Cyber crime rates “growing three times faster than policing numbers”

Analysis of the latest Government data carried out by Forbes Solicitors shows cyber and economic crime-focused policing teams facing growing workloads, which are outpacing dedicated resources. On average, each member of staff in these teams dealt with 448 fraud and computer misuse offences last year. That’s around 137 more per employee than was the case in 2020.

According to Office for National Statistics data for crime in England and Wales, the total number of fraud and computer misuse offences rose from 774,537 in 2020 to 1,458,704 last year (an uptick of 88%). During the same five-year period, official police workforce data reveals much smaller growth in full-time employees handling these crimes. The number of police staff tasked with concentrating on cyber and economic crime increased by only 31%, rising from 2,489 officers in 2020 to 3,259 last year.

The concern for cyber crime victims is that laws are tightening at a juncture when dedicated police resources are being stretched.

Financial penalties

Craig MacKenzie, head of high-profile and private crime at Forbes Solicitors, explained: “The Cyber Security and Resilience Bill is expected to become law this year. Government is also looking at new legislation aimed at banning and preventing ransomware payments. New laws are a positive move, of course, but would likely bring compliance requirements that will be tougher to meet without sufficient policing.”

MacKenzie continued: “If brought into law, changed regulations could mean organisations and directors facing civil or criminal penalties for paying ransomware demands. Businesses are also likely to have new responsibilities for strengthening cyber security and resilience. If they don’t meet these expectations, they could be hit with higher financial penalties.”

The Cyber Security and Resilience (Network and Information Systems) Bill was introduced to the House of Commons in November last year and aims to strengthen UK defences against cyber attacks. As of 30 March, the Bill is due its third reading in the House of Commons. It’s expected to receive Royal Assent later in 2026: a move which could see stronger enforcement powers and higher financial penalties for breaches. An existing £17 million cap on penalties could be removed and replaced by penalties linked to 4% of a company’s global turnover.

Restricting payments

Government is also considering new measures designed to deter ransomware attacks by restricting payments to cyber criminals. High-profile attacks against UK retailers and manufacturers in 2025 showed how ransomware can cripple businesses overnight and disrupt operations for months, causing financial losses running into tens and even hundreds of millions of pounds.

Victims often choose to pay ransomware demands to avoid such risks, but proposed legislation that’s currently under consultation could prohibit such payments. If proposals become law, companies and directors who make ransomware payments could face civil and criminal penalties in the future.

MacKenzie concluded: “If the law toughens in a bid to tackle rising cyber attacks then police resourcing must keep pace. Otherwise, more pressure is being piled on top of the very organisations being targeted by cyber criminals. It’s hard to justify asking businesses and their staff to take on bigger responsibilities – and greater liability – when police staffing isn’t growing anywhere near as fast as the number of fraud and computer misuse offences.”

*Further information is available online at www.forbessolicitors.co.uk