Between 2008 and 2014, there were over 700 prosecutions under the Computer Misuse Act.
Revealed under a Freedom of Information Act request by Cordery, there were 702 prosecutions by the Crown Prosecution Service (CPS) in a six year period for the four charges of: unauthorised access to computer material; unauthorised access with intent to commit or facilitate the commission of further offences; unauthorised acts with intent to impair, or with recklessness as to impairing, the operation of a computer; and making, supplying or obtaining articles for use in the above-mentioned three other offences.
Information was not given on the final outcome, or whether the charge was the final charge maintained is not provided, nor is it known if any matters went higher to the Crown Court. However Cordery said that the CPS confirmed that they had prosecuted all four offences, with 460 prosecutions for “unauthorised access to computer material”. Making, supplying or obtaining articles for use in the above-mentioned three other offences is the least prosecuted offence with mostly either 0 annual prosecutions or just one annual prosecution.
In 2013 there was a total of 218 prosecutions for all four offences.
All of these offences are sanctioned by imprisonment or fines, with unauthorised access to computer material carrying a penalty of up to one year in prison or a maximum fine of £5,000 at the (lower) Magistrates’ Court level, and up to two years in prison or an unlimited fine at the (higher) Crown Court level.
Jonathan Armstrong, partner at Cordery, told IT Security Guru that the figures work out at around two prosecutions a week. “I think this is significant,” he said. “Bear in mind that these are offences serious enough to be prosecuted and presumably where the CPS think they have enough evidence to get a conviction. Clearly that’s more activity than people think.”
Asked if he felt that this demonstrated how much the police were taking cyber crime seriously, Armstrong said he did, especially given how much the police have on with things like Operation Ore, it does show that resources are being put behind this.
“I don’t think there’s a change likely with the new EU data rules save that (on current proposals) breaches will reported more promptly,” he said. “This could mean more breaches reported but in my view could hamper some investigations since the bad guys may also know sooner.”