Cybercrime investigation: Exploring the factors behind case losses

Research Institution / Organisation

University of Portsmouth

Principal Researcher

Erjon Cibaku

Level of Research


Project Start Date

September 2018

Research Context

Following the line that the estimation of an attrition rate serves as an indicator of the efficiency of the Crimal Justice System (CJS), Jehle (2012) and Chopin and Aebi (2018) argue that it is critically important when studying attrition for a crime to explore and expose the factors influencing attrition at each stage, thus raising awareness of the barriers to a more effective CJS and allowing reflection on potential future improvements.

In 2016, following the publication of data by the Office for National Statistics (ONS) about cybercrime and fraud, concerns arose about the level of attrition in the reporting process. Only 12% of cybercrimes were reported to Action Fraud during this timeframe (Action Fraud, 2016). These statistics point towards gross shortcomings in reporting these crimes. Another study shows that, even when crimes are reported to Action Fraud, the agency’s response is significantly low, with only 2% of cases being taken to the next stage (Scholes, 2018). With regard to investigations and prosecutions, Walls (2013) argues that the conviction rate should be low. He refers to the prosecution numbers under the ‘Computer Misuse Act, 1990’ in the first 15 years following its introduction. There were only about 200 prosecutions under this act during this period, which is very low indeed when compared to the 212,101 new malicious code threats to a cyber-security group called ‘Symantec’ in the first half of 2007 alone (Symantec, 2007). Also, in 2019, the Home Secretary commissioned Her Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (HMICFRS) to carry out an inspection of the police response to cyber-dependent crime. Out of 103 cases investigated, 80 had been finalised with no further action being taken, and only three had resulted in a charge or caution (HMICFRS, 2019).

Attrition for cybercrime occurs across every stage of the criminal justice process: in the reporting, recording, investigating, and prosecuting phases. According to the statistics cited above, attrition rate for cybercrime is high, and the response of the UK CJS is limited, which raises important questions about the role of the combined agencies of the CJS – the police, prosecution services, and courts – and their centrality in tackling, preventing and reducing cybercrime.

While attrition occurs at each stage of the criminal justice process, and each of these areas is worthy of attention, this study is focused on attrition during the process of investigating cybercrimes. This phase is argued to be where most of the problems lie and the technical challenges that distinguish investigating this type of crime, compared to other types, are manifested.

Thus, the objective of this thesis is to explore the factors influencing attrition rates during the investigation part of the criminal justice chain, in order to raise awareness of the barriers to a more effective CJS, inform policy makers, and reflect on potential future improvements.

Research Methodology

Research paradigm: This research is found on pragmatic platform. It employs a mixed method approach. While it uses numerical data and statistics to identify where the problem is, it uses qualitative data to understand how and why such problems exist.

Research strategy: Pragmatism allows the approach to the research strategy to be guided solely by the research questions and the adoption of methods that would yield appropriate data to answer these, rather than placing methodological constraints upon the methods to be employed (Morgan, 2014). The research questions of this project are framed as exploratory lines of enquiry, examining the nature of the challenges to an effective cybercrime investigation, and the strategies and practices employed by some forces to overcome these.
Therefore, given the complexity of the subject matter, the limited extent of previous research, and the exploratory nature of the questions, which would be difficult to answer with numerical data, it is considered to adopt a research strategy focused on qualitative data.

Primary method: semi-structure interview

  • Type of data collected: qualitative data

  • Who are the interviewees (target participant group): Police practitioners from Cyber Crime Unit that investigate cybercrime cases.

  • Level of policing: local police forces; regional units; and, National agency (NCCU).

  • Number of interviewees per force (unit): 2-3

  • Rank: Detective Constable; Detective Sergeant;

  • Total number of interviewees target: 20-25 participants

  • Interview Time: 45mins to 1 hou.

  • Place: Online (via any preferable platform: Zoom; Microsoft Teams; Webex; Google meet)

Type of data collected from the interviewees:

Overall, the data collected from the interviews aim to cover:

  1. Details on what actions are taken in investigating a cybercrime (understanding investigative stages).

  2. Priorities, policies, and practice on the ground.

  3. Barriers and obstacles they come across in general, the methods they apply and how they attempt to overcome them

  4. Most popular reasons and the basis for their decision to drop the cases. 

  5. Potential improvements in the practices.

This study uses thematic analysis method to analyse collected data.  Computer Assisted Qualitative Data Analysis Software (CAQDAS) will be used to manage the data throughout the coding and analysis function using Nvivo software.

The key findings of the study will be communicated to the participants and the gatekeepers if they wish.

Date due for completion

March 2022
Return to Research Map