not show a clear pattern in 2019/20. This is in contrast to 2018/19 where the SCJS found that those aged 60 and over were least likely to experience cyber fraud and computer misuse. As mentioned above, however, it is not advisable to draw conclusions on trends over time, as these questions were only first asked in 2018/19.

When looking at specific types of cyber fraud and computer misuse, the SCJS found that victims of phone scams were most likely to be aged 60 and over.

The 2019/20 SCJS found no difference in experiences of cyber fraud or computer misuse overall by area deprivation, or between those living in urban and rural areas.

Area deprivation and rurality were not found to impact on the likelihood of becoming a victim of cyber fraud or computer misuse overall. However, internet users in less deprived areas and urban areas of Scotland were more likely to experience online dating fraud (although less than 0.2% of adults experienced this type of fraud in these areas). Those not living in the 15% most deprived areas of Scotland were also more likely to be a victim of having personal details stolen online, ransomware, and phone scams.

What impact did cyber fraud and computer misuse have on victims, and how did these experiences affect their online behaviours?

Most victims said that cyber fraud and computer misuse incidents had no impact on them, but they reported having changed some of their online behaviours as a result.

Victims were asked about the impact of their experience of cyber fraud and computer misuse crime, and whether the incident led to them modifying their online behaviours.

Respondents were presented with a list of possible impacts and behaviour changes, and were able to choose more than one option. These impacts and behaviour changes are listed below. This section presents figures for each type of cyber fraud and computer misuse individually.[102]

The survey found that in 2019/20 a large proportion of cyber fraud and computer misuse victims said their experience had no impact on them[103] (41% of virus victims; 64% of people who had their online account accessed for fraudulent purposes; 73% of scam email victims; 85% of scam phone call victims). The most notable outlier was in the case of people who had their card or bank account stolen online, with almost three-quarters (72%) saying that the incident led to them losing their money, but that they were able to get it back in full.

Figure 8.2 presents commonly reported impacts for each type of cyber fraud and computer misuse, alongside commonly reported behaviour changes. The results for the full list of reported impact and behaviour changes can be found in the online data tables.

Impact of cyber fraud and computer misuse:

  • You lost money, which you did not get back or did not get back in full
  • You lost money, but you were able to get it back in full
  • You had to pay for something new (e.g. a replacement PC)
  • You had to take time off from work/studying/other responsibilities
  • You lost your job
  • You were unable to access your computer, laptop, mobile device, or the internet
  • Your relationships with others suffered
  • Your mental health was affected (e.g. anxiety, depression etc.)
  • You were afraid you might be intimidated or physically threatened
  • Your physical health was affected
  • You lost sleep or had trouble sleeping
  • You lost confidence in going online/using the internet
  • Other (specify)
  • None of these

Behaviour changes as a result of cyber fraud and computer misuse:

  • No longer use the internet Less likely to buy goods online
  • Only buy goods from websites with the padlock symbol
  • Less likely to bank online
  • Less likely to give personal information on websites generally
  • Only visit websites you know and trust
  • Only use your own computer/mobile device to access the internet
  • Installed anti-virus software
  • Automatically update systems and software when prompted to do so
  • More likely to back up data
  • Less likely to click on links to unknown websites (e.g. in adverts, emails etc.)
  • Less likely to share/send links to friends etc.
  • Do not open emails from people you don't know
  • Use different passwords for different websites
  • Regularly change your passwords
  • Took steps to learn more about online safety
  • Other (specify)
  • None of these
Figure 8.2: Reported impact and behaviour changes following experience of cyber fraud and computer misuse
Chart showing reported impact and behaviour changes after experience of cyber fraud/computer misuse

Base: All victims of: virus (190); card or bank account details stolen online (200); someone accessed online account fraudulently (140); scam email (120); Scam phone call (90). Variables: CYBER3_2; CYBER3_3; CYBER3_5; CYBER3_6; CYBER3_7; CYBER4_2; CYBER4_3; CYBER4_5; CYBER4_6; CYBER4_7.

Did victims report cyber fraud and computer misuse and which authorities were the crimes reported to?

The majority of victims of most types of cyber fraud and computer misuse did not report the incident to the authorities. When the incident was reported, victims rarely turned to the police.

The SCJS also asked victims whether they reported the incident they experienced, and if they did, to whom.[104] If people had experienced more than one incident of a particular issue, they were asked to answer in relation to the most recent incident of that type of cyber fraud or computer misuse.

Overall, the majority of victims of most types of cyber fraud and computer misuse did not report the incident they experienced. The only type of cyber fraud and computer misuse which was reported by most victims was the online theft of a bank card or bank account details (reported by 78% of victims).[105]

Figure 8.3: Proportion of cyber fraud and computer misuse reported to anyone
Chart showing proportion of cyber fraud & computer misuse reported to anyone

Base: All victims of: card or bank account details stolen online (200); scam email (120); online account accessed for fraudulent purposes (140); scam phone call (90); virus (190). Variables: CYBER5_2; CYBER5_3; CYBER5_5; CYBER5_6; CYBER5_7.

Only a small proportion of victims reported the incidents to the police (5% of those having their card or bank account details stolen online and scam phone calls, and 1% of those who had experienced a virus, scam email or having their online account accessed for fraudulent purposes).

A full breakdown of other authorities that victims reported incidents of cyber fraud and computer misuse can be found in the online data tables.

Why did most victims of cyber fraud and computer misuse not report the incident to the police?

Many victims did not report cyber fraud or computer misuse to the police because they dealt with the issue themselves. However, victims whose card details were stolen online often thought that the first authority they reported the crime to would contact the police.

When asked why they did not report the incident to the police, victims of cyber fraud and computer misuse tended to say it was because they dealt with the issue themselves (45% of people who had their devices infected by a virus; 39% of phone scams victims; 32% of victims of fraudulent access to their online accounts; 32% of scam email victims).

The most commonly cited reason for not reporting their card or bank account details being stolen to the police was that victim thought that the incident would be reported to the police by the first authority[106] they had turned to (40%). This is in line with the finding that the majority (74%) of victims of card or bank account fraud who reported the incident turned to their bank.

A full list of the reasons why incidents were not reported to the police can be found in the data tables.

What else can the SCJS tell us about fraud in 2019/20?

Indicative findings suggest that just over one-in-twenty adults had their credit/bank card details stolen and around one-in-one-hundred had their identity stolen, however the extent of cyber involvement is unknown.

In addition to the cyber fraud and computer misuse questions, since 2008/09 the SCJS has captured evidence on people's experiences of certain types of fraud, as well as their perceptions of fraud.

It is important to note that, unlike the cyber fraud and computer misuse questions, these are asked to all adults, not only to internet users. Furthermore, these questions provide indicative findings only, as respondents are not asked for full details of the incidents that would enable them to be coded into valid/invalid[107] SCJS crimes in the way that other 'traditional' SCJS crime incidents are. Nevertheless, the data remains valuable for time-series analysis purposes. It is reasonable to assume that a number of the fraud experiences being recorded by the SCJS have a cyber component, however, the extent to which this is the case is unknown.

The SCJS found that 6.0% of adults in 2019/20 reported that they had their credit or bank card details used fraudulently in the previous 12 months. This is unchanged from 2018/19, and has increased from 3.6% in 2008/09. Identity theft was less common, with 1.1% of adults reporting experiences of such incidents in 2019/20, unchanged from both 2018/19 and 2008/09.[108]

Although the findings from the SCJS are only indicative, it is notable that the CSEW finds relatively similar results on prevalence using a more expansive set of questions added in recent years to robustly capture experiences of fraud. The CSEW figures for the year ending March 2020[109] show incidents of fraud (excluding computer misuse) were experienced by 6.6% of adults in England and Wales.

What can the 2019/20 SCJS tell us about concerns about fraud?

As in recent years, respondents in 2019/20 were most likely to report being worried about acts of fraud, as well as thinking these incidents were likely to happen to them in the next year, compared to other types of crime.

The SCJS also asks respondents which crime types they worry about happening, or think are likely to happen to them.

In 2019/20, half (50%) of adults in Scotland were worried about their bank/credit card details being used to obtain money, goods or services.[110] As in previous years, the next most worried about crime type was identity theft[111] with 39% of adults worrying about this issue in 2019/20. Levels of worry about these two types of fraud were higher than for all other crime types asked about in 2019/20. Looking over time, worry about both types of fraud has fallen since 2008/09, and worry about identity theft has also decreased since 2018/19 (worry about someone using their credit or bank details fraudulently has shown no change).

As in previous years, worry about both of these acts in 2019/20 varied by demographic characteristics. The SCJS found that women were more likely to be worried about fraud than men (55% of women worried about their credit or bank details being used fraudulently, compared to 45% of men, and 41% of women worried about identity theft, compared to 36% of men).

People between the ages of 16 and 24 were also less worried than all other age groups about having their identity stolen (21%) and about someone using their credit or bank details fraudulently (36%).[112]

In 2019/20, over half of respondents (57%) did not think it was likely that they would experience any of the crimes listed in the next 12 months.[113] However, the crime that respondents most commonly thought would happen to them was someone using their credit card/bank details fraudulently (23%). As with worry about crime, this was followed by people thinking their identity would be stolen (13%). The perceived likelihood of credit card/bank details being used fraudulently has decreased since 2018/19 but has increased since 2008/09, whereas the perceived likelihood of experiencing identity theft has decreased since 2018/19 and is now back in line with the 2008/09 level. Worry and the perceived likelihood of experiencing a range of other crimes is discussed in more detail in Chapter 7.

While there was no difference in perceived likelihood of being a victim of identity theft between women and men, a higher proportion of women than men thought it was likely they would have their credit/bank details stolen (25% compared to 21%).

Age also played a role in defining people's beliefs about the likelihood of being the target of fraud, with young people least likely to report thinking they would become a victim of identity theft (6%) or of card/bank account fraud (15%).[114]

Respondents living in the 15% most deprived areas of Scotland were less likely than respondents in the rest of Scotland to think that their credit/bank card details would be used to fraudulently buy goods/services (16% and 25%) and that their identity would be stolen (9% and 13%) in the next year.

There were no differences between those living in urban and rural locations in the perceived likelihood of experiencing these two types of fraud in the next year.

It is interesting to note that while the perceived likelihood of becoming a victim of fraud has increased over time, worry about fraud has decreased over the same period as shown in Figure 8.4. Please note that the extent to which people's levels of concern for fraud related to cyber fraud incidents is unknown.

Figure 8.4: Proportion of adults concerned about fraud and identity theft, 2008/09 to 2019/20
Chart showing proportion of adults concerned about fraud and identity theft

Base: All adults 2008/09 (16,000), 2009/10 (16,040), 2010/11 (13,010), 2012/13 (QWORR identity theft: 12,010; card theft: 12,020; QHAPP: 12,050), 2014/15 (11,470), 2016/17 (5,570), 2017/18 (5,480), 2018/19 (5,540), 2019/20 (5,570). Variables: QWORR; QHAPP.

Cyber elements in property and violent crime

To what extent did property and violent crimes have a cyber element in 2019/20?

Only a small proportion of property and violent crime in 2019/20 had a cyber element.

In 2018/19, a 'cyber flag'[115] was added to the survey questionnaire in order to enable the SCJS to examine the proportion of property and violent crime traditionally picked up by the survey with a cyber element.[116]

The 2019/20 SCJS found that 6% of violent crime and 1% of property crime had a cyber element. The proportion of violent crime with a cyber element has increased from 1% in 2018/19, whereas it is unchanged for property crime.

The SCJS also asks victims of violent crime whether the crime was recorded for instance on a mobile phone or camera, or by CCTV.[117] In 2019/20, 6% of violent crimes experienced by adults were recorded on a device, unchanged from the previous year.

Cyber elements in stalking and harassment

The SCJS asks respondents about their experiences of being stalked or harassed. Firstly, in the main survey a quarter of the whole sample are asked if they have been insulted, pestered or intimidated in any way by someone outwith their household in the year prior to interview. More detailed findings for the year 2019/20 are provided in the Focus on harassment and discrimination section.

Later, the whole sample is invited to complete the self-completion module on stalking and harassment,[118] which asks respondents if they have experienced any of the following behaviours more than once: the receiving of unwanted letters or cards; receiving of unwanted messages by text, email, messenger or posts on social media sites; receiving unwanted phone calls; loitering outside their home or workplace; being followed; and/or having intimate pictures of them shared without consent, for example by text, on a website, or on a social media site.[119] More detailed findings are provided in Chapter 9.

To what extent were people insulted or harassed online in 2019/20?

Most adults did not experience being insulted, pestered, or intimidated in 2019/20, but among those who did encounter such behaviour, in-person experiences continued to be more common than online.

In 2019/20, 13% of adults said they had been insulted, pestered or intimated in any way by someone outwith their household. This was unchanged from 2018/19.[120] Of those adults that said they experienced harassment in the year prior to interview, the vast majority (88%) were insulted, pestered or intimidated 'in person', whilst 13% encountered such behaviour 'in writing via text, email, messenger or posts on social media sites'[121] (unchanged from 2018/19).[122]

Incidents of stalking and harassment are most commonly experienced by electronic means, including online.

The SCJS also collects data on arguably more severe examples of stalking and harassment through the self-completion element of the survey. In 2018/20,[123] 11.8% of adults experienced at least one type of stalking and harassment, unchanged from 2016/18.[124]

The most common type of stalking and harassment which was experienced by victims was being sent unwanted messages by text, email, messenger or posts on social media sites. This was experienced by over two-thirds (70%) of all those who had experienced at least one form of stalking and harassment, whilst 5% of respondents who had experienced at least one incident of stalking and harassment in the 12 months prior to interview said that the perpetrator shared intimate pictures of them - a crime which is also likely to have a cyber element.

Widening the focus: How does wider analytical work complement the evidence provided by the SCJS on cyber crime?

A number of published strategies emphasise the challenges and risks of cyber crime, including the Strategic Framework for a Cyber Resilient Scotland and Policing 2026. Scotland's Scams Prevention, Awareness & Enforcement Strategy is also due to be published later in March 2021.

To inform this on-going strategic work, a range of analytical work is being carried out with the aim of developing the evidence base around cyber crime. The sections below briefly highlight where the Scottish Government's Cyber Crime Evidence Review, the Crime Survey for England and Wales and Police Scotland's cyber marker can tell us more about the involvement of cyber technology in sexual crimes, computer misuse and police recorded crime.

Sexual crimes in the Scottish Government's cyber crime evidence review

While the SCJS provides evidence on the prevalence of sexual victimisation in Scotland, the survey does not currently collect data which enables an assessment of whether sexual crimes involved an online element.

In 2018, the Scottish Government published an evidence review of cyber crime, exploring existing evidence (such as the SCJS, CSEW and recorded crime data) and literature in order to assess the scale, nature and impact of cyber crime on individuals and businesses in Scotland.

This review includes reference to research undertaken by Scottish Government analysts which studied a sample of police records from 2013/14 and 2016/17 and included consideration of the influence of cyber technology on sexual crime in Scotland.[125] This research found that both the scale and nature of sexual crime has been impacted by cyber technology in Scotland in recent years. For example:

  • the research estimated that a rise in cyber-enabled 'other sexual crimes' has contributed to around half of the growth in all police recorded sexual crimes in Scotland between 2013/14 and 2016/17
  • it is estimated that the internet was used as a means to commit at least 20% of all sexual crimes recorded by the police in 2016/17
  • when the specific 'other sexual crimes' of 'communicating indecently' and 'cause to view sexual activity or images' are cyber-enabled, victims and offenders tend to be younger (three-quarters of victims aged under 16 and more than half of offenders under 20) and are more likely to know of one another

Computer misuse and fraud in the Crime Survey for England and Wales

As discussed previously, the Crime Survey for England and Wales (CSEW) has developed and included a substantial module to robustly capture experiences of fraud and computer misuse since October 2015. The questions provide estimates on the incidence, prevalence and nature of these crimes and also the proportion of fraud and computer misuse incidents that are cyber related.

The CSEW estimates that, in the year ending in March 2020, just under 1 million (876,000) incidents of computer misuse were experienced by 1.6% of adults in England and Wales.[126]

Police recorded cyber crime

Since the introduction of cyber crime markers on crime recording systems in April 2016, Police Scotland has continued to develop its marking practices across other Police Scotland recording systems and databases. This activity is being undertaken by the Cybercrime Capability Programme under Police Scotland's 'Policing 2026 Strategy'. According to a Police Scotland report in 2020, the tagging, marking, and logging of cyber crime has risen significantly in April-December 2019/20 compared to the same period last year, mostly as a result of the "Tag it, Mark it, Log it" campaign launched in October 2018 with the aim of improving Police Scotland's ability to identify occurrences of cyber crime. As this marker becomes fully embedded across Police Scotland systems, it should provide a valuable evidence source of police recorded crimes involving a cyber element.

The Recorded Crime in Scotland 2018/19 bulletin included a topical analysis of police recorded fraud. It was found that an estimated 28% of fraud recorded in 2018/19 was cyber enabled (i.e. the internet was used as a means to commit the crime).

To enhance the wider evidence base on cyber crime, Scottish Government statisticians will conduct a further study this year based on a sample of police recorded crimes. The findings will be published in the Recorded Crime in Scotland 2020/21 bulletin in Autumn 2021, and will include an estimate of the volume of cyber enabled crime recorded by the police in 2019/20 and 2020/21, and further information on the types of crime this includes.

What's next?

The cyber fraud and computer misuse questions, reported for the first time in the 2018/19 SCJS, represent an important step in developing the cyber crime evidence base in Scotland. We welcome feedback from users on this data, the role it can play in the wider cyber crime evidence base, and areas for potential future development.

Scottish Crime and Justice cyber crime section - provide feedback

We welcome feedback at any time. Please contact us if you have any comments or suggestions. For more general queries on evidence and data around cyber crime beyond the SCJS, please contact justice_analysts@gov.scot.

Contact

Email: scjs@gov.scot

Back to top