lolloj - Fotolia

ONS cyber crime stats 'tip of iceberg', say experts

Adding the traditional and cyber crime estimates together gives a total of 14.5 million for the past year, which is below the 1995 peak of 19 million, but well above last year’s estimate

The cyber crime estimates published by the Office of National Statistics (ONS) for England and Wales could be just the tip of the iceberg, according to security experts.

There were 2.5 million cyber crime offences between May and August 2015, an average of 625,000 a month, according to a large-scale field trial included in the ONS annual crime report for the first time.

The trial was carried out in response to the on-going debate about whether the levels of cyber crime have risen to such a degree that they make up for the long-term falls in traditional types of crime.

Questions used in the field trial will be added to the next ONS annual crime survey, starting in October 2015.

Adding the traditional and cyber crime estimates together gives a total of 14.5 million for the past year, which is below the 1995 peak of 19 million, but well above last year’s estimate.

“It is important to recognise that these new data are not simply uncovering new crimes, but finding better ways of capturing existing crime that has not been measured well in the past. However, it is not possible to say whether these new figures represent an increase or decrease compared with earlier levels,” the ONS said.

The most common cyber crimes as defined by the Computer Misuse Act were where a victim's device was infected by a virus or where emails or social media accounts had been hacked.

Although 625,000 cyber crimes a month on average is a significant number, the real number could be a lot higher, according to Louise Bulman, vice-president for Europe at security firm Vormetric.

“We only need to look back on the litany of data breaches that have taken place indiscriminately over the past year to know how adept today’s hackers are at hiding their tracks and how long it takes for data breaches to come to light,” she said.

James Murphy, associate director, defence and security at techUK, said given that cyber crimes are often under-reported, the actual figure is likely to be higher than that published by the ONS.

“The only way we can successfully tackle the growing threat to people and businesses is for police, industry and victim support to work together to better protect and prevent against such crimes,” he said.

Data a valuable currency

According to Bulman, data is a valuable currency and cyber criminals are becoming more proficient in their quest to steal it.

“For businesses, this has greatly increased the risk of reputational damage and requires an urgent step change in current data security policies, particularly as consumers are rapidly losing patience with those who cannot protect their private information effectively,” she said.

Read more about cyber crime

If businesses do not make a concerted effort to stem the tide of cyber crime, Bulman said the cyber crime figures will continue to rise.

“True data security requires a combination of technologies to reduce the attack surface available – limiting the who, what, when, where and how of data access, and keeping a careful eye on those with a legitimate need to access it by monitoring their data access patterns for behaviour that may indicate an attack in progress,” she said.

In the past, organisations encrypted only what they were forced to protect by compliance requirements, said Bulman, but advances in technology mean that it is now faster and easier to secure more data with encryption than ever before.

“Encryption can be applied to wherever the data resides. Ultimately, for companies serious about safeguarding customer data and, by proxy, their own intellectual property, then adopting a default strategy of ‘encrypt everything’ is quickly becoming the only reasonable way to retain, and maintain, the upper-hand in the fight against cyber crime and keep fraud at a respectable level,” she said.

Cyber crime taken seriously

David Kennerley, senior manager for threat research at cyber security firm Webroot, said the inclusion of cyber offences in the ONS survey shows that it is being taken seriously as a crime.

“There’s a common misconception that cyber crime is somehow victimless – this is far from the case. Recent attacks such as Dridex, which was used to steal £20m from UK bank accounts, show just how damaging they can be to all parties involved,” he said.

Louise Pordage, senior manager in KPMG’s cyber security practice, said it is important to get more clarity around the impact of cyber crime against the UK economy.

“Getting a better view of cyber crime matters to individuals, corporations and the government. It also drives home the point that we all need to consider our security online and take sensible precautions to protect ourselves.

“Our world is becoming digital and so is organised crime. The incorporation of these figures into the Crime survey of England and Wales is a vital first step towards a more robust reporting regime for cyber crime, and an important recognition that such crimes can have every bit as much of an impact on our lives as more conventional crime,” she said.

Read more on Hackers and cybercrime prevention