Scotland records huge spike in cyber crimes in the last financial year

The number of cyber attacks taking place in Scotland has risen sharply over the past two decades with by far the largest increase coming in the 2020-21 year.

Following a parliamentary question from Conservative MSP Miles Briggs, justice secretary Keith Brown has revealed that in the year to April 2021 a total of 403 cyber crimes were recorded by Police Scotland, up from 57 the previous year. In 1999-00 there was just one recorded case, with the total remaining below 100 in each year between then and 2020-21.

Of the total in the last financial year, 331 incidents fell under sections one and two of the Computer Misuse Act, meaning they were the result of perpetrators gaining unauthorised access to someone else’s computer. The data does not record whether the computers belonged to individuals or businesses.

The remaining 72 incidents fell under section three of the act, meaning whoever accessed the computers had attempted to make modifications to them.

The figures – which are anonymised - are likely to include the cyber attack that hit the Scottish Environment Protection Agency (Sepa) in December 2020, when cyber criminals encrypted, stole or deleted data held in the organisation’s computer systems on Christmas Eve and demanded a ransom to release it. The ransom was not paid and Sepa has been able to unravel much of the damage done, but has still not been able to quantify the full financial implications of the attack.

In his response to Briggs, Brown wrote that the large spike seen in 2020-21, when the total number of cases rose by just over 600 per cent, could in part be explained by a change in the way crimes are recorded.

“As highlighted in the 2020-21 recorded crime national statistics, a procedural change was made to the recording of international crime in 2020-21, whereby cases carried out by a perpetrator who was likely to be outside the UK are now included,” he wrote.

“This may have led to some additional crimes being recorded in the latest year, though more broadly the increase may in part be due to the significant impact of the coronavirus pandemic, including behavioural changes with more people undertaking activities online.”

Briggs said an increase to Police Scotland’s budget is needed to enable to the force to deal with the rise.

“Our police desperately need the resources to tackle this issue, but instead the SNP government have given them a real-terms cut to their capital budget,” he said.

“That means our police are being left without the equipment, training and resources they need to tackle these attacks.

“It is essential that the public can go online without feeling under threat from hackers – particularly just now with concerns about global cyber-security in the wake of Russia’s appalling invasion of Ukraine.

“We know that Scottish public-sector organisations have been subject to cyber-attacks too, so this is a growing problem.”