There were 2.5 million cybercrime incidents and 5.1 million estimated cases of fraud in the past year, according to new Office of National Statistics figures.
Recording cyber for the first time in a bid to improve the quality of its stats, the ONS conducted a “large scale field trial” between May and August from which it estimated the number of incidents in England and Wales in the 12 months prior to interview.
The 5.1 million incidents of fraud affected 3.8m adult victims with just over half the cases involving financial loss.
Some 2.5m incidents fell under the Computer Misuse Act, with the most common—around two million—being “where the victim’s computer or other internet enabled device was infected by a virus.”
The remainder related to “incidents where the respondent’s email or social media accounts had been hacked.”
Despite sensational headlines in many national newspapers this morning, cybercrime was not added to the overall crime statistics—which actually showed an 8% decrease since last year’s study to an estimated 6.5m incidents.
This is the lowest estimate since the Crime Survey for England and Wales (CSEW) began in 1981, the ONS said.
However, police recorded crime rose 5% to 4.3 million offences in the year ending June 2015.
The ONS said it was starting to record fraud and cybercrime “to better inform decision makers” whether, despite overall crime levels dropping, there’s a case for saying criminals are merely swapping the physical world for online channels.
However, its work doesn’t yet include incidents involving organizations, and so the 2.5 million figure is likely to fall well short of the mark in assessing the true scale of cybercrime in the UK.
Cisco UK&I cybersecurity director, Terry Greer-King, argued it was right that the ONS was starting to look at cyber.
"The pervasiveness of cybercrime cannot be underestimated. The frequency and complexity of high profile cyber-attacks of late attests that there are essentially two types of companies today; those that have been hacked and those that don’t yet know they have been hacked,” he added.
“Businesses need to be on the front foot, which involves prioritising security throughout the entire business and adopting a holistic cybersecurity policy that address the entire threat continuum—before, during and after an attack.”
Louise Pordage, senior manager in KPMG’s Cyber Security practice, argued that there’s still not enough clarity around the scale of cybercrime in the UK.
“Getting a better view of cybercrime matters to individuals, corporations and the government,” she added. “It also drives home the point that we all need to consider our security online and take sensible precautions to protect ourselves.”