UK hacking prosecutions plummet with only 47 charges recorded last year

A lack of resources is believed to be partly to blame for incredibly low prosecution figures.

Cyberattacks are now a daily occurrence and hardly a week goes by when we don't hear of a major data breach -- but despite rising numbers of hacking events, prosecutions rates are falling in the United Kingdom.

As reported by The Times, law firm Reynolds Porter Chamberlain (RPC) has compiled the figures on how many prosecutions are pushed through the 1990 Computer Misuse Act, which allows law enforcement to charge individuals with unauthorized access to PC systems and causing damage to machines.

According to the figures, the number of prosecutions under this law fell for the second year in a row in 2017.

In total, only 47 cases of illegal hacking resulted in prosecutions last year, a drop from only 57 in 2016. In 2015, the UK justice system prosecuted individuals and groups 61 times under the Computer Misuse Act.

The 2018 Cyber Security Breaches Survey suggests that 43 percent of UK businesses and two in ten charities -- 19 percent -- experienced a cybersecurity incident or attack in the past 12 months.

Despite 74 percent of UK organizations calling cybersecurity a "top priority," only 27 percent have a formal cybersecurity policy in place -- a drop from 33 percent in 2017.

See also: 'Hacky hack hack': Teen arrested for breaking into Apple's network

Without established procedures, these businesses -- whether enterprise players or SMBs -- can be easy pickings for threat actors.

Police numbers have dropped to 122,404 from 123,142 a year ago, the lowest on record since 1996.

In the same way that falling numbers are believed to be linked to an increase in violent crime in the country and the estimate that prosecutions for crimes are only achieved in one in ten cases, the lack of control over crime in the black hat hacking arena is thought to be due to the same issue.

CNET: Judge sets bail at $750K in cryptocurrency for alleged EA hacker

Fingerprints, witness statements, and forensics may help secure a conviction when it comes to physical crimes but digital intrusions can be far more difficult to pursue as a criminal case.

"Police forces are doing their best with the resources they have but the scale of the problem means businesses cannot necessarily rely on the police to really help them when there is a cybercrime," Richard Breavington, a partner at RPC, told the publication.

TechRepublic: Despite the security measures you've taken, hacking into your network is trivial

To push the possibility of prosecution even further out of reach, the law firm says that as so many threat actors are overseas, catching them is extremely difficult.

"Having investigated cybercrime for the police for many years, I know fully well how difficult it is to prove beyond a reasonable doubt when it comes to digital offenses," Jake Moore, Cyber Security Specialist at ESET UK commented. "Sadly there are a plethora of tools to help equip a hacker with anonymizing their whereabouts or identity online. Breaking encryption and investigating incognito IP address can take a very long time -- if at all sometimes -- and the cybercriminals around the world are fully aware of this and take advantage of law enforcement being on the back foot."

Previous and related coverage