Cybercrime in the UK: What You Need to Know

Several million cybercrime attacks are reported in the UK every year. With online sales continuing to grow, as evidenced by January 2025 seeing a 1.7% rise in online shopping compared with January 2024, staying vigilant against increasingly sophisticated cybercrime threats has never been more crucial.

From online fraudsters employing AI-powered scams to deceive victims on mass scale, to rising numbers of romance fraud enhanced by dating apps, cybercrime threats are gloomily growing across the UK. And these threats are becoming increasingly difficult to detect. 

In order to combat the rising prevalence of cybercrime in the UK, we have analysed the risks posed by digital fraudsters, highlighting the latest cybercrime statistics you ought to know, including the most common types of online fraud, and offering expert-driven tips on avoiding cybercrime and ensuring identity protection.

Firstly, what is cybercrime? 

A cybercrime attack refers to an attempt by an individual or organisation to compromise a computer, network or device, with the intention of financial gain. Cybercrime attacks can be against large-scale businesses, governments or individuals, 

There are various types of cybercrime - from email and internet fraud to identity theft, which can lead to large volumes of confidential data being stolen which can negatively affect people on a financial or personal level. 

Five UK cybercrime statistics you need to know

Whether you frequently use digital devices from watches to tablets, adopting privacy approaches and becoming cyber-savvy is critical to protecting your personal and private information online.

Here are five statistics to dig deeper into why safeguarding our online identities has never been more crucial in the digital age.

£108.2m reported stolen from British consumers via online shopping

Data from the past twelve-months from the *National Fraud Intelligence Bureau’s (NFIB) dashboard, powered by Action Fraud data, reports that a concerning £108.2m was taken by online criminals from UK citizens looking to purchase items online.

From malicious email scammers, to fake shopping sites and apps, it is crucial for all consumers to sense-check platforms online, including researching brands you may consider shopping with, ahead of providing personal information. 

74% of cybersecurity breaches are caused by human error

Mimecast’s State Of Cyber Security Report uncovered that almost three-quarters of cybersecurity breaches are being caused by human error. Looking for additional support in educating against what threats to look out for will play an essential role in hopefully reducing this figure in the future.

Additionally, whilst AI-enhanced scams are increasing, AI can also be positively utilised to provide a valuable safeguard, helping to prevent breaches caused by simple mistakes.

£104.5 million has been lost to romance fraud in the UK

Over the past 12 months, romance fraud in the UK resulted in losses of over £94.7 million, with 9,581 reports received by the National Fraud Intelligence Bureau’s (NFIB). Santander UK also recently reported in October that there has been a shocking rise in romance scams across the past six months, with a 27% increase year-over-year. 

During the colder months, many people are seeking comfort from human connection and cybercriminals often take advantage of this timing, intensifying their efforts to tap into human vulnerabilities. According to UK Finance, the top most common reasons people have been romance scammed include paying for an emergency (37%), paying for the person's travel to meet them (36%), and to make an investment (29%).

As online dating rises in the lead up to Valentine’s Day, staying vigilant against romance scams is essential to protect both your wellbeing and your wallet. 

78% of UK organisations are putting measures in place to tackle cybercrime 

According to a UK government report on AI and cybersecurity, over three-quarters (78%) of UK organisations are putting measures in place to tackle cybercrime. However, the report also outlines that nearly half (47%) of organisations using AI technologies lack cybersecurity measures to protect these systems.

This worrying figure demonstrates the prevalence of cybersecurity threats, as well as the need for organisations to develop resilient plans to better prepare themselves in an increasingly complex threat landscape.

50% of UK businesses have reported a cyber security breach year-over-year 

According to the UK government’s Cyber Security Breaches Survey, this figure is even higher for medium businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in annual income (66%).

These statistics highlight just how important it is for businesses to invest in employee training to stop cybercrime in its tracks.

The most common types of cybercrime in the UK

Our analysis of the *National Fraud Intelligence Bureau’s (NFIB) dashboard reveals that social media and email hacking have been the most common forms of cybercrime reported to UK police in the past year, with 36,864 reported incidents according to data from the City of London Police - that’s over 100 reported crimes of this type per day. 

Source: *NFIB Fraud & Cybercrime Dashboard [Public]

This form of cybercrime includes ‘phishing’, which is a method used by cybercriminals to gain access to personal information, including usernames, passwords and card details. Often taking the form of an email or text message, fraudsters use this method to impersonate individuals for financial gain. 

Cybercrime by hacking personal data closely follows with 10,351 incidents reported in the past year, followed by computer virus and malware hacking with 4,532 crimes reported, and extortion hacking with 3,539 reported cases of the crime - which involves hackers demanding ransom for not exploiting potentially stolen data from an individual or organisation. 

Finally, 301 ‘server hacking’ incidents were reported through the past year. This form of crime not only affects businesses themselves but also may affect clients, customers and any employees that may have access to an organisation's server, representing a potentially larger number of cases. 

The most affected regions in the UK for cybercrime

According to our analysis of *NFIB data, cybercrimes resulted in £5.9 million in losses across the UK last year, with the East of England being hit the hardest over a 12 month period, topping the UK list with 14.9 reported incidents per 1,000 people with losses in the region totalling a whopping £722,400.

Source: *NFIB Fraud & Cybercrime Dashboard [Public]

South Wales closely follows with 11.8 incidents reported per 1,000 people, which is estimated to have cost residents a combined total of £16,200. While slightly less frequent, these attacks drained an estimated £16,200 from the area’s economy. 

Meanwhile the UK capital recorded 10.3 cybercrime incidents per 1,000 people across the past year, costing Londoners a staggering £849,100.

The most affected demographics by cybercrime in the UK

Source: *NFIB Fraud & Cybercrime Dashboard [Public]

The prevalence of cybercrime in the UK varies based on both age and gender. Our NFIB data study has uncovered that the age group most vulnerable to cybercrime is 30 to 39, with UK Millennials in this range falling victim to cyberattacks 14,400 times over the past year.

Following closely behind are those in the 40 to 49 age bracket (Generation X), who experienced 10,300 reported incidents in the past year, while individuals aged 50 to 59 reported 9,200 attacks. 

Despite 32% of Gen Z consumers shopping online at least once per day and being 2x more likely to use an online-only brand than any other generation, our NFIB analysis uncovers that those aged 20 to 29 experienced fewer cybercrimes than their millennial counterparts, with 8,000 reported incidents.

Source: *NFIB Fraud & Cybercrime Dashboard [Public]

When it comes to gender, females are the most likely victims of cybercrime, with 39% of victims being female, compared to 32% being male. 

Analysing the data for circumstances where the gender was known, females were found to have reported 55% of cybercrimes compared with male counterparts recording 45% of instances.

Predictions for cybersecurity measures in 2025

From social media hacking to email phishing, the threat of cybercrime is unfortunately not expected to decline across the nation thisyear. Here are data-driven predictions for cybercrime changes over the course of this year. 

Cybercrime is expected to grow by 15% per year over the next two years. Reporting from Mimecast predicts cybercrime costs to total $10.5 trillion in 2025 - an increase from $8 trillion globally in 2023. Nearly one billion emails were exposed in 2023 alone, affecting one in five internet users. 

As phishing attacks are anticipated to remain the most common method of cybercrime, it’s clear that in 2025 there will be a need for greater measures to raise awareness of this threat to email users.

AI-spawned attacks will become increasingly more inevitable. Mimecast’s business cybersecurity survey also revealed that 67% of organisations believe AI-generated cyberattacks will become more prevalent moving forward.

In response to this, AI will play an ever more vital role in helping employees detect cyber threats and decipher the best course of action to take. 

‘Zero Trust’ cybersecurity measures will dominate. With hybrid-working becoming the norm, new and varied threats have emerged. Charity Digital reports that Zero Trust security protocols, which require continuous authentication and verification, will become the standard approach to safeguarding organisations and in boosting global protection against cyber threats.

How to protect yourself against cybercrime 

With over 55,000 cybercrimes reported in the past year, the need for heightened awareness is crucial. To help safeguard your online identity, our Equifax experts have collated these five tips to increase your protection from future cyber threats.

Are your devices secure? When it comes to protecting yourself against cybercrime, ensuring that your mobile phone and other devices are secure is an essential practice. 

As the number of devices that we use goes up, so does our risk of being exposed to malicious software, known as “malware” or “Spyware”. This means making sure that your phone is protected by a password. Using fingerprint or facial recognition technology also adds an additional layer of security to your phone. 

It’s also important to be wary of connecting to publicly open WiFi networks which may be insecure and could put your personal information at risk. Using a Virtual Private Network (VPN) is a good way of ensuring greater protection when online.

Staying vigilant pays off. Phishing remains to be the most prevalent form of cybercrime and protecting yourself against this requires all round good vigilance.

Avoid clicking links or attachments within an email unless you’re absolutely sure of the sender’s identity. If in doubt, it is always best to ask them if the email you have received is legitimate as, for all you know, their email account could have been hacked.

Are your social media accounts hindering your identity protection? Always look into the privacy settings on your social media accounts to ensure you are comfortable with the level of security that you have in place. As you use social media, be conscious of the information that you are sharing with others as you could be revealing insights into your daily routines or even your location.

It’s also good practice to set up log-in notification alerts in order to be notified as soon as someone tries to log into your accounts. It's also important to remember to never log in to your private social media accounts on devices accessible to the public, such as mobile phones or computers at a technology shop.

Are your passwords really protecting you? Nowadays it can really feel like a password is needed for everything, and it can be hard keeping track. However, by repeating passwords, users run the risk of having multiple accounts hacked at the same time.

Using a password manager is a quick and easy step to create stronger passwords that are stored in a safe location. Whilst setting up 2-factor authentication, which requires users to provide additional information, such as a one-time passcode, to access a service - adding an additional layer of protection.

Keep an eye on your apps. To reduce the risk of app-based cyberattacks, never download apps from third party sites. Instead, stick to official app stores such as the Apple App Store® or Google Play™. Be sure to also never download apps that are advertised to you through a pop-up, as such apps are commonly used as vehicles for malware that may ultimately compromise your device and target your private information.

If you are seeking complete peace of mind from fraudster risks, Equifax Protect helps to keep your identity safer by alerting you to potential identity theft. Providing alerts for your financial, personal and social media identities, Equifax specialists are on hand to check if fraudulent items may appear in your credit report. 

How to report fraud and cybercrime 

If you have lost money to a cybercrime thread or you think that your personal information may have been stolen, you can contact Action Fraud at any time of day or night to give you the immediate help and advice you need. 

About The Data 

*The NFIB Fraud and Cybercrime Dashboard was published in response to the HMICFRS Fraud: Time to choose report and its recommendations, to increase transparency of fraud and cybercrime reporting. 

The dashboards are based on a rolling 12 months of data from Action Fraud, which are extracted on a monthly basis. Only fraud and cybercrime offences amounting to a crime under the Home Office Crime Recording rules are included. Information reports and crimes reported directly from partner agencies and industry are not included and will account for differences to Office for National Statistics figures for fraud offences in the same period. 

Equifax has analysed the NFIB Fraud and Cybercrime Dashboard data between January 2024 and January 2025.