In its first year of inclusion in the UK’s crime estimates for England and Wales, cybercrime placed right near the top of the list of the most common criminal offenses.
The Office for National Statistics (ONS), the official provider of UK data, added questions about digital offenses to its regular survey about crimes that took place in the 12 months to June. The results, disclosed last month, indicate that there were nearly 2.5 million incidents of computer misuse—which includes about 400,000 incidents of hacking or other unauthorized access to personal information, and nearly 2.1 million reports of computer viruses.
The only category with a higher incidence rate: fraud, which totaled 5 million offenses, including bank and payment card fraud. Just more than half the fraud offenses involved a financial loss to the victim. Of those cases, 78% resulted in some sort of financial restitution.
Overall, the fraud category swelled from the 3.8 million incidents in the previous year. But this wasn’t a big surprise—ONS was expecting millions of additional incidents to be reported once it widened the scope of its survey this year, for the first time, to specifically include online fraud, as well as computer misuse offenses.
Stephen Wares, a cyber risk practice leader at the insurance company Marsh, says the inclusion of cybercrime statistics was a long time coming and a culmination of several concerning incidents in the UK. Most notably, a group of hackers identified as “Null” stole information from the UK Ministry of Defense’s internal network in November 2012.
Wares believes the lag in cybercrime reporting is related to the country’s approach to security-breach laws. While in the US, all but three states (Alabama, New Mexico, and South Dakota) require full disclosure to both federal law enforcement and consumers when personal information is hacked, the UK Data Protection Act of 1998 does not mention a cybercrime protocol.