The Office for National Statistics (ONS) most recent Crime Survey for England and Wales (CSEW) has revealed that computer misuse cases rose 37% in the year ending March 2024, bucking a general trend of decline.
The CSEW first started tracking computer misuse in the year ending (YE) March 2017, which saw roughly 1.8 million incidents. By March 2023, this number had fallen to 745,000. In March 2024, however, computer misuse incidents rose dramatically to 1 million.
However, increases of this nature are not uncommon. Despite a general trend of decline in computer misuse cases, the CSEW has reported spikes in such incidents in previous years: in YE March 2022, for example, computer misuse rose to 1.6 million incidents, 89% more than YE March 2020.
What is Computer Misuse?
The ONS defines computer misuse as “when fraudsters hack or use computer viruses or malware to disrupt services, obtain information illegally, or extort individuals or organizations.”
The CSEW Methodology
It’s worth briefly explaining the methodology CSEW uses. It is an interviewer-administered face-to-face victimization survey of people aged 16 years and over who reside in English and Welsh households. As such, it’s important not to view the CSEW as an authoritative source of computer misuse statistics. Instead, it is an indicator of general trends over time.
The advantage of this type of survey is that the results are unaffected by changes in levels of police reporting—the latest CSEW estimates show that only about 1 in 14 computer misuse offenses are reported to the police or Action Fraud. In contrast, the downside is that the results are unlikely to be entirely accurate.
It is worth noting, however, that the National Fraud Intelligence Bureau (NFIB) - which records computer misuse offenses and refers those with solid investigative leads to the police – also reported an increase in computer misuse, with cases rising from 26,604 to 40,832 for YE March 2024 compared to the previous year.
What’s Driving Computer Misuse?
According to the CSEW, the rise in computer misuse is mainly due to a spike in incidents involving unauthorized access to personal information (including hacking), which rose by 42% to 883,000 from March 2023 to March 2024. The same was true for the rise in computer misuse from March 2022 to March 2020.
There are several likely reasons behind high rates of cyber security breaches, unauthorized access to personal data, and, ultimately, computer misuse. AI technologies like large language models (LLMs), for example, have helped to essentially democratize cybercrime, allowing even inexperienced or incompetent attackers to craft convincing phishing emails.
Similarly, the increasing prevalence of Cybercrime-as-a-Service packages has also lowered the bar to entry for cybercriminals. These models involve more experienced cybercriminals selling pre-made tools – such as Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) models – and advice on the dark web. Combining these packages with the aforementioned ability to craft phishing messages with LLMs makes launching a successful cyberattack easier.
Unfortunately, individual organizations bear the primary responsibility for protecting against computer misuse. So, here are some high-level best practices to help combat computer misuse, particularly unauthorized access to personal data.
The Broader Picture
The CSEW notes that these incidents don’t only impact individuals: findings from the Cyber Security Breaches Survey 2024 showed that half of businesses (50%) and around a third of charities (32%) reported experiencing some form of cyber security breach or attack in the last 12 months.
That same survey found that phishing (84% of businesses and 83% of charities) is by far the most common type of breach or attack in the UK. It is followed far behind by others impersonating organizations in emails or online (35% of businesses and 37% of charities) and viruses or other malware (17% of companies and 14% of charities).
However, the cost of these breaches is less than one might expect when reading cybersecurity newsfeeds. Far from ransoms worth millions of dollars, the survey estimates the single most disruptive breach from the last 12 months cost each business of any size an average of approximately £1,205. For medium and large companies, this rises to approximately £10,830; for charities, it falls to approximately £460.
How Tripwire Can Help
Cybersecurity breaches, unauthorized access to personal information, and computer misuse are major problems in the UK. Consider our powerful file and system integrity monitoring solution, Tripwire Enterprise, to protect your organization from these threats. To find out more, take a quick, self-led tour here.
Editor's Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
