In the 12 months to June, the Crime Survey for England and Wales (CSEW) reckoned that the number of computer misuse crimes had fallen – but also revealed that much-derided police initiative Action Fraud was passing fewer crimes, proportionately, to police for proper criminal investigation.
Action Fraud acts as a central reporting point for online crimes and is outsourced to a call centre company. Only a small proportion of reports made to Action Fraud are ever looked at by the police, as various recent investigations have found.
The Office of National Statistics said in a statement explaining the crime figures that "variations existed within the subcategories of 'computer viruses' and 'unauthorised access to personal information (including hacking)'".
Comparing figures from July 2017 to June 2018, and for July 2018 to June this year, "computer misuse" crimes fell by 13 per cent from 1.1m to 977,000 and "computer virus" crimes by 27 per cent from 607,000 to 442,000. The survey asked around 30,000 adults each year for their experiences of being crime victims.
Reported data breaches increased a touch by 4 per cent from 514,000 to 535,000.
Buried in among the usual government disclaimers with the ONS's crime survey bulletin was an assertion by the CSEW that it "is able to capture some of these unreported offences", citing "the large difference in volume of computer misuse offences between the two sources – 977,000 offences estimated by the CSEW compared with 20,329 offences referred to the [National Fraud Intelligence Bureau] by Action Fraud."
Mike Fenton, CEO at pen-testing biz Redscan, opined that these ONS figures were wrong and compared them to recent news stories from elsewhere.
"The fact that the statistics include just 20,000 offences reported against businesses to the National Fraud Intelligence Bureau by Action Fraud shows that the data is deeply flawed," he said, adding: "Until the reporting of computer misuse crime improves, data like this should be taken with a large pinch of salt. The fight against cyber threats is a key issue that businesses need to prioritise and misleading headlines don't do anyone any favours."
Action Fraud have not commented yet. But clearly something needs to be done about this continuing situation.
Also see: What is the Computer Misuse Act?