Research and analysis

Public attitudes to cyber crime and fraud

Published 14 January 2025

Applies to England, Scotland and Wales

1. Introduction

This report uses data from public opinion polling to gather information about public awareness, experiences and perceptions of fraud and cyber crime. The aim of this polling is to improve the evidence base of both crime types. The Home Office commissioned Ipsos UK to deliver a nationally representative survey of adults in Great Britain. The Home Office has prepared this report, but draws on data gathered through Ipsos UK Knowledge Panel.

This data provides insight into public views around fraud and cyber crime, as well as providing opportunities to monitor public views, such as their confidence in the government response on fraud and cyber crime.

Respondents were given the following definitions for fraud and cyber crime:

Fraud: Fraud is defined as a person acting dishonestly, with the intent of making a gain (often financial), at the loss of another. Examples include phishing, someone obtaining your plastic card, cheque or bank account details to steal money from your account, or being asked to make upfront payments for goods or services that do not materialise.

Cyber crime: Cyber crime involves gaining unauthorised access or causing damage to computer systems, internet-enabled devices, or the information held on those devices. Examples include hacking or unauthorised access into your online accounts – such as your banking, email or social media accounts – or your devices being infected by a virus or malicious software.

2. Methodology

Participants were recruited via Ipsos UK Knowledge Panel, which at the time of this survey was composed of a nationally representative sample of over 15,000 individuals within the UK based on random-address sampling. It includes members of digitally excluded households, with Ipsos providing technology for the purpose of completing surveys. Panellists are incentivised for their participation in Knowledge Panel research^{[footnote 1]}.

Panellists were recruited via a random probability, unclustered address-based sampling method. This means that every household in Great Britain had a known chance of being selected to join the panel. As a random probability survey panel, the Knowledge Panel did not use a quota approach when conducting the survey. Instead, invited samples were divided into non-overlapping, smaller groups (called strata) based on shared characteristics, to account for any profile skews within the panel. The data was then weighted to match the profile of the population of Great Britain.

In total, Ipsos undertook 2,178 interviews with residents across Great Britain, aged 16 to 75. Boosters were not used to target underrepresented demographic groups. However, the survey collected various demographic variables for each respondent, enabling data to be broken down beyond the population level.

This is a one-off report to summarise findings from this particular time period, along with accompanying data tables. Survey results presented in this report are based on a sample of the British population and as such are subject to margins of error which will vary with the sample size and the percentage figure concerned.

Data from this survey is not designated as official statistics. For official statistics, please refer to the Crime Survey for England and Wales (CSEW) conducted by the Office for National Statistics (ONS). The methodology and question wording for the polling questions also differs to that of the CSEW and resulting data is not comparable.

Findings in the report draw upon questions that respondents were asked about their perceptions of risk of cyber crime and online fraud, cyber crime and fraud victimisation, their cyber security, protective behaviours and awareness of reporting mechanisms and their confidence in UK government and law enforcement to protect the public and respond to cyber crime and fraud. The accompanying data tables provide a more detailed break-down of the reported questions, as well as demographic variables.

3. Key findings

3.1 Perception of risk of cyber crime and online fraud

The perception of personal risk of cyber crime and online fraud is moderate across Great Britain’s population, with slightly higher levels of perceived risk for cyber crime compared to online fraud.

Respondents were asked about their perception of risk of cyber crime and online fraud.

The polling indicates that the perception of personal risk of cyber crime and online fraud is moderate across the British population. Respondents were asked about 3 specific online fraud crimes, revealing that people feel most at risk from online retail fraud^{[footnote 2]}:

• 42% reported that they feel very/fairly at risk of ‘buying fake or counterfeit goods online or online purchases not arriving’
• 38% reported that they feel very/fairly at risk of ‘money being stolen from their bank account or bank cards’
• 22% reported that they feel very/fairly at risk of ‘being tricked into giving money or goods to an organisation or person’

Figure 1: Perceptions of risk of online fraud

Q: How much, if at all, do you personally feel at risk from each of the following?

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Notes:

1. Combined figures reported above differ slightly from this figure due to weighting and rounding.

Respondents were also asked about 3 types of cyber crime, showing slightly higher percentages for perceived risk of cyber crime than of online fraud:

• 50% reported that they feel very/fairly at risk of their ‘devices being infected with a virus or other malware’
• 48% reported that they feel very/fairly at risk of ‘someone accessing their online accounts without their permission’
• 37% reported that they feel very/fairly at risk of ‘someone accessing their personal devices without their permission’

Figure 2: Perceptions of risk of cyber crime

Q: How much, if at all, do you personally feel at risk from each of the following?

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Notes:

1. Combined figures reported above differ slightly from this figure due to weighting and rounding.

The polling also asked respondents about their level of concern for cyber crime against organisations and infrastructure in Great Britain:

• 70% reported that they are very/fairly concerned at the possibility of cyber crime against national infrastructure
• 64% reported that they are very/fairly concerned at the possibility of cyber crime against UK government agencies (for example, HM Treasury, Home Office, Ministry of Defence)
• 58% reported that they are very/fairly concerned at the possibility of cyber crime against UK-based businesses
• 56% reported that they are very/fairly concerned at the possibility of cyber crime against local authorities (for example, local councils)
• 49% reported that they are very/fairly concerned at the possibility of cyber crime against UK-based charities

3.2 Victimisation

When respondents were asked about whether they had been a victim of cyber crime and fraud at any point in their lives, the most common crime types were devices being infected with a computer virus or malware, and unknowingly buying fake or counterfeit goods online, or online purchases not arriving. The most common place for respondents to report their victimisation was their bank, with less than 10% reporting to the police or Action Fraud.

For national statistics of victimisation over the last 12 months, please refer to findings from the CSEW (Statistics will likely differ between the 2 data sets due to different methodologies and question wording).

For cyber crime offences, over two-fifths (42%) of respondents stated their devices had been infected with a computer virus or malware. A quarter (25%) reported that someone had accessed their online accounts without their permission, and 12% reported that someone had accessed their personal devices without their permission.

Figure 3: Cyber crime victimisation

Q: Have you ever been a victim of the following?

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

For fraud offences, over a third (35%) of respondents had unknowingly bought fake or counterfeit goods online or made online purchases that had not arrived. A fifth (22%) reported that they had money stolen from their bank account, and 12% reported they had been tricked or deceived into giving or donating money or goods to an organisation or person^{[footnote 3]}.

Figure 4: Fraud victimisation

Q: Have you ever been a victim of the following?

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Respondents were asked about reporting the most recent cyber crime or fraud incident that they had experienced. For almost half of respondents (49%), the crime occurred over 3 years ago, while only 3% experienced a crime in the last month.

When asked whether they had reported this most recent incident, 36% stated that they did not report the crime at all. The most common place to report was to the bank (39%), with the next most common being to a social media company (9%). Less than one in 10 respondents reported to the police (8%) or Action Fraud (7%).

When asked the extent to which the victimisation affected them, two-fifths of respondents (41%) felt that this affected them a great deal / fair amount. Conversely, over half (56%) reported that they were not affected very much / at all.

3.3 Cyber security, protective behaviours and awareness of reporting mechanisms

The vast majority of respondents considered cyber security a high priority, and most reported using at least one protective behaviour. Reporting suspicious emails or texts was the least likely behaviour to be reported, which aligns with low awareness levels of where to report cyber crime and fraud.

The polling included several questions around behaviours relating to cyber security and awareness of reporting mechanisms. Four in 5 (80%) said cyber security is a fairly or very high priority for them personally, with 44% saying that it is a ‘very high priority’.

For a small proportion, the risk of cyber crime influences their behaviours online. Respondents were shown a list of online behaviours and asked if they had avoided any of them within the last 3 months due to concern about cyber crime. The percentage of people who had avoided an online behaviour ranged from 7% for avoiding online banking, streaming music or videos from reputable sources and using dating websites/apps, to 17% for avoidance of creating an online account. Several people also reported that the actions did not apply to them (for example, about three-quarters of people (74%) said they never used online dating or apps).

Most respondents (68%) claimed they used a separate password for their main personal email account. However, the eldest age group was significantly more likely to say they did this than younger age groups (82% of those aged 75 and over compared with 65% of those aged 25 to 34 and 53% of those aged 16 to 24).

Respondents were also shown a list of other protective behaviours they could use while online and asked how regularly they used each of these. The highest reported protective behaviour was the use of a password/PIN to unlock their smartphone or tablet, with 87% saying they always/often do this. This was followed by installing the latest software and app updates when available (72% said they always/often do this). Half (49%) reported that they always/often use 2-factor authentication wherever possible and a similar percentage (46%) reported that they always/often back up their data.

Figure 5: Protective behaviours

Q: How regularly, if at all, do you do the following?

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Notes:

1. Combined figures reported above differ slightly from this figure due to weighting and rounding.

Of the list of behaviours, respondents were least likely to say that they always/often reported suspicious emails to report@phishing.gov.uk (9%) or texts to 7726 (7%). This is likely to be at least partly driven by low awareness levels of where to report cyber crime or fraud. When asked about awareness of reporting services, only 10% stated that they knew a great deal / fair amount about report@phishing.gov.uk and 6% knew a great deal / fair amount about Text 7726. Similar levels of awareness were also reported for Action Fraud (10% knew a great deal / fair amount) and the National Cyber Security Centre (NCSC) (8% knew a great deal / fair amount).

3.4 Confidence in UK government and law enforcement to protect the public and respond to cyber crime and fraud

Public confidence in the ability of the UK government and law enforcement to protect the UK from cyber crime and fraud is low, with over half of respondents stating that they are not very/at all confident on all questions.

Respondents were asked about their confidence in the ability of the UK government to protect the UK from both cyber crime and fraud^{[footnote 4]}. Confidence was relatively low for both crime types with around 43% reporting they are very/fairly confident for cyber crime and 37% for fraud.

Figure 6: Confidence in UK government to protect the UK from cyber crime

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Notes:

1. Combined figures reported above differ slightly from this figure due to weighting and rounding.

Figure 7: Confidence in UK government to protect the UK from fraud

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Confidence in the police and law enforcement to respond to cyber crime and fraud was also low. A third (32%) reported that they are very/fairly confident in the police and law enforcement to respond to cyber crime, while 36% say they are very/fairly confident in their response to fraud.

Figure 8: Confidence in UK law enforcement to respond to cyber crime in the UK

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

Figure 9: Confidence in UK law enforcement to respond to fraud in the UK

Base: All adults aged 16 to 75 in Great Britain (2178); Fieldwork dates 18 to 24 August 2022.

1. Panellists receive points for each survey completed, which can be exchanged for vouchers for a variety of retailers once a threshold is met. The incentive panellists receive is determined by the combination of surveys they complete and amongst other things, survey complexity and topic. ↩

2. Participants were given instructions indicating that these questions related to cyber crime and online fraud – “The next few questions will ask about specific types of cyber crime, as well as other types of online fraud. Online fraud occurs when a person acts dishonestly, with the intent of making a gain (often financial), at the loss of another.” ↩

3. Participants were given instructions indicating that these questions related to cyber crime and online fraud – “The next few questions will ask about specific types of cyber crime, as well as other types of online fraud. Online fraud occurs when a person acts dishonestly, with the intent of making a gain (often financial), at the loss of another.” ↩

4. Participants were given instructions indicating that these questions related to cyber crime and fraud – “Cyber crime involves gaining unauthorised access or causing damage to computer systems, internet-enabled devices, or the information held on those devices. Fraud is defined as a person acting dishonestly, with the intent of making a gain (often financial), at the loss of another. Examples include phishing, someone obtaining your plastic card, cheque or bank account details to steal money from your account or being asked to make upfront payments for goods or services that do not materialise.” ↩