The annual cost of fraud and cybercrime in the UK is £10.9bn – the equivalent of £210 per adult, according to new research.
The study, Get Safe Online, shows examples of online fraud ranging from fraudulent phishing messages to extract the personal details of victims, to ransomware and the theft of data through hacking.
The research, carried out by the National Fraud Intelligence Bureau (NFIB) reveal that a staggering £10.9 billion was lost to the UK economy as a result of fraud, including cybercrime, in 2015/16. That equates to approximately £210 per person over the age of 16 living in the UK, but represents only reported fraud and cybercrime to Action Fraud.
– Online crime costs UK adults approximately £210 each according to reported incidents
– But Get Safe Online research finds this figure closer to £520 per person of those who have experienced cybercrime
– Nearly three quarters (72%) of people said their top concern was identity theft
– 43% of the UK public use the same password for multiple accounts
– Get Safe Online urges people to make every day safer by treating online security as part of our everyday routines
However, a specially commissioned survey to mark Get Safe Online Day (18 October)***, reveals that this number is likely to be much greater, with respondents who had been a victim of online crime alone losing an average of £523 each – this being more than the average weekly earnings figure for the UK**** which currently stands at £505. In addition, 39% of people who said they’d been victims of online crime said they hadn’t reported the incident – this meaning that the overall amount of money lost by the UK could in fact be even more.
In addition, a quarter of (25%) the UK public said that they had a limited understanding of the risks they face when going online, but nine in 10 (89%) said they were somewhat or very concerned about their online safety and security. 89% also felt online crime was as damaging or more damaging than physical crime.
The victims of cybercriminals
The research found a worrying gap in people’s understanding of what constitutes an online crime – 86% said they had not been targeted by cybercriminals in the past 12 months. But, 68% of people in the UK have been targeted in a variety of ways:
– 53% received fraudulent emails or messages which have attempted to direct them to websites where their personal information could have been stolen, including bank details, user names and passwords
– Over a quarter (28%) reported being contacted by someone who was trying to trick them into giving away personal information
– 10% had their email or social media accounts hacked
– 3% had been victims of ransomware, a fast-growing means of online extortion
Of those who said they had been a victim of cybercrime, over a third (38%) said they felt that the matter was too trivial to report. Worryingly, over a third of people (37%) also said that they felt there was nothing that could be done.
Poor online safety habits
But, many Britons are still not taking the basic steps to keep themselves safe online with as many as 43% saying that they use the same password for multiple online accounts. In fact, even when a company warns people to change their password after a breach – three in 10 have been contacted to do so – 12% said they did not follow the advice. The survey found that people use an average 9 passwords across devices and accounts.
The research also showed that respondents only update their security software every 8½ months and two in 10 (19%) do not update their device operating systems at all. When it comes to taking care of personal information, nearly a quarter (23%) said they never update their privacy settings on social media, with 58% saying they did not know how to. Additionally, nearly a third (29%) don’t back up their documents and photographs at all.
Tony Neate, Chief Executive of Get Safe Online, comments: “The fact that the UK is losing nearly £11 billion to cyber criminals is frightening and highlights the need for each and every one of us to make sure we are taking our online safety seriously. It is clear from our survey that people are very concerned, and rightly so.”
Neate continued: “The fact that over a third of people felt there was nothing that could have been done to stop them becoming a victim is alarming indeed – particularly when it’s so easy to protect yourself online. Also, as our research shows, people are losing large sums of money on average – £523 being the equivalent of a holiday abroad or the price of a new piece of technology in the home. As a result, it seems there is still a big education job to do. Let’s not let cyber criminals get away with it anymore by ensuring that each and every one of us is updating the operating systems of our various devices and ensuring security software is always updated. What’s more we all need to ensure that we have a different password for each online account we own and website we visit. Online safety needs to be part of our everyday routines.”
City of London Police’s Commander Chris Greany, the Police National Coordinator for Economic Crime, said: “The huge financial loss to cybercrime hides the often harrowing human stories that destroy lives and blights every community in the UK. All of us need to ask ourselves are we doing everything we can to protect ourselves from online criminals. Unfortunately, people still click on links in unsolicited emails and fail to update their security software. Just as you wouldn’t leave your door unlocked, so you shouldn’t leave yourself unprotected online.”
Commenting on this, Robert Capps, VP of business development at NuData Security said “We’re saddened, but not shocked, to see these findings. In this study, the fact that online fraud costs the UK £10.9bn a year is a sad state of affairs for consumers who can often bear the brunt of the costs (especially with regard to account takeover and new account fraud). It’s absolutely no wonder that consumers are pushing back on companies to improve security, holding them accountable for it, yet still wanting to have a good experience going through the gates.
“Financial fraud offers a lucrative source of income for cybercriminals, totaling £755 million in 2015 in the UK alone. Cybercriminals have grown in their sophistication, exploiting the human interest factor by posing as banks or suppliers and then duping consumers into revealing their personal details. These scams have also proved effective in targeting commercial organisations, as senior executives are tricked into revealing sensitive information which enables access to a company network.
The increasing volume of attacks globally can also be attributed to more fraudsters willing to commit the crime, more data available on the black market, and more financial institutions and merchants that are vulnerable to attacks. Plus, as more countries fully adopt EMV, we’ll see fraud continue its migratory path to all available online channels.
“We have to remember; fraudsters know us better than we do in that they’ve pegged our vulnerabilities. It’s time we returned the favour. They are vulnerable because they must do very similar behaviours to be successful, and guess what? We can find them by their tell-tale signals.
“In order to detect out of character and potentially fraudulent transactions before they can create a financial nightmare for consumers, we must adopt new authentication methods that they can’t deceive. Solutions based on consumer behaviour and interactional signals are leading the way to providing more safety for consumers, and less fraud in the marketplace.
To combat these types of attacks, consumers should always report emails to their banking provider. No legitimate organisation will ask for security or banking details so consumers need to be suspicious of any email that requests this information.
Meanwhile there are steps that consumers can take to help secure themselves:
• Shop with well-known companies online, or use safer payment systems such as PayPal, ApplePay, Android pay, to avoid providing your payment details directly to an unknown merchant.
• Use strong, unique passwords on each site you register with.
• Make sure to change your passwords regularly.
• Don’t use public computers or free, unencrypted Wi-Fi to conduct financial or retail transactions or interactions.
• Don’t fall victim to email and phone scams, where a consumer receives a call from “their bank” asking for personal, or financial account information. If it looks too good to be true, it most likely is. When I doubt, call the bank directly, based on the number printed on the back of your card, or on a recent statement.