Meeting of the Parliament 17 December 2025
I thank the clerks and the witnesses who gave evidence on which to draw up the report, which I found very interesting. Onlookers might not find the subject matter interesting, but I do. The inquiry drew to my attention the importance of the Criminal Justice Committee taking time to tackle the issue.
The current levels of cybercrime are around double pre-pandemic levels. We are living more of our lives online, and our children are therefore more exposed to the risk of cybercrime. In fact, cybercrime is one of the most serious threats to national security. If anyone has the chance to watch the “Panorama” programme, it is definitely worth doing so—it is actually quite scary.
Cybercrime is usually associated with data theft and ransomware, but it also includes offences such as child abuse and human trafficking. Its growth does not just affect large corporations—as Maggie Chapman and others have said, small businesses are commonly targeted, as they tend to have weaker defences.
Davy Russell made an important point about intimate image-based abuse, which is an area that I have been doing work in. The rise in the number of deepfakes is alarming, particularly in relation to pornography. It is very important that we are vigilant and legislate accordingly.
I welcome Police Scotland’s recent establishment of the cyber and fraud unit. The pressure on Police Scotland to investigate crime that is increasingly complex due to a cyber or digital component is greater than ever. It is also extremely important that we have the relevant expertise in our National Crime Agency to be able to deal with it, because there are clever people behind such crimes, as we know.
Last month, the chief constable, Jo Farrell, told the Criminal Justice Committee that there has been
“an increase in the use of cyber to commit crime, including fraud”.
She also noted that money laundering was on the rise—I was surprised that people still use money. In a cashless economy, the greater threat is to vulnerable individuals, as many members have talked about, and to the economy itself.
The chief constable also noted that there has been a dramatic rise in reports of online abuse of children. She said that, last year, Police Scotland
“received just in excess of 700 notifications in relation to suspicions, information and intelligence about online harm relating to children. In one year, that number has increased to nearly 1,500.”—[Official Report, Criminal Justice Committee, 5 November 2025; c 28.]
She went on to say that we are seeing online-enabled violence against young people.
Online child abuse takes many forms, but it can include sexual exploitation, grooming—as we know—and communication with children for sexual purpose. It also includes sexting and cyberbullying.
The most common type of cybercrime remains ransomware attacks, which Rona Mackay talked about. There is a type of malware that prevents people from accessing their device and the data that is stored on it, and it works by encrypting their files. An astonishing number of companies have paid a ransom in such circumstances, although they might not say that they have done so. Miles Bonfield from the National Crime Agency said at a Criminal Justice Committee meeting earlier this year:
“Ransomware that is used for financial gain remains the foremost serious organised crime cyberthreat to the whole UK, including Scotland.”—[Official Report, Criminal Justice Committee, 14 May 2025; c 4.]
There were an estimated 19,000 attacks on UK businesses last year, and the typical ransom demand was about £4 million. The incident that is probably familiar to most people is Marks and Spencer falling victim to an attack, with hackers managing to blag their way into the system in, as we now know, quite a simple way. The company’s online store closed for seven weeks and the incident reportedly cost it more than £300 million in lost profits. Marks and Spencer will not say whether it paid the ransom. However, in all likelihood, it did, because reports tell us that 25 per cent to 30 per cent of companies pay the ransom. It is therefore a profitable crime. There is now debate about whether outlawing ransom payments, especially from public bodies, is the right thing to do. Ransomware attacks are one of the most difficult and challenging crimes to investigate, but they are also one of the most profitable for criminals. Early detection is important, as, once files are locked by hackers, it is extremely difficult for anyone else to unlock them.
The scale of the threat is staggering. Chris Ulliott from NatWest came to speak to the committee this year. He said that an average of
“about 100 million attacks per month ... try to break past the organisation’s defences.”—[Official Report, Criminal Justice Committee, 14 May 2025; c 6.]
That figure of 100 million attacks a month is quite scary.
Ransomware is also a national security threat. We cannot lose sight of the fact that it is a borderless crime. Many of the hackers are based in Russia or in states that were previously part of the Soviet Union. In 2022, a Russian-speaking hacker called Cl0p breached the security of South Staffs Water, which provides drinking water to 1.7 million members of the public. That is one of the cases that is covered by the “Panorama” programme, which showed a graphic representation. It was believed that there was a serious threat that could have resulted in the poisoning of the water. Of course, the water company said that that would not be possible, but it is still worth studying the case as an example of how serious such threats can be.
This year, in West Lothian, a group going by the name of Interlock attacked 12 schools, stealing data, including personal and sensitive data. It is unclear whether we are ready for a cyberattack that targets Scotland’s public bodies and other vital services, but the message is clear that we need to be. Two years ago, the UK Parliament’s Joint Committee on the National Security Strategy warned that critical infrastructure in the UK is vulnerable to ransomware. Its report warned that the UK is unprepared for the high risk of a
“catastrophic ransomware attack”
that could
“cause severe disruption to the delivery of core Government services, including healthcare and child protection”
and
“bring the UK to a standstill”.
The digital space is growing rapidly. It is a growing frontier of crime, and Scotland needs to be better prepared to tackle the dangers presented. I believe that the importance of the Criminal Justice Committee’s report is obvious. I am sure that, when future Parliaments look back in years to come, the report’s existence will show how important it was to do that work.
16:53