Consultation launched on how to ‘reduce the security burden on citizens’

Credit: Alltechbuzz_net/Pixabay

The government has announced an ambition to drastically reduce the volume of cybercrime – and the onus on individuals to ensure their own security online.

A consultation has been launched to help officials better understand the current threats posed to citizens and businesses by potential breaches of online accounts and personal data. The exercise also aims to gather feedback on additional measures that could be taken by legislators, public authorities, and technology firms, so as to minimise the “burden of responsibility on individuals for cybersecurity”.

The ultimate aim is to “make large-volume reductions in cybercrime and associated offences”.

Citing data from the Office for National Statistics, consultation documents published by the Home Office indicate that, in the year to March 2022, there were 1.6 million offences related to the Computer Misuse Act – the 32-year-old law that remains the UK’s primary piece of legislating for prosecuting cybercrime.

“This represents an 89% increase compared to the year ending March 2020, driven by a 158% increase in unauthorised access to personal information – including hacking – offences,” the document added. “These offences are often perpetrated to commit further offences such as fraud, as well as cyber stalking and other sexually motivated online crimes.”

Related content

• NHS facing weeks of disruption after cyberattack on supplier of patient records systems
• Cybercrime picked as key focus for new National Crime Agency chief
• Scotland sees sevenfold increase in cybercrime in FY21

Feedback related to these offences and the harm they cause is being sought from a range of parties, including cyber professionals, representatives of industry more widely, academics, charities, and members of the general public.

Surveys will be tailored to the respondent’s background, and will ask questions related to current levels of concern about potential breaches of online accounts and personal data, as well as the impact of such incidents – including identity and financial theft, but also psychological harm and reputational damage.

The evidence-gathering process will also ask firms about their current cyber-protection measures, and the ways in which they are informed by legislation and government policy. Questions will also be asked about who should be responsible for responding to and mitigating threats, and how they should do so.

The Home Office added: “The UK government is committed to driving down computer misuse and the offences facilitated by it, as is evident in government policy on data protection, improving cyber resilience and strengthening the digital economy. In line with the National Cyber Strategy, we aim to reduce cybercrime offences through measures, both existing and new, which reduce the security burden on citizens and place more responsibility on organisations which manage user accounts and process personal data, to protect those personal accounts and data.”

Responses are open until 27 October.

This consultation follows another exercise conducted by the Home Office last year which sought feedback on whether the Computer Misuse Act (CMA) is still fit for purpose, and how the UK’s cybercrime legislation could be updated to reflect changes in the tech landscape that have taken place in the past three decades.

Data published by the government last month shed light on how difficult it is to bring cybercriminals to justice. Of the 28,886 CMA-related offences recorded in the year to March 2022, just 97 of these resulted in someone being charged with a crime or issued with a court summons. A further 60 were settled out of court, either formally or informally, while there were 75 instances of action that fell short of a criminal prosecution – such as a regulatory enforcement notice.

This means that of, the 28,886 recorded offences, about one in every 125 resulted in some form of punishment or restitution.

About three quarters of offences did not reach any defined outcome. Of the 7,556 that did, the majority – 5,135 – failed to identify a suspect. But there was also a significant number of cases – 1,328 – where prosecution was prevented as the victim of the crime did not support action being taken, as well as 752 cases where a suspect was identified and the victim wished for charges to be brought, but “evidential difficulties” prevented officers doing so. 

There were also 77 instances in which officers decided that pursuing an investigation or prosecution was not in the public interest – which could mean that doing so would have created potential national security issues, or would simply have wrought additional harm on the victim that outweighed the likely benefits.