If there were almost a million computer misuse crimes last year, Action Fraud is only passing 2% of cases to cops
You know my stats don't lie and I'm starting to feel it's wrong
Action Fraud (AF) is referring fewer computer misuse cases to police investigators despite official statistics showing nearly a million offences were reported last year.
In the 12 months to June this year, the Crime Survey for England and Wales (CSEW) reckoned that the number of computer misuse crimes had fallen – but also revealed that much-derided police initiative Action Fraud was passing fewer crimes, proportionately, to police for proper criminal investigation.
AF acts as a central reporting point for online crimes and is outsourced to a call centre company. Only a small proportion of reports made to AF are ever looked at by real police workers, as various recent investigations have found.
The Office of National Statistics (ONS) said in a statement explaining the crime figures that "variations existed within the subcategories of 'computer viruses' and 'unauthorised access to personal information (including hacking)'".
Comparing figures from July 2017 to June 2018, and for July 2018 to June this year, "computer misuse" crimes fell by 13 per cent from 1.1m to 977,000 and "computer virus" crimes by 27 per cent from 607,000 to 442,000. The survey asked around 30,000 adults each year for their experiences of being crime victims.
Reported data breaches increased a touch by 4 per cent from 514,000 to 535,000.
Buried in among the usual government disclaimers with the ONS's crime survey bulletin was an assertion by the CSEW that it "is able to capture some of these unreported offences", citing "the large difference in volume of computer misuse offences between the two sources – 977,000 offences estimated by the CSEW compared with 20,329 offences referred to the [National Fraud Intelligence Bureau] by Action Fraud."
Mike Fenton, CEO at pen-testing biz Redscan, opined that these ONS figures were wrong and compared them to recent news stories from elsewhere.
"The fact that the statistics include just 20,000 offences reported against businesses to the National Fraud Intelligence Bureau by Action Fraud shows that the data is deeply flawed," he said, adding: "Until the reporting of computer misuse crime improves, data like this should be taken with a large pinch of salt. The fight against cyber threats is a key issue that businesses need to prioritise and misleading headlines don't do anyone any favours."
Action Fraud has been asked to comment.
Earlier this year The Register did some number-crunching of its own to show that there is a 16 per cent chance of being jailed if you're found guilty of a crime under the Computer Misuse Act 1990. In July a handful of British infosec firms wrote to the prime minister asking for reforms to the CMA which would encourage more active infosec research. ®