Police 100 Times More Likely Than Average Person to Be Convicted of Cybercrime

Police officers and police staff are 100 times more likely to be found guilty of a cybercrime than the average person, Novara Media can reveal. 

In 2024, officers and staff who had misused police databases made up 42% of all cybercrime convictions, despite being only 0.4% of the UK population. 

A spate of police offences were prosecuted in the first half of the year; between January and June, police officers and staff made up an astounding 53% of all cybercrime convictions. 

This is according to an analysis by Novara Media of the Cambridge Computer Crime Database (CCCD), which has been tracking cybercrimes where the offender or alleged offender has been arrested, charged and/or prosecuted in the UK since January 2010. 

Most police cases involve officers and staff illegally obtaining sensitive information stored on official computer systems. 

Entries into the CCCD, detailed by Cambridge Cybercrime Centre director Alice Hutchings, include a corrupt police intelligence analyst who tipped off a drug dealer that an encrypted messaging network used by criminals had been infiltrated by law enforcement, disrupting countless active international police investigations.

In another case, the girlfriend of a gang member got a job with the police and started a relationship with a colleague, who she then enlisted to help steal data that identified witnesses who had testified against her imprisoned partner.  

In a recent report entitled Police Behaving Badly, Hutchings, who is also a professor of emergent harms at the University of Cambridge, says that although these cases are particularly shocking, they’re not atypical. She told Novara Media, “there does seem to be some perception that it’s okay to misuse access.

“A lot of this does seem to be opportunistic, in the sense that police officers have access and they think that they can use it and not get caught.”

Frequently, cases involve male officers obtaining the details of women – often those who are vulnerable and in crisis, or current and former partners – for “surveillance, stalking or spying” purposes, the report found.  

This “highlights larger social problems of toxic masculinity, power and control”, Hutchings writes, pointing out that cybercrimes often occur alongside “real-world violence, sexual abuse and coercion”.  

In February of this year, ex-armed royal protection officer Mark Cranfield was jailed for eight months after being found guilty of two counts of misconduct in public office and a computer misuse offence. Cranfield used police systems to find the personal details of a victim of revenge porn, who he went on to harass in an attempt to start a relationship with her. 

In 2023, former Lancashire Police sergeant Justin Fraser received a 21-month sentence for using police computer systems to stalk a junior colleague. Fraser checked on the female colleague’s location 178 times. In the same year, former South Wales police officer Richard Helling was jailed after misusing computer systems to target four female crime victims for his own sexual gratification. And Merseyside Police officer Adam Hoyle received a four-year sentence for accessing computer data without authorisation and abusing his position to pursue sex with vulnerable women who had reported domestic and sexual violence.

Hutchings stresses that a perception of impunity is not unique to police officers and staff but common across this type of crime. “Typically, cybercrime offenders believe that they’re not going to get detected,” she said. “So even if the punishment might be particularly severe – and for police this means losing their job, losing the trust and esteem that people have for them, being prosecuted and potentially going to prison – that’s not really factored in because they just don’t believe they’re going to get caught.”

Hutchings says there are a number of possible explanations for the overrepresentation of police officers in CCCD data – one being that internal abuse seems to be rife, “perhaps enabled by a toxic police culture”. Another is that police offenders are more visible and it is relatively simple for police forces to look into instances of their own staff misusing databases. 

“What we can take away is that police agencies are actually prosecuting police for misuse,” Hutchings said. “And what I suspect is that there’s a huge amount of other types of misuse going on within the private sector and the public sector that is not being prosecuted. 

“I think there’s a lot of hesitation for companies to make it known that their employees are misusing access because their customers don’t want to find out about this, and so it’s probably a lot more rampant than what we suspect.”

Although some of the cases cited in Hutchings’ paper could easily be the plot summaries of Hollywood thrillers, many cybercriminals are “low skilled”.

“What we tend to find is that many cybercrime offenders are very low skilled, and I think it’s the same here with the police misuse,” Hutchings says. “They’re misusing the legitimate access to the police systems. It does not take a lot of skill for somebody to do things that can cause a huge amount of harm.”

As seen in the case of the police employee who tipped off a drug-dealer friend about Operation Venetic – a National Crime Agency-led investigation into the UK takedown of the encrypted communications platform EncroChat – Hutchings argues that weakening encryption to allow for police access doesn’t always have the desired effect. The intelligence gained in this manner can and has been misused. 

“What [the police] will say is that we need more access to encrypted communications,” Hutchings says. “This is not ideal in that they have had access to encrypted communications and it hasn’t gone well with EncroChat.

“What they need is to do some really mundane work around cybercrime. That doesn’t mean hoovering up all of the world’s data, or all of the UK data, but it means more ability to work with the National Crime Agency.” 

It’s also important to highlight the impact of austerity and cuts to police budgets on forces’ ability and willingness to investigate cybercrime cases, which now, along with both online and offline fraud, make up almost half of all crime against individuals in England and Wales. Hutchings believes that the charges and/or prosecutions tracked by the CCCD only represent “the tip of the iceberg” in terms of the true scale of cybercrime. 

“I suppose one of the reasons is that it’s really difficult in the UK to report a cybercrime – and the police don’t have good data,” Hutchings says. “Very few cases of cybercrime are identified and reported – of these very few are investigated and even fewer result in charges. 

“We do know from victim surveys that cybercrime now accounts for about half of all property crime, but it certainly does not account for half of all property crime prosecutions.”

Hutchings goes on to warn that the answer to this apparent crisis in police-perpetrated cybercrime should not be to ‘sweep it under the carpet’. “What I’m afraid of is that [the police] will get bad press and not prosecute. I think they should continue prosecuting and that they need more resources to prosecute other types of cybercrime as well.”

Additional reporting by Charlotte England.