Meeting of the Parliament 17 December 2025
I join other speakers in thanking the members of the Criminal Justice Committee for allowing this debate to take place and, more important, for undertaking detailed scrutiny of this important issue. Audrey Nicoll comprehensively set out the breadth of issues that are covered in the report, which leaves little doubt about the amount of work that will need to be done to address the many and various challenges going forward.
Cybercrime often leaves victims, whether they are individuals or organisations, harmed in profound and lasting ways. Were we in any doubt about that, the subject of the item of business that preceded this debate should have dispelled that. Abuse by grooming gangs is a horrific exemplification of that, reflecting the way in which online harms are, as Maggie Chapman said, very real.
Those who have been the target of cyber-enabled fraud can lose their life savings and have their personal data harvested. The convener of the Criminal Justice Committee rightly pointed to the fact that, these days, data harvesting is often more of a motive for perpetrators than cash. Individuals who are subjected to the non-consensual distribution of private sexual images face enduring trauma, and companies whose online systems are compromised by hackers can be held to ransom and lose decades of work and the trust of customers.
Katy Clark and Audrey Nicoll spoke about the extent of cybercrime and the fact that large organisations can find themselves being subjected to millions of attacks over the course of a month. The investment that businesses put into IT departments to try to brace against those attacks has a cost. However, Maggie Chapman is right that, although businesses may be most at risk and most in need of resilience being put in place, all organisations in the public, private and third sectors need to have resilience.
Much of the crime is not new, but technology is allowing it to be carried out in a different and more effective way and to target a wider cohort of potential victims. The growing use of AI and other emerging technologies means that that trend is set to continue and get worse, as Sharon Dowey rightly said.
How do we rise to meet those growing challenges? More focus by the Parliament—including the type of inquiry that the Criminal Justice Committee carried out—is a start. If we, as legislators, are to put in place appropriate and robust safeguards and protections, we need to develop a detailed understanding of what is happening and how that is likely to change.
The nature of these issues means that we will require a collaborative working approach between Parliaments and Governments, not just here, in the UK, but internationally. As I said, building greater cyber resilience into systems and networks across the public, private and third sectors is crucial, and we need to continually raise awareness among the public of the risks and how to minimise them.
The scale of the challenge is shown by the fact that cyber-enabled fraud is estimated to account for nearly half of all frauds in 2024-25. The committee heard that, perhaps unsurprisingly, that type of crime increasingly targets more vulnerable groups, including the elderly. The demographic trend of an ageing population and the pace at which technological change is happening are creating a perfect storm. Perpetrators evolve and adapt their techniques and tactics, making the work that is done by Police Scotland, community organisations and others through public awareness campaigns exceptionally difficult. We are dealing with the ultimate moving target. That is why the Scottish Liberal Democrats have been clear in calling for Police Scotland to have enhanced support in the area and to be given the tools that it needs.
I am grateful to the Scottish Police Authority for its briefing, which sets out many of the ways in which Police Scotland has sought to invest and adapt to the changing challenge. I suspect that, during the past decade, when there has been a bit of an obsession with officer numbers—for reasons that I understand—we have perhaps lost sight of the debate that we need to have about the types of skills and resourcing that policing requires now and into the future. Staying one step ahead of organised crime gangs and other types of criminals is not straightforward, but our police and, indeed, our entire criminal justice system need to be given a fighting chance. Others have pointed to the need for resourcing to enable that.
As an islander, I was interested in, although not surprised by, the evidence that Jude McCorry of the Cyber and Fraud Centre gave on how island communities are at a particular risk of being left without food supplies due to cyberattacks on supermarkets and supply chains.
As we try address the digital divide, we recognise that the digital space is levelling the playing field and opening up access to services in a way that is hugely beneficial, but at the same time it expands the risk of individuals and organisations being susceptible to becoming victims of fraud. As somebody who represents an island community, I see that very clearly. If we are to continue to move towards the modernisation of critical services, which is clearly necessary, we must be prepared to address the myriad of cybersecurity risks that will accompany that process.
It would be remiss of me not to return to the growing issue of online sexual violence and abuse, which has been amplified by the availability of deepfake technology and other generative AI tools, and which disproportionately impacts young women and girls. That issue has been driven largely by the rise in toxic masculinity in our society—Katy Clark made that point—and it will therefore require reform on a systemic level. Education will be key to changing attitudes, but there will also be a role for industry to play. Technology companies should not be given free rein to introduce new tools, systems or platforms into the market unless they have been built with safeguarding and responsibility in mind. Regulators must be proactive while also making clear the responsibilities and obligations on technology companies that operate in that space.
As a former member of the Criminal Justice Committee, I do not want to tell its current members what they should be doing, but it could recommend in its legacy report that future committees should return to the issue regularly. Putting my convener’s group hat on for a second, I note that it is also an issue that would benefit from cross-committee working.
For now, I thank Audrey Nicoll and the members of the committee for allowing this debate to take place. We will need to do more work on the subject, but this has been a decent start.