Computer misuse crimes down 9% on last year in England and Wales, says Office of National Statistics

But take that with a pinch of salt

Computer misuse crimes across England and Wales have declined over the past year – with credential theft attacks remaining more or less flat in the pre-COVID reporting period.

The Crime Survey of England and Wales (CSEW) recorded a total of 876,000 incidents of computer misuse affecting 743,000 adults across the UK over the past year, a figure that was down by 9 per cent on 2019's total of 966,000 incidents.

In the 12 months to March 2020 the CSEW recorded 360,000 "computer virus" incidents across Britain in the year to March, of which 253,000 resulted in precisely zero financial losses. A further 516,000 computer misuse reports, making up the rest of the year's total, concerned "unauthorised access to personal information".

These latest statistics are, however, drawn from the Crime Survey of England and Wales, meaning they should be taken as an indication rather than authoritative measure of crime levels. Rather than being a measure of raw reports, Office of National Statistics spreadsheet wranglers interpret and filter the data before it is compiled, as an ONS blog post from 2019 explained.

The stats themselves are gathered by interviewing victims of crime, with so-called "victimless" crimes being excluded along with crimes against students, pensioners in care homes, businesses and the public sector.

George Glass, head of threat intel at infosec biz Redscan, opined that these exclusions made the survey of limited use, saying in a statement: "Despite huge reported increases in hacking and malware incidents, I still think this latest Crime in England and Wales report paints an inaccurate picture of computer misuse and online fraud cases in the UK."

Computer misuse was first included in the CSEW's full survey in 2017, following years of trials.

The bundling of fraud together with computer misuse offences shows how government tends to view "hacking" as an economic matter. From The Register's previous court case coverage, computer-focused criminality tends to be a bit broader than just money-oriented crooks stealing cash.

Britain's infosec industry has repeatedly called for the Computer Misuse Act to be reformed, pointing out that the law criminalises some threat intel research in a way that allows other countries to surge ahead of the UK sector. So far these pleas have fallen on deaf ears in government.

In recent computer misuse news, North Yorkshire Police claimed, without providing corroborating details, to have cautioned a man for using Tor to access his former employer's cloud-based systems. The same police force separately said it had sacked 10 of its own workers over the past two years for computer misuse-based naughtiness at work. ®

Biting the hand that feeds IT © 1998–2021