Monday, November 20, 2023

Latest Cyber Crime Statistics from the UK

Latest Cyber Crime Statistics from the UK

Have you ever searched for "UK cyber crime statistics"? We have. It's not great. The same old tired cyber crime statistics, disorganised and from the same regurgitated sources, with very poor references to the data behind them.

Today, all that changes.

🙌

We've compiled the UK's reported cyber-enabled crime data from Action Fraud to give you all much clearer cyber crime statistics from the UK.

We measured it between June 2022 to May 2023 to give a clearer picture of the impact that cyber crime is having in this country over a 12 month period.

To provide even greater insight, we've looked deeper into the regions within the UK, breaking it down further into individual and organisational differences.

So, what are you waiting for?

Let's get started:

Contents

Headline cyber crime statistics for the UK

Cyber Crime Stats - UK

Let's take a look at the cyber crime statistics in the UK:

  • There were 214k reports of cyber-enabled crime in the UK.

  • Resulting in £1.7B of reported financial losses.

  • £7.8k was the average reported financial loss per report of cyber-enabled crime in the UK overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 106k, which equated to 49.5% of all reports.

  • £758M of reported financial losses came directly from Banking fraud, equating to 45.6% of the total losses.

  • Investment fraud had the highest average reported financial loss per report at £30.5k.

Cyber attacks for individuals

For individuals, there were:

  • 200k reports of cyber-enabled crime from individuals in the UK.

  • Resulting in £890M of reported financial losses.

  • £4.5k was the average reported financial loss per report of cyber-enabled crime for individuals in the UK.

  • 50.5% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £197M in reported losses. 17.9% were for Advance Fee fraud, resulting in £73M in losses. 11.1% were for Banking fraud, resulting in £155M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £459M. Investment fraud accounted for 7.9% of all reports but 51.6% of reported financial losses, making it the highest average reported financial loss per individual at £28.9k.

  • The highest number of reports based on age came from 20-29 year olds at 20.4%.

  • They also had the highest financial losses at £161M (18.1%).

  • 70-79 year olds had the highest average reported financial loss per report at £10k.

Cyber attacks for organisations

For organisations, this was:

  • 14.6k reports of cyber-enabled crime from organisations in the UK.

  • Resulting in £773M of reported financial losses.

  • £52.7k was the average reported financial loss per report of cyber-enabled crime for organisations in the UK.

  • 63.8% of businesses were Limited companies, followed by PLCs (12.2%).

  • 43% of reported cyber-enabled crime from organisations were Banking related, resulting in £603M in reported losses. 36.5% were for Consumer fraud, resulting in £122M in losses. 2.1% were for Investment fraud, resulting in £34M in losses.

  • The highest average reported financial loss per organisation came from Investment fraud, which stood at £144k.

By Region:

Cyber crime statistics from London

Cyber Crime Stats - London, UK

Let's take a look at the cyber crime statistics in London:

  • 38.3k reports of cyber-enabled crime in London.

  • Resulting in £895.2M of reported financial losses.

  • £23.4k was the average reported financial loss per report of cyber-enabled crime in London overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 18.8k, which equated to 49.1% of all reports.

  • £595.7M of reported financial losses came directly from Banking fraud, equating to 66.5% of the total losses.

  • Public Sector fraud had the highest average reported financial loss per report at £185.7k.

Individuals

The cyber crime statistics for individuals were:

  • 35k (91.5%) reports of cyber-enabled crime from individuals in London.

  • Resulting in £337M (37.7%) of reported financial losses.

  • £9.6k was the average reported financial loss per report of cyber-enabled crime for individuals in London.

  • 50.6% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £46.8M in reported losses. 17.3% were for Advance Fee fraud, resulting in £15.7M in losses. 11.7% were for Cyber Dependent fraud, resulting in £1.2M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £195.6M. Investment fraud accounted for 9.4% (3.3k) of all reports but 58% of reported financial losses, making it the highest average reported financial loss per individual at £59.3k.

  • The highest number of reports based on age in London came from 20-29 year olds at 26.4%.

  • The highest financial losses came from the same group, 20-29 year olds, at £120.8M (35.8%).

  • 70-79 year olds had the highest average reported financial loss per report at £43k (1.5k reports).

Organisations

For organisations, this was:

  • 3.3k (8.5%) reports of cyber-enabled crime from organisations in London.

  • Resulting in £558M (62.3%) of reported financial losses.

  • £171k was the average reported financial loss per report of cyber-enabled crime for organisations in London.

  • 65.6% of businesses were Limited companies, followed by PLCs (18.6%).

  • 48.9% of reported cyber-enabled crime from organisations were Banking related, resulting in £518.4M in reported losses. 32.4% were for Consumer fraud, resulting in £20.5M in losses. 13.6% were for Cyber Dependant fraud, resulting in £1.2M in losses.

  • The highest average reported financial loss per organisation in London came from Banking fraud, which stood at £325k.

Cyber crime statistics from the South East

Cyber Crime Stats - South East, UK

Let's take a look at the cyber crime stats for the South East:

  • 25.3k reports of cyber-enabled crime in the South East.

  • Resulting in £135M of reported financial losses.

  • £5.3k was the average reported financial loss per report of cyber-enabled crime in the South East overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 12.2k, which equated to 48.2% of all reports.

  • £60.5M of reported financial losses came directly from Investment fraud, equating to 44.8% of the total losses.

  • Public Sector fraud had the highest average reported financial loss per report at £40k.

Individuals

The cyber crime statistics for individuals were:

  • 23.7k (93.7%) reports of cyber-enabled crime from individuals in the South East.

  • Resulting in £102M (75.3%) of reported financial losses.

  • £4.3k was the average reported financial loss per report of cyber-enabled crime for individuals in the South East.

  • 49.1% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £24.3M in reported losses. 19.5% were for Advance Fee fraud, resulting in £10.7M in losses. 12.4% were for Cyber Dependent fraud, resulting in £248k in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £54.8M. Investment fraud accounted for 8.1% (1.9k) of all reports but 53.9% of reported financial losses, making it the highest average reported financial loss per individual at £28.4k.

  • The highest number of reports based on age in the South East came from 30-39 year olds at 18.1% (4.3k).

  • The highest financial losses came from 60-69 year olds, at £28.1M (27.6%).

  • They also had the highest average reported financial loss per report at £9k (3.1k reports).

Organisations

For organisations, this was:

  • 1.5k (6.3%) reports of cyber-enabled crime from organisations in the South East.

  • Resulting in £33.4M (24.7%) of reported financial losses.

  • £21k was the average reported financial loss per report of cyber-enabled crime for organisations in the South East.

  • 71.9% of businesses were Limited companies, followed by PLCs (7.3%).

  • 46.2% of reported cyber-enabled crime from organisations were Banking related, resulting in £19.5M in reported losses. 34% were for Consumer fraud, resulting in £7.2M in losses. 15.8% were for Cyber Dependant fraud, resulting in £93k in losses.

  • The highest average reported financial loss per organisation in the South East came from Investment fraud, which stood at £219k.

Cyber crime statistics from the South West

Cyber Crime Stats - South West, UK

Let's take a look at the cyber crime stats for the South West:

  • 18.3k reports of cyber-enabled crime in the South West.

  • Resulting in £73.3M of reported financial losses.

  • £4k was the average reported financial loss per report of cyber-enabled crime in the South West overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 9.2k, which equated to 50.6% of all reports.

  • £26M of reported financial losses came directly from Investment fraud, equating to 35.6% of the total losses.

  • This also had the highest average reported financial loss per report at £21k.

Individuals

The cyber crime statistics for individuals were:

  • 17k (94.4%) reports of cyber-enabled crime from individuals in the South West.

  • Resulting in £63M (85.9%) of reported financial losses.

  • £3.6k was the average reported financial loss per report of cyber-enabled crime for individuals in the South West.

  • 51.1% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £19.1M in reported losses. 20% were for Advance Fee fraud, resulting in £7.8M in losses. 11.7% were for Cyber Dependent fraud, resulting in £194k in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £25.5M. Investment fraud accounted for 7.1% (1.2k reports) of all reports but 40.5% of reported financial losses, making it the highest average reported financial loss per individual at £20.8k.

  • The highest number of reports based on age in the South West came from 30-39 year olds at 18% (3.1k reports).

  • The highest financial losses came from 40-49 year olds, at £14M (27.6%).

  • 70-79 year olds had the highest average reported financial loss per report at £5.9k (1.8k reports).

Organisations

For organisations, this was:

  • 1k (5.6%) reports of cyber-enabled crime from organisations in the South West.

  • Resulting in £10.3M (14.1%) of reported financial losses.

  • £10k was the average reported financial loss per report of cyber-enabled crime for organisations in the South West.

  • 64.3% of businesses were Limited companies, followed by Other (9%).

  • 42.5% of reported cyber-enabled crime from organisations were Consumer related, resulting in £4.9M in reported losses. 36.4% were for Banking fraud, resulting in £4.4M in losses. 17.9% were for Cyber Dependant fraud, resulting in £13.5k in losses.

  • The highest average reported financial loss per organisation in the South West came from Investment fraud, which stood at £57.5k.

Cyber crime statistics from the North West

Cyber Crime Stats - North West, UK

Let's take a look at the cyber crime statistics in the North West:

  • 27.1k reports of cyber-enabled crime in the North West.

  • Resulting in £94.1M of reported financial losses.

  • £3.5k was the average reported financial loss per report of cyber-enabled crime in the North West overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 13.1k, which equated to 48.5% of all reports.

  • £34.6M of reported financial losses came directly from Investment fraud, equating to 36.8% of the total losses.

  • It also had the highest average reported financial loss per report at £19.6k.

Individuals

The cyber crime statistics for individuals were:

  • 25k (92.3%) reports of cyber-enabled crime from individuals in the North West.

  • Resulting in £69M (73.3%) of reported financial losses.

  • £2.8k was the average reported financial loss per report of cyber-enabled crime for individuals in the North West.

  • 48.9% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £21.7M in reported losses. 16.6% were for Advance Fee fraud, resulting in £7.8M in losses. 13.1% were for Banking fraud, resulting in £8.7M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £30.3M. Investment fraud accounted for 7% (1.7k) of all reports but 43.9% of reported financial losses, making it the highest average reported financial loss per individual at £17.3k.

  • The highest number of reports based on age in the North West came from 20-29 year olds at 20.1% (5k).

  • The highest financial losses came from 50-59 year olds, at £15.6M (22.6%).

  • 90-99 year olds had the highest average reported financial loss per report at £10.5k (73 reports).

Organisations

For organisations, this was:

  • 2.1k (7.7%) reports of cyber-enabled crime from organisations in the North West.

  • Resulting in £25.1M (26.7%) of reported financial losses.

  • £12.1k was the average reported financial loss per report of cyber-enabled crime for organisations in the North West.

  • 59% of businesses were Limited companies, followed by PLCs (21.1%).

  • 45.1% of reported cyber-enabled crime from organisations were Banking related, resulting in £15.8M in reported losses. 25.7% were for Consumer fraud, resulting in £4.7M in losses. 4.7% were for Cyber Dependant fraud, resulting in £128.7k in losses.

  • The highest average reported financial loss per organisation in the North West came from Investment fraud, which stood at £215k.

Cyber crime statistics from the North East

Cyber Crime Stats - North East, UK

Let's take a look at the cyber crime stats for the North East:

  • 7k reports of cyber-enabled crime in the North East.

  • Resulting in £21.1M of reported financial losses.

  • £3k was the average reported financial loss per report of cyber-enabled crime in the North East overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 3.6k, which equated to 51.6% of all reports.

  • £9.4M of reported financial losses came directly from Investment fraud, equating to 44.5% of the total losses.

  • Public Sector fraud had the highest average reported financial loss per report at £36.5k.

Individuals

The cyber crime statistics for individuals were:

  • 6.5k (94.2%) reports of cyber-enabled crime from individuals in the North East.

  • Resulting in £15.8M (75%) of reported financial losses.

  • £2.4k was the average reported financial loss per report of cyber-enabled crime for individuals in the North East.

  • 51.5% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £4M in reported losses. 19.2% were for Advance Fee fraud, resulting in £1.7M in losses. 12.3% were for Cyber Dependent fraud, resulting in £118k in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £8.1M. Investment fraud accounted for 6.9% (454) of all reports but 51.2% of reported financial losses, making it the highest average reported financial loss per individual at £17.8k.

  • The highest number of reports based on age in the North East came from 20-29 year olds at 19.7%.

  • The highest financial losses came from 50-59 year olds, at £3.9M (24.6%).

  • 0-9 year olds had the highest average reported financial loss per report at £12.6k (17 reports).

Organisations

For organisations, this was:

  • 405 (5.8%) reports of cyber-enabled crime from organisations in the North East.

  • Resulting in £5.3M (25%) of reported financial losses.

  • £13k was the average reported financial loss per report of cyber-enabled crime for organisations in the North East.

  • 76.8% of businesses were Limited companies, followed by Sole traders (6.9%).

  • 53.1% of reported cyber-enabled crime from organisations were Consumer related, resulting in £538k in reported losses. 25.7% were for Banking fraud, resulting in £2.7M in losses. 4.7% were for Public Sector fraud, resulting in £730k in losses.

  • The highest average reported financial loss per organisation in the North East came from Investment fraud, which stood at £186k.

Cyber crime statistics from the East

Cyber Crime Stats - East, UK

Let's take a look at the cyber crime stats for the East:

  • 28.7k reports of cyber-enabled crime in the East.

  • Resulting in £183M of reported financial losses.

  • £6.4k was the average reported financial loss per report of cyber-enabled crime in the East overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 13.9k, which equated to 48.5% of all reports.

  • £98.3M of reported financial losses came directly from Consumer fraud, equating to 53.7% of the total losses.

  • Investment fraud had the highest average reported financial loss per report at £21.5k.

Individuals

The cyber crime statistics for individuals were:

  • 26.9k reports of cyber-enabled crime from individuals in the East.

  • Resulting in £93.1M of reported financial losses.

  • £3.4k was the average reported financial loss per report of cyber-enabled crime for individuals in the East.

  • 49.2% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £26.8M in reported losses. 18.8% were for Advance Fee fraud, resulting in £9.3M in losses. 10.7% were for Banking fraud, resulting in £11.3M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £45.1M. Investment fraud accounted for 8% of all reports but 48.4% of reported financial losses, making it the highest average reported financial loss per individual at £20.9k.

  • The highest number of reports based on age in the East came from 30-39 year olds at 19.6%.

  • The highest financial losses came from 40-49 year olds at £21.7M (23.3%).

  • 90-99 year olds had the highest average reported financial loss per report at £7k.

Organisations

For organisations, this was:

  • 1.7k reports of cyber-enabled crime from organisations in the East.

  • Resulting in £89.9M of reported financial losses.

  • £52.5k was the average reported financial loss per report of cyber-enabled crime for organisations in the East.

  • 69.3% of businesses were Limited companies, followed by PLCs and Charities (5.7%).

  • 41.8% of reported cyber-enabled crime from organisations were Banking related, resulting in £15.5M in reported losses. 38.5% were for Consumer fraud, resulting in £71.5M in losses. 3.1% were for Investment fraud, resulting in £2.3M in losses.

  • The highest average reported financial loss per organisation in the East came from Consumer fraud, which stood at £109k.

Cyber crime statistics from the East Midlands

Cyber Crime Stats - East Midlands, UK

Let's take a look at the cyber crime stats for the East Midlands:

  • 16.9k reports of cyber-enabled crime in the East Midlands.

  • Resulting in £60.7M of reported financial losses.

  • £3.6k was the average reported financial loss per report of cyber-enabled crime in the East Midlands overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 8.5k, which equated to 50.3% of all reports.

  • £25M of reported financial losses came directly from Investment fraud, equating to 41.3% of the total losses.

  • Investment fraud had the highest average reported financial loss per report at £20.9k.

Individuals

The cyber crime statistics for individuals were:

  • 15.9k reports of cyber-enabled crime from individuals in the East Midlands.

  • Resulting in £51M of reported financial losses.

  • £3.2k was the average reported financial loss per report of cyber-enabled crime for individuals in the East Midlands.

  • 51.4% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £14M in reported losses. 18% were for Advance Fee fraud, resulting in £5.4M in losses. 11.1% were for Banking fraud, resulting in £6.4M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £24.3M. Investment fraud accounted for 7.5% of all reports but 48.1% of reported financial losses, making it the highest average reported financial loss per individual at £20.4k.

  • The highest number of reports based on age in the East Midlands came from 20-29 year olds at 19.7%.

  • The highest financial losses came from 60-69 year olds at £11.5M (22.7%).

  • 70-79 year olds had the highest average reported financial loss per report at £6.8k.

Organisations

For organisations, this was:

  • 1k reports of cyber-enabled crime from organisations in the East Midlands.

  • Resulting in £10.1M of reported financial losses.

  • £9.4k was the average reported financial loss per report of cyber-enabled crime for organisations in the East Midlands.

  • 69.9% of businesses were Limited companies, followed by PLCs (10.3%).

  • 41.3% of reported cyber-enabled crime from organisations were Banking related, resulting in £6.2M in reported losses. 34.6% were for Consumer fraud, resulting in £2.6M in losses. 2.1% were for Investment fraud, resulting in £34M in losses.

  • The highest average reported financial loss per organisation in the East Midlands came from Public Sector fraud, which stood at £125k for 1 report.

Cyber crime statistics from the West Midlands

Cyber Crime Stats - West Midlands, UK

Let's take a look at the cyber crime stats for the West Midlands:

  • 19.2k reports of cyber-enabled crime in the West Midlands.

  • Resulting in £81.5M of reported financial losses.

  • £4.2k was the average reported financial loss per report of cyber-enabled crime in the West Midlands overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 9.4k, which equated to 49% of all reports.

  • £30.3M of reported financial losses came directly from Investment fraud, equating to 37.2% of the total losses.

  • Public Sector fraud had the highest average reported financial loss per report at £22.3k.

Individuals

The cyber crime statistics for individuals were:

  • 18.2k (94.6%) reports of cyber-enabled crime from individuals in the West Midlands.

  • Resulting in £67.6M (83%) of reported financial losses.

  • £3.7k was the average reported financial loss per report of cyber-enabled crime for individuals in the West Midlands.

  • 49.4% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £15.4M in reported losses. 17.6% were for Advance Fee fraud, resulting in £5.8M in losses. 12.2% were for Banking fraud, resulting in £15.2M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £29.7M. Investment fraud accounted for 8.1% (1.5k) of all reports but 43.9% of reported financial losses, making it the highest average reported financial loss per individual at £20.2k.

  • The highest number of reports based on age in the West Midlands came from 20-29 year olds at 21.1%.

  • The highest financial losses came from 70-79 year olds, at £16.7M (24.7%).

  • 90-99 year olds had the highest average reported financial loss per report at £28.2k (39 reports).

Organisations

For organisations, this was:

  • 1k (5.4%) reports of cyber-enabled crime from organisations in the West Midlands.

  • Resulting in £13.8M (17%) of reported financial losses.

  • £13.2k was the average reported financial loss per report of cyber-enabled crime for organisations in the West Midlands.

  • 69.7% of businesses were Limited companies.

  • 41.6% of reported cyber-enabled crime from organisations were Consumer related, resulting in £4.9M in reported losses. 41.5% were for Banking fraud, resulting in £6.1M in losses. 14.4% were for Cyber Dependant fraud, resulting in £40k in losses.

  • The highest average reported financial loss per organisation in the West Midlands came from Corporate fraud, which stood at £316.6k.

Cyber crime statistics from Yorkshire & Humber

Cyber Crime Stats - Yorkshire & Humber, UK

Let's take a look at the cyber crime stats for Yorkshire & Humber:

  • 17.6k reports of cyber-enabled crime in Yorkshire & Humber.

  • Resulting in £61.9M of reported financial losses.

  • £3.5k was the average reported financial loss per report of cyber-enabled crime in Yorkshire & Humber overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 8.6k, which equated to 49.1% of all reports.

  • £26.5M of reported financial losses came directly from Investment fraud, equating to 42.8% of the total losses.

  • It had the highest average reported financial loss per report at £20.6k.

Individuals

The cyber crimes statistics for individuals were:

  • 16.5k (94.1%) reports of cyber-enabled crime from individuals in Yorkshire & Humber.

  • Resulting in £49M (79.2%) of reported financial losses.

  • £2.9k was the average reported financial loss per report of cyber-enabled crime for individuals in Yorkshire & Humber.

  • 49.6% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £13.4M in reported losses. 17.6% were for Advance Fee fraud, resulting in £4.8M in losses. 13.1% were for Banking fraud, resulting in £7.6M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £23.1M. Investment fraud accounted for 7.6% (1.2k) of all reports but 47.1% of reported financial losses, making it the highest average reported financial loss per individual at £18.5k.

  • The highest number of reports based on age in Yorkshire & Humber came from 20-29 year olds at 20.9%.

  • The highest financial losses came from 40-49 year olds, at £10M (20.4%).

  • 90-99 year olds had the highest average reported financial loss per report at £8.8k (26 reports).

Organisations

For organisations, this was:

  • 1k (5.9%) reports of cyber-enabled crime from organisations in Yorkshire & Humber.

  • Resulting in £12.8M (20.8%) of reported financial losses.

  • £12.3k was the average reported financial loss per report of cyber-enabled crime for organisations in Yorkshire & Humber.

  • 67.4% of businesses were Limited companies.

  • 48.9% of reported cyber-enabled crime from organisations were Consumer related, resulting in £3.2M in reported losses. 32.4% were for Banking fraud, resulting in £5.1M in losses. 13.6% were for Cyber Dependant fraud, resulting in £45.8k in losses.

  • The highest average reported financial loss per organisation in Yorkshire & Humber came from Investment fraud, which stood at £94.4k.

Cyber crime statistics from Scotland

Cyber Crime Stats - Scotland, UK

Let's take a look at the cyber crime stats for Scotland:

  • 4.7k reports of cyber-enabled crime in Scotland.

  • Resulting in £18.5M of reported financial losses.

  • £4k was the average reported financial loss per report of cyber-enabled crime in Scotland overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 2.7k, which equated to 59.1% of all reports.

  • £7M of reported financial losses came directly from Investment fraud, equating to 37.7% of the total losses.

  • This also had the highest average reported financial loss per report at £21.7k.

Individuals

The cyber crime statistics for individuals were:

  • 3.8k (81.8%) reports of cyber-enabled crime from individuals in Scotland.

  • Resulting in £9.3M (50.2%) of reported financial losses.

  • £2.4k was the average reported financial loss per report of cyber-enabled crime for individuals in Scotland.

  • 69% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £2.6M in reported losses. 11.1% were for Advance Fee fraud, resulting in £740k in losses. 8% were for Investment fraud, resulting in £4.9M in losses.

  • Investment fraud was also the highest reported financial loss for individuals. It accounted for 8% (306k) of all reports but 52.6% of reported financial losses, making it the highest average reported financial loss per individual at £16k.

  • The highest number of reports based on age in Scotland came from 20-29 year olds at 24.4%.

  • The highest financial losses came from 50-59 year olds, at £3.4M (36.5%).

  • 90-99 year olds had the highest average reported financial loss per report at £8.7k (4 reports).

Organisations

For organisations, this was:

  • 848 (18.2%) reports of cyber-enabled crime from organisations in Scotland.

  • Resulting in £9.2M (49.8%) of reported financial losses.

  • £10.9k was the average reported financial loss per report of cyber-enabled crime for organisations in Scotland.

  • 44.9% of businesses were listed as Other, followed by PLCs (30.9%).

  • 44% of reported cyber-enabled crime from organisations were Public Sector related, resulting in £250 in reported losses. 36.7% were for Banking fraud, resulting in £5.9M in losses. 13.6% were for Consumer fraud, resulting in £1.2M in losses.

  • The highest average reported financial loss per organisation in Scotland came from Investment fraud, which stood at £131k.

Cyber crime statistics from Wales

Cyber Crime Stats - Wales, UK

Let's take a look at the cyber crime stats for Wales:

  • 7.6k reports of cyber-enabled crime in Wales.

  • Resulting in £24.6M of reported financial losses.

  • £3.2k was the average reported financial loss per report of cyber-enabled crime in Wales overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 3.9k, which equated to 51.5% of all reports.

  • £11M of reported financial losses came directly from Investment fraud, equating to 44.9% of the total losses.

  • This also had the highest average reported financial loss per report at £20.9k.

Individuals

The cyber crime statistics for individuals were:

  • 7.2k (95%) reports of cyber-enabled crime from individuals in Wales.

  • Resulting in £21.2M (86.3%) of reported financial losses.

  • £2.9k was the average reported financial loss per report of cyber-enabled crime for individuals in Wales.

  • 52.2% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £5.2M in reported losses. 16.2% were for Advance Fee fraud, resulting in £1.9M in losses. 12.7% were for Banking fraud, resulting in £3M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £11M. Investment fraud accounted for 7.3% (526) of all reports but 51.8% of reported financial losses, making it the highest average reported financial loss per individual at £20.9k.

  • The highest number of reports based on age in Wales came from 30-39 year olds at 19.5%.

  • The highest financial losses came from 50-59 year olds, at £4.3M (20.3%).

  • 90-99 year olds had the highest average reported financial loss per report at £25.8k (12 reports).

Organisations

For organisations, this was:

  • 377 (5%) reports of cyber-enabled crime from organisations in Wales.

  • Resulting in £3.4M (13.7%) of reported financial losses.

  • £8.9k was the average reported financial loss per report of cyber-enabled crime for organisations in Wales.

  • 59.2% of businesses were Limited companies.

  • 47.4% of reported cyber-enabled crime from organisations were Consumer related, resulting in £1.3M in reported losses. 35.8% were for Banking fraud, resulting in £2M in losses. 3.2% were for Public Sector fraud, resulting in £23.8k in losses.

  • The highest average reported financial loss per organisation in Wales came from Investment fraud, which stood at £26.1k.

Cyber crime statistics from in Northern Ireland

Cyber Crime Stats - Northern Ireland, UK

Let's take a look at the stats for Northern Ireland:

  • 3.6k reports of cyber-enabled crime in Northern Ireland.

  • Resulting in £13.8M of reported financial losses.

  • £3.8k was the average reported financial loss per report of cyber-enabled crime in Northern Ireland overall.

  • Consumer fraud had the highest reports of cyber-enabled crime at 2k, which equated to 54.9% of all reports.

  • £6.4M of reported financial losses came directly from Investment fraud, equating to 46.3% of the total losses.

  • It also had the highest average reported financial loss per report at £20.7k.

Individuals

The cyber crime statistics for individuals were:

  • 3.4k (94.6%) reports of cyber-enabled crime from individuals in Northern Ireland.

  • Resulting in £12M (87.2%) of reported financial losses.

  • £3.5k was the average reported financial loss per report of cyber-enabled crime for individuals in Northern Ireland.

  • 56.6% of reported cyber-enabled crime from individuals came from Consumer fraud, resulting in £3.3M in reported losses. 15.1% were for Advance Fee fraud, resulting in £1.1M in losses. 10% were for Banking fraud, resulting in £1.1M in losses.

  • Highest reported financial loss for individuals came from Investment fraud at £6.2M. Investment fraud accounted for 9% (307) of all reports but 51.4% of reported financial losses, making it the highest average reported financial loss per individual at £20.1k.

  • The highest number of reports based on age in Northern Ireland came from 20-29 year olds at 20.5%.

  • The highest financial losses came from 50-59 year olds, at £3.3M (27.3%).

  • 70-79 year olds had the highest average reported financial loss per report at £7.1k (210 reports).

Organisations

For organisations, this was:

  • 194 (5.4%) reports of cyber-enabled crime from organisations in Northern Ireland.

  • Resulting in £1.8M (12.8%) of reported financial losses.

  • £9k was the average reported financial loss per report of cyber-enabled crime for organisations in Northern Ireland.

  • 58.8% of businesses were Limited companies.

  • 52.1% of reported cyber-enabled crime from organisations were Banking related, resulting in £1.1M in reported losses. 25.8% were for Consumer fraud, resulting in £20.5M in losses. 1.5% were for Corporate fraud, resulting in £302k in losses.

  • The highest average reported financial loss per organisation in Northern Ireland came from Investment fraud, which stood at £205k.

About the data

Based on a rolling 12 months of data from Action Fraud.
The data is extracted from the NFIB Fraud and Cyber Crime dashboard.
Only 'cyber-enabled' fraud and cyber crime offences amounting to a crime under the Home Office Crime Recording rules are included.
Cyber-enabled crimes are traditional crimes, which can be increased in their scale or reach by use of computers, computer networks or other forms of IT.
Information reports and crimes reported directly from partner agencies and industry are not included at this time and will account for differences to Office for National Statistics figures for fraud offences in the same period.
For more information relating to different types of fraud and cyber crime please see the Action Fraud and NFIB A-Z of fraud section on the Action Fraud website.

Limitations

Data is based on victim selection during the reporting process and this has not been verified.
Losses are based on loss amounts as reported in Action Fraud recorded crimes and these have not been verified. Where possible, efforts have been made to review losses reported in excess of £500k but further investigation may be required to determine if loss amounts are a true reflection of the financial impact of the reported crime.
Extreme outliers have been removed to limit data skew.

Region breakdown

Data from the regions is produced from the following police forces:

  • London: City of London, Metropolitan

  • South East: Hampshire, Surrey, Sussex, Thames Valley

  • South West: Avon & Somerset, Devon & Cornwall, Dorset, Gloucestershire, Wilshire

  • North West: Cheshire, Cumbria, Greater Manchester, Lancashire, Merseyside, North Wales

  • North East: Cleveland, Durham, Northumbria

  • East: Bedfordshire, Cambridgeshire, Essex, Hertfordshire, Kent, Norfolk, Suffolk

  • East Midlands: Derbyshire, Leicestershire, Lincolnshire, Northamptonshire, Nottinghamshire

  • West Midlands: Staffordshire, Warwickshire, West Mercia, West Midlands

  • Yorkshire & Humber: Humberside, North Yorkshire, South Yorkshire, West Yorkshire

  • Scotland: Police Scotland

  • Wales: Dyfed Powys, Gwent, South Wales

  • Northern Ireland: PSNI

Data where the region was Unknown has not been included. Guernsey, Jersey, and the Isle of Man have not been included in the data.

Cyber security breaches

Identifying cyber security breaches and attacks

Cyber security breaches and cyber attacks remain a common threat.

However, smaller organisations are identifying them less than last year.

This may reflect that smaller organisations are prioritising cyber security less than in previous years, undertaking less monitoring and logging of data breaches or cyber attacks.

So, what have we learnt about data breaches in the past year:

  • 32% of businesses overall can recall a cyber breach or cyber attack within the last 12 months. This was 59% for medium businesses and 69% for large businesses.

  • This is a drop of 18% for businesses compared to last year. This was driven by smaller organisations. Medium and large businesses remained at similar levels.

  • The proportion of micro businesses saying cyber security is a high priority has decreased 15% since last year.

  • It's estimated that the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,100. For medium and large businesses, this was approximately £4,960.

Cyber accreditations and following guidance

Relatively few organisations at present are adhering to recognised standards or accreditations, such as Cyber Essentials or ISO 27001.

  • 49% of businesses report seeking information or guidance on cyber security from outside their organisation in the past year, most commonly from external cyber security consultants, IT consultants or IT service providers.

  • 14% of businesses are aware of the NCSC's 10 Steps guidance. This rises to 32% for medium businesses and 44% for large businesses. 37% of businesses have taken action on 5 or more of the 10 Steps. This is much more common in medium businesses (75%) and large businesses (89%). Only 2% of businesses have enacted all 10 Steps, increasing to 7% for medium businesses and 20% for large businesses.

  • 9% of businesses report adhering to ISO 27001. This is again higher among large businesses (27%).

  • 14% of businesses are aware of the Cyber Essentials scheme. This rises to 50% for medium businesses and 59% for large businesses.

Risk management and supply chains

  • 29% of businesses have undertaken cyber security risk assessments in the last 12 months. This rises to 51% for medium businesses and 63% for large businesses.

  • A similar proportion of businesses deployed security monitoring tools (30%). 53% for medium businesses and 72% for large businesses.

  • 37% businesses report being insured against cyber security risks. This rises to 63% for medium businesses and 55% for large businesses. Cyber insurance appears more common for medium businesses than large ones.

  • 13% of businesses say they review the risks posed by their immediate suppliers. This rises to 27% for medium businesses and 55% for large businesses. The latter result is up 25% from 2022.

Cyber hygiene

The most common forms of cyber hygiene are:

  • Updated malware protection

  • Cloud back-ups

  • Passwords

  • Restricted admin rights

  • Network firewalls

Some areas of cyber hygiene have seen consistent declines among businesses in the last 2 years.

They include:

  • 11% drop in the use of password policies (79% in 2021, vs. 70% in 2023)

  • 15% drop in the use of network firewalls (78% in 2021 vs. 66% in 2023)

  • 11% drop in restricting admin rights (75% in 2021, vs. 67% in 2023)

  • 28% drop in policies to apply software security updates within 14 days (43% in 2021, vs. 31% in 2023).

These trends mainly reflect shifts in the micro business population and, to a lesser extent, small and medium businesses.

Large business results have not changed.

Notable data breaches of 2023

Below, we take a look at the most notable data breaches of 2023:

October data breaches

Sony data breach

Sony Interactive Entertainment has issued a formal notification to approximately 6,800 individuals, encompassing both current and former employees as well as their family members, concerning a potential compromise of personal data earlier this year. In October, it was discovered that cyber attack had exploited a zero-day vulnerability in the MOVEit transfer platform, leading to Sony issuing a data breach notification.

The exploited vulnerability, identified as CVE-2023-34362, has been implicated in extensive cyber attacks. Notably, the ransomware group Clop utilised this vulnerability to extract data from Sony. The initial breach incident occurred in June, but Sony delayed releasing a public statement until October.

Prior to this, on 31 May, MOVEit disclosed a vulnerability in its transfer software. This software is utilised by Sony along with numerous other businesses and organisations, several of which have reported data breaches following this disclosure. On 28 May, two days before the official announcement from MOVEit, Sony had already begun issuing notifications to affected parties, indicating that certain SIE files had been downloaded from its MOVEit platform. This vulnerability was reportedly addressed and resolved in early June, subsequent to which the platform was temporarily taken offline.

Air Europa data breach

In October 2023, Air Europa, Spain's third-largest airline and a member of the Sky Team Alliance, experienced a significant cyber attack targeting its online payment system. Security analysts have determined that this cyber attack persisted for approximately nine days, impacting roughly 110,000 customers.

During this breach, attackers successfully obtained sensitive customer data, including card numbers, expiration dates, and CVV codes. Air Europa promptly notified affected customers about the data breach and recommended the cancellation of any credit cards used on their system. There is evidence to suggest that the data acquired in this attack has been offered for sale on the dark web. Air Europa has accepted full responsibility for the breach, although the identity of the attackers remains unknown, with no claims of responsibility from any known hacking groups.

Casio data breach

Casio, a renowned Japanese electronics company, has disclosed a data breach affecting customers across 149 countries. The breach, which targeted the servers for Casio’s ClassPad education platform, was first detected on 11 October following an issue with a ClassPad database. By 12 October, it was confirmed that unauthorized access to personal customer information had occurred. This information includes names, email addresses, countries of residence, and purchase details such as payment methods and licence codes.

In total, it has been disclosed that 91,921 Japanese customer credentials were accessed, including those of 1,108 educational institutions. Additionally, records of 35,049 international customers from 148 different countries and regions were compromised in this breach.

September

Ministry of Defence data breach

In August 2023, the LockBit ransomware group, based in Russia, breached the UK’s Ministry of Defence (MoD) through MoD contractor Zaun, a Wolverhampton fencing system manufacturer. The cyber attack led to the release of thousands of sensitive documents online. The compromised data includes information on key military and security sites, such as the Porton Down chemical weapon laboratory, HMNB Clyde nuclear submarine base, and a GCHQ surveillance station. Additionally, detailed blueprints and site maps of crucial military locations, including some British Army and Category A prison facilities, were exposed.

Save the Children data breach

Save the Children fell victim to a cyber attack by the ransomware group BianLian in September, with 6.8TB of data stolen, including personal, HR, and financial records. Despite the breach, the charity, which employs 1,300 staff in 100 countries, assured that their operations remained unaffected. They are currently working with cybersecurity experts to investigate and reinforce their data protection measures.

Airbus data breach

Airbus is investigating a data breach after a hacker, using the alias 'USDoD', claimed to have posted personal information of 3,200 Airbus employees on the dark web. Cybercrime intelligence firm Hudson Rock reported the breach, which apparently originated from a compromised Turkish Airline employee's account. The stolen data includes email addresses, job titles, and contact details of affected employees.

August data breaches

Metropolitan Police Service data breach

The Metropolitan Police Service is investigating a potential data breach involving unauthorised access to their print supplier, Digital IT’s IT system. Sensitive data compromised includes officers' names, ranks, photos, vetting levels, and pay numbers. Digital IT, which also produced ID cards for entities like the BBC, ITV, Mitie, and Royal Mail, noted that the breach did not affect those organisations as they load data in-house.

Duolingo data breach

In January 2023, data from 2.6 million Duolingo users was offered for sale on the now-defunct Breached hacking forum for $1,500. The leaked data includes both public (login and real names) and private (email addresses and internal service data) information. The exposure of email addresses raises concerns about a potential targeted cyber attack on users.

Electoral Commission data breach

The UK Electoral Commission disclosed a breach from August 2021, discovered in October 2022, which exposed data of 40 million voters. The identity of the attackers remains unknown, with speculation ranging from a state actor to cybercriminals. The breach involved access to electoral registers from 2014 to 2022 but is considered unlikely to impact election outcomes due to the UK's paper-based election system.

PSNI (Police Service of Northern Ireland) data breach

In August, the PSNI experienced a data breach where details of all serving members and staff were accidentally published online for about three hours following a Freedom of Information request. This breach included surnames, initials, ranks, work locations, and departments, but did not reveal private addresses. It notably exposed officers in sensitive units, including those stationed at the MI5 HQ in Northern Ireland.

May

Tesla data breach

Cyber Security News reports a significant data leak at Tesla, involving thousands of safety complaints. The leak, originating from a whistle-blower who handed over approximately 100GB of data to the German newspaper Handelsblatt, includes over 2,400 complaints about self-acceleration and 1,500 about brake issues in Tesla's Full Self-Driving features from 2015 to March 2022. The whistle-blower provided 23,000 files, detailing safety concerns, over 1,000 collision accounts, and sensitive customer and employee information such as phone numbers, salaries, and bank details.

Capita data breach

Capita, a key outsourcing and professional services firm, experienced a cyber attack impacting about 90 organisations, including services for local councils, the military, and the NHS, leading to significant IT outages in March 2023. The Pension Regulator (TPR) has contacted over 300 pension funds to assess the impact.

Additionally, The Guardian reported a second breach in May where Capita inadvertently left benefits data in publicly accessible storage. This breach has led to several councils reporting compromised data. The Information Commissioner’s Office (ICO) is advising organisations using Capita’s services to assess the impact of these data breaches.

April data breaches

American Bar Association (ABA) data breach

Bleeping Computer reports that the American Bar Association, the world's largest legal professional association, experienced a data breach affecting 1,466,000 members. This breach, detected on 17 March following unauthorised access on 6 March, potentially exposed outdated member login credentials from a system decommissioned in 2018. Although these credentials were hashed and salted, there's a risk of misuse over time, particularly if members haven't updated their original passwords.

Kodi data breach

In February, an inactive Kodi MyBB forum admin account was compromised, leading to the theft of user records and private messages. According to The Hacker News, the breach affected 400,635 users, exposing forum posts, user messages, and general credentials, including encrypted passwords. The data was later offered for sale on the now-defunct BreachForums. Kodi has taken down its MyBB forum and plans to relaunch with a new server and updated software. A global password reset is underway as a precaution, and users are advised to update their passwords on other sites if they match their Kodi forum credentials. Enhanced security measures, particularly around admin access, are being implemented to prevent similar incidents.

March

PayPal data breach

PayPal experienced a security breach in December 2022, affecting the personal and financial details of nearly 35,000 users. It was reported that the breach, occurring between 6 and 8 December, was fully investigated by 20 December. Affected users were notified on 23 January about potential exposure of sensitive data, including social security and bank account numbers, along with PayPal balances. The method of credentials acquisition remains unspecified by PayPal. In response to user dissatisfaction and ensuing lawsuits, PayPal has offered free credit monitoring and identity theft protection services and advises users to update passwords and monitor for any unusual account activity.

AT&T data breach

AT&T informed BleepingComputer that the Customer Proprietary Network Information (CPNI) of approximately 9 million wireless customers may have been accessed. This data includes names, account and phone numbers, email addresses, and certain details about rate plans and payment history. The exposure reportedly relates to device upgrade eligibility checks and was not due to a compromise of AT&T's systems.

February

TMX Finance data breach

TMX Finance, a Canadian financial company, began notifying 4,822,580 customers of a data breach on 30 March. Bleeping Computer reports that the company detected suspicious activity on 13 February, with customer data, including social security and driver’s licence numbers, financial, and tax information, likely compromised between 3 and 14 February. While TMX believes the situation is now under control, they are enhancing security measures and offering affected customers a free 12-month identity protection service through Experian, including a security freeze.

TruthFinder & Instant Checkmate data breach

BleepingComputer revealed that on 21 January, a 2019 backup database of PeopleConnect’s background check services, TruthFinder and Instant Checkmate, was leaked. This database contained information on 20.22 million users, with customer accounts dating from 2011 to 2019. The data includes personal information and encrypted passwords, along with expired or inactive password reset tokens, but no payment details or user data.

January data breaches

JD Sports data breach

JD Sports informed the Information Commissioner’s Office about a data breach affecting roughly 10 million online customers, including those shopping at Size?, Blacks, and Millets at the end of 2022. The breach compromised limited data, including names, phone numbers, order details, and the last four digits of payment cards. Full payment details were not exposed. JD Sports is currently working with cybersecurity experts to investigate and prevent future incidents.

T-Mobile data breaches

T-Mobile experienced a security breach detected on 5 January, with the company responding within 24 hours to halt the malicious activity. The breach, part of a series of security incidents since 2018, compromised customer data from 37 million accounts dating back to around 25 November 2022. The accessed information included names, birth dates, and phone numbers. However, it was reported that passwords, PINs, bank account, credit card information, social security numbers, and other government IDs were not disclosed.

Zurich Insurance (car insurance) data breach

A data leak at Zurich Insurance affected 757,463 holders of the "Super Automobile Insurance" in Japan. The breach, originating from an external service provider, exposed names, gender, birth dates, email addresses, and policy numbers. The Switzerland Times confirms that customers outside Japan were not impacted, and crucial financial data like credit card and bank account information remained secure.

Frequently Asked Questions (FAQs)

 

What is Action Fraud?

Action Fraud is the UK’s national reporting centre for fraud and cyber crime where individuals or organisations report fraud if they have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.

The centre is run by the City of London Police working alongside the National Fraud Intelligence Bureau (NFIB) who are responsible for assessment of the reports and to ensure that the fraud reports reach the right place. The City of London Police is the national policing lead for economic crime.

What is the National Fraud Intelligence Bureau (NFIB)?

The National Fraud Intelligence Bureau (NFIB) sits alongside Action Fraud within the City of London Police, which is the National policing lead for economic crime.

The NFIB gets it data through three main channels:

  • Reports from individuals and small businesses (coming either directly or via a police force) made to Action Fraud on the phone or online.

  • Fraud data from industry and the public sector which includes banking, insurance, telecommunications and government departments.

  • A variety of intelligence sources including, but not limited to, national and international police crime/intelligence systems.

What is cyber crime?

Cyber crime refers to criminal activities that are carried out using computers, networks, or the internet. It involves illegal actions in the digital realm that aim to exploit individuals, organisations, or computer systems for financial gain, malicious intent, or disruption.

In simpler terms, cyber crime is like a digital version of traditional crime, where criminals leverage technology and the interconnectedness of our digital world to commit unlawful acts.

These acts can include:

  • Hacking into computer systems to steal sensitive information

  • Conducting online fraud or scams

  • Spreading malware or viruses

  • Identity theft

  • Cyberbullying

  • Launching large-scale cyber attacks on businesses or governments

Cyber crime poses significant risks as it can lead to financial loss, data breaches, reputational damage, and disruption of critical services.

It affects individuals, businesses, and society as a whole.

To combat cyber crime, it is essential to have robust cyber security measures in place, stay informed about emerging cyber threats, and adopt safe online practices to protect one's digital assets.

Additionally, law enforcement agencies, governments, and international organisations work together to investigate and prosecute cyber criminals, aiming to maintain a safe and secure digital environment for everyone.

How much does cyber crime cost the UK?

Business

According to the UK Government, the estimated economic cost of cyber crime to UK businesses is £21bn per annum.

This estimate includes:

  • £9.2bn per annum from IP theft, which is likely to have the largest impact on companies that create significant quantities of IP or those whose IP is relatively easy to exploit

  • £7.6bn per annum from industrial espionage (involving the theft and exploitation of non IP-related data), which affects companies involved in open-tendering competitions, that rely on large numbers of financial transactions or that are affected (or can be affected) by large share price movements

  • £2.2bn per annum from extortion, with large companies being targeted (Estimates are largely illustrative because it's believe this type of cyber crime goes largely unreported)

  • £1.3bn per annum from direct online theft, with cyber criminals targeting support services, financial services, the construction and materials industry, and the not-for-profit sector

  • £1bn per annum from the loss or theft of customer data, with the significant majority of the impact falling on large companies with more than 500 employees.

Many UK businesses are investing in stronger physical security, such as:

  • Segregated networks

  • Advanced intruder detection hardware

  • Training initiatives to increase their employees’ awareness

Individuals

It is estimated that the economic cost of cyber crime to UK individuals is £3.1bn per annum.

This estimate includes:

  • £1.7bn per annum for identity theft

  • £1.4bn per annum for online scams

  • £30m per annum for scareware and fake anti-virus software.

Individuals can help themselves to reduce the impact of cyber crime by ensuring that they take a number of sensible precautions to stay safe online, such as:

  • Installing a firewall

  • Regularly patching or updating software applications

  • Using legitimate anti-virus software.

They could also take out specialist insurance to protect against the impact of identity theft.

No defences are fool proof, though, and even well-prepared individuals may suffer a range of costs as a consequence of and in responding to cyber crime.

The prevalence of these types of cyber crimes means that their aggregate effect is detrimental to the UK economy.

Furthermore, this could create additional knock-on effects.

For example:

A loss of confidence in services such as online banking.

Why are cyber crimes increasing?

Cyber crimes are increasing due to:

  • Digital dependency

  • Financial incentives

  • Evolving techniques

  • Global operations

  • Lack of awareness

  • Rapid technological advancements.

These factors expand the target pool, attract criminals with financial gains, enable sophisticated attacks, complicate investigations, exploit vulnerabilities, and outpace security measures.

Mitigation requires awareness, cybersecurity measures, cooperation, and technological advancements.

Who are affected by cyber crimes?

Cyber crimes affect a wide range of individuals, organisations, and entities, including:

Individuals

Cyber crime can directly impact individuals through various forms of online fraud, identity theft, phishing attacks, cyber bullying, and other malicious activities.

Personal data breaches can lead to financial loss, damage to reputation, emotional distress, and invasion of privacy.

Businesses

Small, medium, and large businesses are all potential targets of cybercrime.

Data breaches, ransomware attacks, intellectual property theft, and business email compromise can result in financial losses, disruption of operations, compromised customer data, and harm to brand reputation.

Cyber crimes can particularly impact industries handling sensitive information like healthcare, finance, and e-commerce.

Governments

Cyber crime poses a significant threat to government agencies and public institutions.

State-sponsored cyber attacks, hacking attempts on critical infrastructure, espionage, and information warfare can undermine national security, compromise sensitive data, and disrupt essential services.

Charities

Charities are not immune to cyber threats.

They can be targeted for financial gain, activism purposes, or to compromise their operations.

Cyber attacks on non-profits can lead to financial loss, reputational damage, and hinder their ability to carry out their mission effectively.

Critical infrastructure

Cyber attacks on critical infrastructure, including power grids, transportation systems, and healthcare facilities, are some of the most severe cyber crimes. They can have severe consequences.

Disruption or manipulation of these systems can cause widespread chaos, jeopardise public safety, and impact essential services upon which society relies.

Society at large

Cyber crime impacts society as a whole by eroding trust in online platforms, compromising privacy, and creating a sense of vulnerability.

The financial burden of cyber crimes, including the costs of prevention, recovery, and legal proceedings, ultimately affects individuals and businesses, contributing to economic implications on a broader scale.

Addressing cyber crime requires collective efforts from individuals, organisations, governments, and law enforcement agencies to enhance cyber security measures, raise awareness, and develop strategies to combat cyber threats effectively.

How often does cyber crime occur?

Cyber crime occurs on a constant and pervasive basis in today's digital landscape.

The frequency of cyber crime incidents can vary widely, and it is challenging to provide an exact figure due to the vast number of unreported or undetected incidents.

However, the following points provide insights into the prevalence of cyber crime:

Global reach

Cyber crime has a global reach and affects individuals, businesses, and organisations across the world.

It knows no borders or time zones, and cyber criminals can target victims from anywhere.

Growing numbers

The number of reported cyber crime incidents continues to rise year after year.

This includes various forms of attacks such as:

  • Data breaches

  • Phishing attacks

  • Ransomware attacks

  • Identity theft

  • Online fraud.

Underreporting

It is important to note that many cyber crime incidents go unreported.

Victims may hesitate to report due to factors such as concerns about reputation damage, lack of awareness, or limited confidence in law enforcement's ability to address the issue effectively.

This further complicates the accurate measurement of the true extent of cyber crime occurrence.

Evolving tactics

Cyber criminals constantly evolve their tactics and exploit emerging technologies and vulnerabilities.

As technology advances, new attack vectors are discovered and exploited, leading to an ongoing cat-and-mouse game between cyber criminals and cyber security professionals.

Industry-specific trends

Certain industries, such as finance, healthcare, and e-commerce, tend to be frequent targets of cyber crime due to the potential for financial gain or the value of sensitive data they possess.

However, cyber criminals can target any industry or individual, depending on their motivations.

To effectively combat cyber crime, it is essential for individuals, organisations, and governments to remain vigilant, implement robust cyber security measures, and stay informed about the latest threats.

Collaboration, information sharing, and continuous advancements in cyber security technologies are crucial in the ongoing battle against cyber criminals.

What is eavesdropping in cyber crime?

In the context of cyber crime, eavesdropping refers to the unauthorised interception and monitoring of electronic communications or data transmissions. It involves the covert act of listening in on private or confidential conversations, either in real-time or by accessing stored data.

I ain't been dropping no eaves, sir, honest! LOTR

Eavesdropping can take place in various forms, including:

  • Network Eavesdropping: Cyber criminals can intercept and monitor network traffic, such as emails, instant messages, or Voice-over-IP (VoIP) calls, by gaining unauthorised access to network infrastructure or utilising specialised tools. They can capture and analyse the data transmitted over the network, potentially accessing sensitive information or confidential communications.

  • Wi-Fi Eavesdropping: Public Wi-Fi networks, which are often unsecured or improperly configured, can be exploited by cyber criminals for eavesdropping. By intercepting the wireless signals, they can monitor the communications of unsuspecting users, capturing usernames, passwords, or other confidential information.

  • Malware-based Eavesdropping: Malicious software, such as keyloggers or spyware, can be deployed on a victim's device to record keystrokes, capture screenshots, or secretly activate the microphone or camera. This allows cyber criminals to gather sensitive information or eavesdrop on conversations without the user's knowledge.

The primary objective of eavesdropping in cyber crime is to gather valuable information for various malicious purposes, including identity theft, corporate espionage, financial fraud, or blackmail.

Eavesdropping attacks can compromise privacy, confidentiality, and the security of individuals, organisations, and even governments.

To protect against eavesdropping, individuals and organisations should employ encryption technologies, such as using secure communication protocols (e.g., HTTPS, VPN), utilizing end-to-end encryption for messaging apps, and being cautious when connecting to public Wi-Fi networks.

Regularly updating and patching software, using robust anti-virus and anti-malware solutions, and practicing safe browsing habits also contribute to reducing the risk of eavesdropping attacks.

What are the common types of cyber crime?

Phishing Attacks

Phishing attacks involve sending fraudulent emails that appear to come from legitimate sources. The goal is to trick the recipient into revealing sensitive information like passwords or credit card numbers.

Ransomware Attacks

Ransomware attacks involve encrypting a victim's files and demanding payment for their release. Increasingly, ransomware attacks also include threats to leak sensitive data, if the ransom is not paid.

Identity Fraud

Identity fraud involves cyber criminals gather personal information through various means, like hacking or phishing attacks, to impersonate an individual and commit fraud, such as opening new accounts or making purchases.

DDoS Attacks (Distributed Denial of Service)

In a DDoS attack, a large number of compromised computers are used to flood a target website with traffic, making it inaccessible to legitimate users.

Malware

This is any software specifically designed to harm or exploit computer systems, including viruses, worms, and Trojans.

SQL Injection

This involves inserting malicious SQL code into a website or database, enabling the attacker to view, edit, or delete content.

Man-in-the-Middle Attacks

Here, the attacker intercepts communications between two parties to eavesdrop or impersonate one of the parties, usually to gain sensitive information.

Social Engineering

This involves manipulating people into divulging confidential information. Unlike phishing attacks, social engineering can occur in person or over the phone, as well as online.

Credential Stuffing

Attackers use stolen usernames and passwords to gain unauthorised access to multiple accounts, relying on the fact that people often reuse the same login details across different platforms.

Cyberstalking

This involves tracking someone's online activities and/or real-life movements, often involving harassment and intimidation.

Zero-Day Exploits

These are attacks that target unpatched vulnerabilities in software. Because the vendor has not yet issued a patch, the software remains vulnerable to exploitation.

Final thoughts

The comprehensive cyber crime statistics from across the UK paint a clear picture:

Cyber-enabled crime is a widespread and evolving threat, impacting individuals and organisations alike.

The staggering financial losses reported, especially in cases of consumer, banking, and investment fraud, underline the depth and severity of this issue.

Notably, the impact of these crimes varies significantly across different regions and demographics, suggesting a need for targeted prevention and education strategies.

For organisations, particularly SMEs, the threat is significant, with substantial losses indicating the importance of robust cyber security measures.

Alarming trends, such as the rise of AI-driven cyber attacks and the prevalence of Ransomware-as-a-Service, demonstrate the sophistication of modern cyber threats. These evolving techniques challenge traditional security measures, necessitating advanced and adaptive responses.

However, a decline in prioritisation of cyber security, especially among smaller businesses, alongside a reduction in basic cyber hygiene practices, raises concerns. This decrease in vigilance may lead to increased vulnerabilities and a higher likelihood of successful attacks.

In conclusion, these statistics and trends strongly advocate for a proactive approach to cyber security.

It is imperative for both individuals and businesses to stay vigilant, adopt robust security measures, and continuously educate themselves to navigate the ever-changing landscape of cyber crime effectively.

 

We really hope you enjoyed our report on the latest cyber crime statistics in the UK. We plan to update them every quarter, so feel free to come back for more 😊 

Now we’d like to hear from you:

Do you have any further questions about Cyber Security?

Perhaps you are considering it at the moment for your business?

Either way, let us know your thoughts.

 

Sources:

National Crime Agency
Action Fraud
NFIB Fraud and Cyber Crime Dashboard
NCSC
UK Gov
Surf Shark
Money.co.uk

 

Back to the blog.

Sign up to our newsletter

The latest insights, articles, and resources direct to your inbox.