The worst UK regions for cybercrime

Cybercrime is an offence increasingly favoured by criminals to steal money over the internet.

It includes targeting individuals through email and social media, using computer viruses, extortion and more.

With cybercrime on the rise, its cost to the world is expected to top £8 trillion annually by 2025.

The UK's cybercrime victim hotspots uncovered

To delve deeper into the issue, we sent Freedom of Information (FOI) requests to all UK police forces, to uncover which UK regions experience the most cybercrime, and what the average loss is per crime.

We’ve also shared some tips on how you can protect your money and identity online, which is more important than ever in light of increasing living costs.

What are the different types of cybercrime?
Hacking – social media and email	Unauthorised access or modification to an email or social media account including Facebook and Twitter
Computer virus, malware and spyware	Unauthorised access or modification to computer materials using a computer program or software
Hacking – personal	Deliberate modification of an individual’s personal computer contents
Hacking – extortion	Blackmail with the threat of computer hacking or items found on a computer
Hacking - server	Unauthorised access to a computer server

 79 cybercrimes take place on average every day in the UK

 We discovered that 28,943 cybercrimes were reported across the UK in 2021, averaging 79 incidents per day. Cybercrime accounted for 6.5% of all reported cases of fraud in 2021, up from 3.4% in 2020. Although fewer incidents of fraud were reported in 2021 compared to 2020, the increasing prevalence of cybercrime in those incidents suggests a growing shift towards fraudulent activity online.

One study found that one in five Brits has been a victim of cybercrime. This indicates that crimes reported to the police are only the tip of the iceberg: as many as 13.5 million people in the UK may have fallen victim to this type of crime in recent years.

According to the same study, almost two in five people are more concerned about cybercrime than in-person offences.

Cybercrimes cost Brits over £12.5 million in 2021

Despite the number of reported fraud cases dropping between 2020 and 2021, cybercrimes have become much more costly to victims over the last couple of years. In 2021 alone, Brits lost over £12.5 million to cybercrime, according to data from Action Fraud and the NFIB, £2.9 million more than in 2020.

On average, Brits are losing £431 per cybercrime incident, more than ever before. This value has more than doubled, rising by 117.6% since 2019, where the average loss was a still sizeable £198 per crime.

With the increasing cost of living, the threat from cybercrime and its rising cost has never been more concerning.

Wales is the UK’s cybercrime hotspot, losing a whopping £3,314 per crime

The results of our FOI requests revealed Wales as the region worst-hit financially by cybercrime. Despite only 1,267 incidents being recorded, cybercrime victims in Wales lost a huge £4.2 million in 2021, a third of the total reported losses in 2021 of £12.5 million. This makes an average cost per crime of £3,314 – the highest in the UK.

The country’s victims were largely targeted through social media and email hacking, which resulted in the majority of the financial loss, despite only accounting for 53% of all reported cybercrimes. Hacking extortion followed, with a loss of £51,200.

The victims of cybercrime in Wales were predominantly individuals rather than organisations, with only 7% of reported incidents coming from companies.

The North West lost £1,423 on average to nearly 3,000 cybercrimes

The North West was the second-worst hit region for cybercrime, with an average loss of £1,423 per incident, less than half that of Wales. However, the region had a much greater incident rate, with 2,950 cybercrimes reported in 2021 alone, costing £717,200.

Computer viruses, malware and spyware were to blame for 48% of the total losses, with £345,100 stolen across 743 incidents. The most common cybercrimes in the region involved social media and email hacking, with 1,369 reported incidents.

London had 5,306 cybercrimes in 2021, averaging £621 per crime

Our research revealed that London had the greatest number of cybercrimes in 2021, with a huge 5,306 incidents recorded, the equivalent of 15 a day. Cybercrime victims living in the capital lost a whopping £3.3 million in 2021, which is an average of £621 per crime.

In London, social media and email hacking proved to be the most common and costly cybercrimes, with 2,270 incidents recorded attributed to this, resulting in almost two-thirds (£2.1 million) of the £3.3 million losses.

Hacking extortion was also a huge contributing factor, costing London’s victims £493,100 despite there being only 468 incidents. This means that this type of cybercrime had an average cost of £1,053 per incident – the costliest cybercrime for victims.

96% of all cybercrime victims were individuals, leaving organisations the victims in only 4% of reported cybercrime cases in the capital.

The East and South East lost a combined £910,000

In 2021, the South East reported 3,456 incidents, costing the region’s victims £630,500, or £182 per crime. Of this total, £279,600 was attributed to social and email hacking, followed by £208,300 in personal hacking.

The East of England reported 3,813 cybercrimes in 2021; however, the total loss was only £330,600, equating to an average cost per crime of £86 – one of the lowest in the UK.

One-third of this cost came from hacking extortion, the costliest type of cybercrime in the region, even though it only featured in 7% of the total incidents reported.

The North East had the lowest cybercrime rate in England

In England, the North East had the lowest numbers of cybercrimes reported. Only 892 incidents were counted, totalling £233,200 or £261 per crime.

Scotland was the nation least affected by cybercrime, losing £18 per crime

Not only did Scotland have the lowest reported cybercrime rate in the UK, but this was also true when compared to individual regions in England. Only 249 incidents were recorded in 2021, costing victims £4,700, or £18 per crime on average.

Brits reported 13,500 social media and email hacks in 2021

Social media and email hacking remains the leading type of reported cybercrime in the UK. 13,522 incidents were recorded in 2021, slightly fewer than the 13,948 reported in 2020.

Social and email hacking led to reported losses of £7.8 million in 2021, the highest cost to date and an average of £576 per incident. In 2020, £3.5 million was recorded with an average loss of £251 per incident. This represents a huge increase of 122% between 2020 and 2021 and further reinforces the threat presented by these types of offences.

2021 cybercrimes by number & cost
Crime type	Recorded crimes	Reported cost	Average loss per crime
Hacking - social media & email	13,522	£7.8m	£576
Computer viruses, malware & spyware	7,156	£1.2m	£293
Hacking - personal	5,325	£517K	£97
Hacking - extortion	2,300	£2.6m	£1,130
Hacking - servers	331	£158K	£477

Computer viruses, malware and spyware were the second most prevalent, with 7,156 incidents reported in 2021, leading to £1.2 million in recorded losses, or £293 per crime.

In terms of national financial loss, hacking through extortion was in second place, costing the UK £2.6 million; however, it was the costliest crime for individuals, with victims losing £1,130 on average in each incident.

9/10 reported cybercrime victims were individuals

Of the 28,943 cybercrimes reported in 2021, 90.3% were against individuals, with only 2,821 of the victims being organisations. But even though individuals were targeted more, the losses to organisations were much greater.

Reported losses to individuals totalled £5.3 million, whereas organisations lost £7.3 million, 58% of the total figure.

Almost 3 in 5 victims of cybercrimes were women

In cybercrime reports where gender was recorded, women were more likely to be the victim than men. In these incidents, 58% of cybercrime victims were women.

For women, those aged 20 to 29 were most likely to fall victim to a cybercrime, with 2,470 in this category. However, for men, those aged 30 to 39 were most likely victims, with 1,808 reporting a cybercrime in 2021.

Almost two-fifths of cybercrime victims were aged 20 to 39

Perhaps surprisingly, people aged 20 to 39 are most likely to be the victim of cybercrime with 9,934 recorded incidents. That’s a massive 39%, almost two-fifths of all cybercrimes. 

Ages of victims of cybercrimes, 2021
Ages	Reported crimes	Percentage
0 to 19	1,248	5%
20 to 39	9,934	39%
40 to 59	8,974	35%
60+	5,450	21%

Considering people in this age bracket are the most reliant on the internet, with 99+% using the internet frequently according to the ONS, it may be fair to expect that this group are also the savviest when it comes to spotting the types of activities that lead to cybercrimes. With criminals becoming more advanced, however, cybercrime is increasingly difficult to spot.

People aged between 40 and 59 were next most likely to fall victim to cybercrime, accounting for 8,974 cases or 35% of all reported cybercrimes. People aged 60+ were the victims in 21% of cybercrime cases.

Five ways to protect yourself from cybercrime

Now you know how much of a threat cybercrime can be, there are some simple tips and tricks you can follow to help protect yourself online and keep your money and identity safe.

1.   Don’t interact with emails and texts from unknown senders

This is a tip that’s been around for as long as the internet but still applies today – try to avoid reading messages from people you don’t know or senders you don’t recognise. However, if you do open a message, don’t worry. The main thing is to avoid interacting with any potential scams by opening any attachments or following any links in an email from a sender you’re not sure about. This is one of the easiest ways people can gain access to your personal information. Cybercriminals are becoming increasingly advanced and more convincing, so make sure you check the email address and any links sent in emails to make sure they’re right.

Find out more about how to spot and protect yourself from phishing scams.

2.   Use two-factor authentication

Many sites now offer two-factor authentication, which adds another level of security when you log in to an account. This is typically done by sending a code to an app or by text message and is used alongside you entering your username and password to make your accounts more secure.

3.   Use strong, random and unique passwords for each account

Ensure you use strong passwords for all your accounts that use a mixture of uppercase and lowercase letters, numbers, and special characters. Avoid using the same password for more than one account, and try to avoid similar passwords as this is the easiest way for hackers to access multiple accounts.

4.   Keep computer software and apps up to date

Ensure your apps and electronics are up to date to stay on top of the latest security releases. Outdated versions are more likely to be susceptible to cybercrime.

5.   When in doubt, contact the company directly

If you receive a text or email from someone like your bank and you’re not 100% it’s genuine, contact them directly. However, don’t use contact details provided in a text or email, as these could simply put you in touch with the criminal behind the scam. Instead, search for the company’s phone number or email address online to find their official details.  When you speak to them, they will be able to confirm why you have been contacted and any action that you need to take.

What to do if you fall victim to cybercrime

If you believe you’re a victim or attempted victim of cybercrime, you should report it to Action Fraud through their online reporting tool or by phone on 0300 123 2040 on Monday to Friday 8am to 8pm. Action Fraud will notify the local police when applicable but you can also contact them directly.

Businesses may also need to report crimes to the Information Commissioner's Office (ICO) within 72 hours of the report.

If you’re in immediate risk or danger, you should call 999 immediately.

Make sure you collect and keep any evidence related to the incident as this may be useful during the investigation.

Methodology

Using Freedom of Information requests along with data obtained from Action Fraud and the National Fraud Intelligence Bureau (NFIB) on 9 March 2022, Ocean Finance has located the worst regions for cybercrime based on the total number of reported incidents and the average cost per incident.

The figures include incidents from unknown locations as well as the Channel Islands and the Isle of Man; however, these are not represented in the regional figures, which have been rounded at the source.