A preliminary study by researchers at the University of Strathclyde has highlighted the growing role banks, charities and other organisations play in supporting victims of cybercrime in Scotland.

The research explored how victims respond to cybercrime in Scotland and Italy and suggests many Scots affected by cybercrime who took part in the sample survey seek help from ‘responsibilised non-policing agencies’ – organisations which increasingly play a role in supporting victims and handling reports traditionally associated with policing.

Digital attacks

Researchers said this risks making it harder for police to build a clear picture of the scale of the problem, which includes illegal activity involving computers, the internet or network devices. Cybercriminals commit identity theft, initiate phishing scams, spread malware and instigate other digital attacks.

The study compared cybercrime reporting behaviour in Scotland and Italy, as neither country has a centralised reporting system. It examined 11 Scottish organisations, four Italian organisations and surveys from 287 victims of cybercrime across both countries. Among survey participants, researchers found that Scottish victims preferred reporting to banks rather than the police, while Italian victims were more likely to contact the police directly.

'The Role of Responsibilised Non-Policing Agencies in facilitating Italian and Scottish Cybercrime reporting’ study, which has not yet been peer reviewed,‘ was published on the Zenodo open research repository. Researchers say the findings align with a wider trend where preventing and responding to cybercrime is increasingly shared between individuals, businesses and third-sector organisations rather than solely by the state.

Stolen money

Among Scottish participants, many victims said they reported incidents to banks primarily to recover stolen money, while others avoided police because they believed reporting would be stressful or ineffective.

It also found that some vulnerable groups, including older people, can be reluctant to come forward because of the stigma associated with cybercrime victimisation.

The researchers also found that Scottish organisations working with cybercrime victims believed reporting could be improved through greater public awareness, simpler online reporting systems, improved information sharing and reducing the shame associated with being targeted by scams.

Dr Juraj Sikra, co-author of the study and a former PhD researcher at Strathclyde, said: “Victims often blame themselves for falling for scams and removing the stigma around cybercrime victimisation is crucial if police forces are to understand the true scale, and respond effectively.

Our research suggests that many victims in Scotland feel more comfortable approaching banks and charities than reporting directly to the police. While these organisations provide valuable support, under-reporting can make it harder for law enforcement to identify patterns and tackle cybercriminal activity.

“The study is a first step towards understanding the issue, and exploring how cybercrime reporting could be improved by closer collaboration between technical experts, charities, businesses, police and researchers, as well as stronger international cooperation to share learning across countries.”