Cybercrime is an ever-growing concern in Australia and around the world. It covers a wide range of criminal behaviours, from traditional offences enabled by technology (e.g. identity theft) to those generated solely using computers (e.g. ransomware attacks).
With the COVID-19 pandemic causing most daily activities to move online, and with cybercriminals becoming more sophisticated in their approach, cybercrime has increased significantly. The NSW Bureau of Crime Statistics and Research conducted a study in April 2023 to examine the trends in and major characteristics of cybercrime in NSW. This article explores the key findings.
Trends in cyber offences
Cybercrime in NSW was measured by examining reports to ReportCyber, a national cybercrime reporting system operated by the Australian Cyber Security Centre.
There were 39,494 reported incidents of cybercrime concerning victims residing in NSW from July 2019 to June 2022. These incidents were classified as either cyber-enabled fraud, identity theft, cyber-enabled abuse, online image abuse, or device offences.
Cyber-enabled fraud
Cyber-enabled fraud refers to the use of online services or computers to commit fraud or to deceive victims into sending money or goods to someone online. Examples include email fraud and investment scams.
Cyber-enabled fraud accounted for 45% or 17,812 of the reported cybercrime incidents throughout July 2019 – June 2022. This crime type increased by 95% or 3,917 incidents from year 1 to year 3.
Identity theft
Identity theft is when a cybercriminal gains access to personal information through means such as hacking, phishing, remote access scams, malware/ransomware, and fake online profiles. The stolen identities may then be used to steal money or gain other benefits.
Identity theft accounted for 34% or 13,500 of the reported cybercrime incidents throughout July 2019 – June 2022. This crime type increased by 35% or 1,378 incidents from year 1 to year 3.
Cyber-enabled abuse
Cyber-enabled abuse is where someone is being bullied, threatened, harassed, or stalked online, with the intent to intimidate, scare, or harm them socially, psychologically, or even physically.
Cyber-enabled abuse accounted for 14% or 5,563 of the reported cybercrime incidents throughout July 2019 – June 2022. This crime type decreased by 41% or 1,111 incidents from year 1 to year 3.
Online image abuse
Online image abuse is where an intimate image or video is threatened to be shared or is shared without the consent of the person pictured. This crime type is sometimes also called “revenge porn” or “sextortion”.
Online image abuse accounted for 3% or 1,313 of the reported cybercrime incidents throughout July 2019 – June 2022. This crime type increased by 70% or 228 incidents from year 1 to year 3.
Device offences
Device offences refer to malware and ransomware attacks. Malware refers to the use of code or programs for malicious purposes (e.g., obtaining confidential information). Malware is often perpetrated as a ransomware attack where computers or files are blocked, or access is limited until a ransom is paid.
Device offences accounted for 3% or 1,306 of the reported cybercrime incidents throughout July 2019 – June 2022. This crime type increased by 117% or 329 incidents from year 1 to year 3.
Financial impact of cybercrime
In June 2022, individuals reported losing $24,866,537 to cybercrime while organisations reported losing $7,732,204. The financial loss for individuals has been steadily increasing from July 2019 – June 2022, rising from $1,848,237 to $24,866.537, while the financial loss for organisations remained relatively stable between 2019 and 2022. The cumulative reported amount lost was $287,379,904 for individuals and $117,215,656 for organisations between July 2019 and June 2020.
Most fraud reports (86.8%) involved money loss, while 39.5% of identity theft reports involved money loss. A small minority of victims of cyber abuse (3.3%), device offences (3.6%) and online image abuse (12.7%) reported losing money as a result of the crime.
Victims of cybercrime
Most of the victims who reported cybercrime in NSW were individuals (89%), male (53%) and over 25 years of age (87%).
Most victims of fraud (54%), identity crime (54%) and online image abuse (58%) were men, while women made up the majority of victims of cyber abuse (55%) and device offences (53%).
The highest proportion of reports for cyber abuse (25%), device (30%) and fraud (24%) offences were made by individuals aged 55 and over, while individuals aged 35 to 44 made up the largest proportion of victims of identity crime (26%). Individuals aged between 18 and 24 (37%) reported online image abuse more often than any other age group.
The proportion of incidents reported to police ranged from 12% for both cyber abuse and device offences to 28% for both identity crime and online image abuse.
Key takeaways
A recent study revealed that the main types of cybercrime impacting individuals and organisations in NSW are cyber-enabled fraud, identity theft, cyber-enabled abuse, online image abuse, and device offences. Most crime types have experienced an increase in annual incidents since 2019, with the exception of cyber-enabled abuse which has decreased.
The financial loss for individuals has been steadily increasing since 2019 while the financial loss for organisations has remained relatively stable. The percentage of cybercrime reports that involve money loss varies greatly by crime type, with fraud being the most common crime type to involve money loss. The profile of cybercrime victims also differed by the type of offence. Most cybercrime incidents are not reported to police.