North West UK Cyber Crime Statistics

North West UK Cyber Crime Key Insights

• Cyber crime is driven by two clear strategies: scale vs value – High-volume categories like consumer (39.1%) and cyber dependent (25.1%) dominate report counts, while investment fraud (35.5% of losses) drives the largest financial impact. This shows attackers are balancing mass targeting with high-value precision attacks.
• Consumer fraud is the engine of cyber crime activity – With 10.9k reports (39.1%), consumer fraud is the most common entry point. It relies on everyday digital behaviour, like shopping, emails, social platforms, making it both scalable and difficult to detect.
• Access-based attacks underpin the wider threat landscape – Cyber dependent crime accounts for 7k reports (25.1%) but only 0.3% of losses, reinforcing that gaining access (accounts, systems, credentials) is often the first step, not the end goal.
• Financial damage is concentrated in fewer, more targeted attacks – While most incidents are low-value, categories like investment fraud (£18.9k per report) show that a small number of successful attacks generate disproportionate losses.
• Organisational risk is underreported but high impact – Corporate (0.6%) and public sector (0.1%) figures appear low, but evidence suggests this reflects reporting structures rather than true exposure, with incidents often more complex and financially significant.

Individuals

• Working-age adults are the primary target group – The 30–39 age group leads (20.5%), with 20–59 collectively accounting for the majority of reports, reflecting high digital activity and financial engagement.
• Younger individuals are targeted frequently but lose less per incident – Groups like 20–29 (16.7%) experience high volumes but relatively lower loss per report (£1.6k), indicating broad, lower-value attacks.
• Financial losses increase significantly with age – The 50–59 (£24m, 30.2%) and 60–69 (£16.4m, 20.7%) groups absorb the largest losses, showing a shift towards higher-value targeting as financial assets increase.
• Older individuals face fewer attacks but higher impact per case – The 90–99 group averages £11.5k per report, the highest across all ages, highlighting targeted, high-impact fraud despite low volume.
• Cyber crime exposure is linked to digital and financial behaviour, not just age – The data shows a clear pattern: the more active and financially engaged the individual, the higher the risk of both attack and loss.

Organisations

• Financial processes are the primary attack surface for businesses – Banking (42.8% of reports, £6.5m losses) and consumer fraud (42.2%, £5.4m) dominate, showing attackers are targeting payments, invoices, and transactions rather than systems alone.
• Limited companies carry the bulk of organisational risk due to scale – At 74.4% of reports and 66.6% of losses (£10.5m), limited companies are the most exposed, reflecting their volume, activity, and digital reliance.
• PLCs experience fewer attacks but significantly higher losses per incident – With £17.9k per report, PLCs are subject to more targeted, high-value attacks, indicating a shift towards precision over volume at the top end.
• Investment fraud delivers the highest financial impact per incident – At £132k per report, investment fraud is the most damaging category, demonstrating how a single successful attack can outweigh dozens of smaller incidents.
• Cyber dependent crime enables attacks but rarely delivers direct financial loss – With just £333 per report, it reinforces its role as an access vector, enabling more lucrative fraud rather than generating value itself.

North West UK Cyber Crime Statistics Breakdown

Crime Types

By report volume

Insights for Report Volume

• Consumer fraud dominates because attacks are built for scale and volume – At 39.1% of reports (10.9k), consumer crime is the largest category by a clear margin. Across the North West, where digital engagement is high across urban and suburban populations, criminals leverage email, online marketplaces, and social platforms to reach large audiences efficiently. This reflects industrialised fraud operations designed to maximise reach rather than target individuals.
• Cyber dependent crime shows that technical access remains the backbone of modern attacks – Representing 25.1% of reports (7k), cyber dependent offences highlight the continued importance of hacking, malware, and account compromise. These attacks are often the entry point for wider criminal activity, reinforcing that gaining access to systems and credentials is still the primary objective before any financial exploitation occurs.
• Advance fee fraud continues to perform because it relies on low-cost, repeatable tactics – At 16.6% of reports (4.6k), advance fee scams remain a persistent threat. Delivered at scale through email and messaging platforms, these attacks exploit urgency and trust without requiring technical sophistication. Their continued prevalence shows that simple tactics, when widely distributed, remain highly effective.
• Banking and investment fraud are less frequent but more financially intentional – Banking (12.3%, 3.4k) and investment fraud (6.4%, 1.8k) account for a smaller share of reports but are clearly aligned with direct financial targeting. In the North West, this reflects a shift towards more deliberate attack strategies, where criminals prioritise financial gain over sheer volume.
• Low corporate and public sector reporting understates organisational exposure – Corporate (0.6%) and Public Sector (0.1%) reports appear minimal in comparison. However, this likely reflects reporting behaviour rather than actual risk levels. Organisational incidents tend to be fewer but more complex and higher impact, meaning the true level of exposure across businesses and public bodies in the North West is likely higher than reported figures suggest.

By financial losses

Insights for Financial Losses

• Investment fraud dominates financially because attacks are designed for high-value outcomes rather than volume – At 35.5% of total losses (£33.8m) and an average of £18.9k per report, investment scams generate the greatest financial damage. Across the North West, this reflects deliberate, targeted activity, where criminals focus on fewer victims but significantly higher returns.
• Banking and consumer fraud combine scale with substantial financial impact – Banking (27.4%, £26.1m) and consumer fraud (27.4%, £26.1m) together account for over half of total losses. However, their profiles differ: banking shows a higher loss per report (£7.6k), while consumer fraud operates at scale with lower individual losses (£2.4k). This highlights two parallel strategies: volume-driven fraud and transaction-focused targeting.
• Advance fee fraud remains widespread but comparatively lower in financial impact – At 8.5% of losses (£8.1m) and £1.7k per report, advance fee scams continue to generate steady returns for criminals. Their effectiveness lies in repeatability and low effort, rather than high-value targeting.
• Cyber dependent crime shows high volume but minimal direct financial return – Despite representing a significant share of reports, cyber dependent crime accounts for just 0.3% of losses (£294.8k), with an average of only £42 per incident. This reinforces its role as an access mechanism rather than a monetisation method, often enabling further fraud rather than generating immediate financial gain.
• Low-volume categories still carry disproportionate risk per incident – Corporate (£3.9k per report) and Public Sector (£4.8k per report) incidents appear minimal in total losses but carry meaningful financial impact when they occur. This reflects fewer but more targeted attacks, where successful breaches can result in significant disruption and cost.

North West UK Cyber Crime Statistics for Individuals

Crime Types

By report volume

Insights for Individual Report Volume

• Consumer fraud dominates individual targeting because it mirrors everyday online behaviour – At 38.7% of reports (10.1k), consumer crime is the largest category by a clear margin. Across the North West, criminals are exploiting e-commerce, marketplaces, and social platforms to blend attacks into normal activity. This reflects high-volume, low-friction fraud designed to reach as many individuals as possible.
• Cyber dependent crime highlights that account access is the gateway to wider exploitation – Representing 25.9% of reports (6.7k), cyber dependent offences show that phishing, malware, and credential theft remain central to individual attacks. These methods are rarely the end goal, instead acting as the starting point for broader fraud and financial compromise.
• Advance fee fraud continues to scale because it relies on trust rather than technology – At 17.8% of reports (4.6k), advance fee scams remain highly effective. Delivered through email, messaging apps, and social channels, these attacks exploit urgency, authority, and emotional triggers. Their persistence reinforces that human behaviour remains one of the most exploitable vulnerabilities.
• Banking and investment fraud are lower in volume but focused on financial outcomes – Banking (10%, 2.6k) and investment fraud (6.8%, 1.8k) account for a smaller share of reports but are clearly aligned with direct monetary gain. These attacks are typically more targeted and deliberate, prioritising transactions and account manipulation over mass outreach.
• Low corporate and public sector reporting reflects the individual focus of this dataset, not reduced exposure – Corporate (0.6%) and Public Sector (0.1%) reports are minimal within this view. However, this is due to reporting structure rather than actual risk levels, as organisational incidents are often captured through separate channels and tend to be higher impact when they occur.

By financial losses

Insights for Individual Financial Losses

• Investment fraud dominates financially because it targets high-value outcomes over volume – At 38.4% of total losses (£30.5m) and an average of £17.3k per report, investment scams generate the greatest financial damage among individuals. Across the North West, this reflects deliberate, high-value targeting, where criminals focus on fewer victims but significantly larger returns.
• Consumer and banking fraud combine scale with substantial financial impact – Consumer (26.1%, £20.7m) and banking fraud (24.7%, £19.6m) together account for over half of total losses. However, their approaches differ: banking shows a higher loss per report (£7.6k), while consumer fraud operates at scale with lower individual losses (£2.1k). This highlights a dual strategy of volume-driven fraud and transaction-focused targeting.
• Advance fee fraud remains consistent but lower in financial severity – At 10% of losses (£7.9m) and £1.7k per report, advance fee scams continue to generate steady returns. Their strength lies in repeatability and reach, rather than high-value outcomes, making them a reliable but less lucrative tactic for attackers.
• Cyber dependent crime plays a supporting role rather than a financial one – Despite high report volumes, cyber dependent crime accounts for just 0.3% of losses (£215.2k), with an average of only £32 per incident. This reinforces its role as an access mechanism, used to enable further fraud rather than generate direct financial gain.
• Low-volume categories still carry meaningful impact per incident – Corporate (£2.3k per report) and Public Sector (£6.9k per report) losses are minimal overall but show notable impact when incidents occur. This reflects targeted, less frequent attacks, where success can still result in disproportionate financial consequences.

Age Demographics

By report volume

Insights for Report Volume via Age Demographics

• Cyber crime is most concentrated among working-age adults because of high digital and financial activity – The 30–39 age group leads with 20.5% of reports (5.3k), followed closely by 20–29 and 40–49 (both 16.7%) and 50–59 (16.2%). Across the North West, these groups are the most digitally active and financially engaged, making them prime targets for a wide range of fraud types.
• Younger adults are heavily targeted due to high online engagement and exposure – At 16.7% of reports (4.3k), the 20–29 group represents a significant share of incidents. This reflects heavy use of social platforms, online shopping, and digital services, where many attacks are delivered and disguised as legitimate activity.
• Middle-aged groups show sustained exposure due to financial responsibility and transaction volume – Combined, the 30–59 age range accounts for over 50% of all reports, highlighting how individuals managing household finances, careers, and investments are consistently targeted. This group represents a balance of digital usage and financial opportunity, making them particularly attractive to attackers.
• Older age groups experience fewer reports but remain consistently targeted – The 60–69 group accounts for 12.4% (3.2k), with 70–79 at 9% (2.4k). While lower than younger groups, this still represents a significant volume of incidents, showing that cyber crime is not limited to digitally native users.
• Low reporting among the youngest and oldest groups reflects access and exposure differences – Minimal reports in 0–9 (0.2%), 90–99 (0.3%), and 100+ (0%) are driven by lower digital engagement and independence, rather than reduced risk entirely. These groups are less frequently direct targets but may still be impacted indirectly through family or shared access scenarios.

By financial losses

Insights for Financial Losses via Age Demographics

• Financial impact is concentrated in later working-age groups due to higher asset exposure – The 50–59 age group accounts for 30.2% of losses (£24m), followed by 60–69 at 20.7% (£16.4m). Across the North West, these groups typically hold greater savings, investments, and financial responsibility, making them prime targets for higher-value fraud.
• Losses increase significantly with age, reflecting greater financial value per victim – While younger groups generate higher report volumes, older individuals see higher loss per report, rising to £5.7k (50–59) and £5.1k (60–69). This shows a shift from volume-based attacks to value-based targeting as age increases.
• Younger adults experience frequent incidents but lower financial impact – The 20–29 group accounts for 8.6% of losses (£6.8m) with an average of £1.6k per report, while 30–39 sits at 10% (£7.9m) and £1.5k per report. These groups are highly targeted but typically involve lower-value transactions and exposure, limiting financial damage per incident.
• Older age groups face fewer incidents but disproportionately higher losses per case – The 90–99 group averages £11.5k per report, the highest across all age ranges, despite only 1% of total losses (£816k). This highlights how targeted attacks against older individuals can result in severe financial impact, even at low volumes.
• Minimal losses at the extremes reflect access and engagement rather than absence of risk – Very low figures in 0–9 (0%) and 100+ (0%) are driven by limited financial independence and digital activity, rather than immunity. Risk still exists but is often indirect or mediated through others.

North West UK Cyber Crime Statistics for Organisations

Crime Types

By report volume

Insights for Organisational Report Volume

• Banking and consumer fraud dominate organisational incidents because they directly target financial processes – Banking (42.8%, 830 reports) and consumer fraud (42.2%, 818 reports) together account for over 85% of all reported incidents. Across the North West, this reflects attacks focused on payments, invoices, and transaction flows, where businesses are most exposed operationally.
• Cyber dependent crime highlights the importance of system access in organisational attacks – Representing 12.3% of reports (239), cyber dependent offences show that hacking, phishing, and credential compromise remain key entry points. These attacks often act as the foundation for wider fraud, enabling access to financial systems and internal communications.
• Low advance fee and investment fraud volumes reflect a shift towards business-specific targeting – Advance fee (0.3%, 5 reports) and investment fraud (1.3%, 25 reports) are minimal in comparison. This suggests attackers are prioritising direct financial manipulation within business operations, rather than traditional scam formats.
• Corporate and public sector incidents appear low but likely underrepresent actual exposure – Corporate (0.7%, 14 reports) and Public Sector (0.6%, 11 reports) figures are small, but this is likely due to alternative reporting channels and classification differences, rather than reduced risk. Organisational attacks are often less frequent but more complex and higher impact.
• Attack patterns reflect a focus on financial systems rather than broad organisational disruption – The dominance of banking and consumer-related incidents indicates that attackers are targeting where money moves, rather than attempting large-scale system disruption. This highlights a shift towards precision attacks embedded within everyday business processes.

By financial losses

Insights for Organisational Financial Losses

• Banking fraud dominates organisational losses because it directly targets payment flows and transactions – At 41.2% of total losses (£6.5m) and an average of £7.8k per report, banking-related incidents generate the highest overall financial impact. Across the North West, this reflects attacks focused on invoices, supplier payments, and account manipulation, where money moves quickly and often with limited verification.
• Consumer fraud contributes significant losses through volume-driven attacks on business interactions – Representing 34.3% of losses (£5.4m) with £6.6k per report, consumer-related fraud remains a major contributor. These incidents often arise through customer-facing channels, online transactions, and impersonation, blending into normal business operations.
• Investment fraud is lower in volume but delivers exceptionally high losses per incident – At 20.9% of losses (£3.3m), investment fraud stands out with an average of £132k per report, the highest across all categories. This highlights highly targeted, high-value attacks, where fewer incidents result in disproportionate financial damage.
• Cyber dependent crime plays a minimal direct financial role but enables wider attacks – Despite being a known entry point, cyber dependent crime accounts for just 0.5% of losses (£79.6k), with an average of £333 per report. This reinforces its role as an enabler of access, rather than a primary method of monetisation.
• Low-frequency categories still carry significant financial impact when successful – Advance fee (£32.1k per report) and corporate incidents (£21.5k per report) show that even with low volumes, successful attacks can result in substantial losses. These figures reflect targeted, opportunistic attacks where impact outweighs frequency.

Business Types

By report volume

Insights for Organisational Report Volume via Business Types

• Limited companies dominate reporting because they represent the largest and most active segment of the business landscape – At 74.4% of reports (1.3k), limited companies account for the vast majority of incidents. Across the North West, this reflects their prevalence, digital reliance, and operational complexity, making them the most visible and frequently targeted group. As a result, they form the core of the regional threat landscape.
• PLCs represent a smaller share of incidents but remain a significant target due to financial scale – At 10.9% of reports (190), PLCs account for a notable portion of activity despite their lower numbers overall. However, this suggests attackers are selectively targeting larger organisations with higher transaction volumes and financial exposure.
• Smaller business structures show lower reporting but are still consistently targeted – Sole traders (3.8%), charities (2.6%), and partnerships (1.1%) contribute smaller shares of reports, but collectively represent a meaningful level of exposure. In practice, these organisations often have fewer resources and less formal security controls, making them attractive targets.
• LLPs and niche structures appear low in volume but are not immune to attack – LLPs account for just 0.5% of reports (8 incidents), reflecting their smaller presence rather than reduced risk. Meanwhile, attackers typically prioritise scale and opportunity, but no business structure is excluded.
• “Other” categories highlight the diversity of organisational exposure across the region – At 7% of reports (122), this segment captures a wide range of entities, reinforcing that cyber crime is not confined to specific business models but instead follows where digital activity and financial processes exist. Ultimately, risk is driven by behaviour and exposure, not business type alone.

By financial losses

Insights for Organisational Financial Losses via Business Types

• Limited companies dominate total losses because of their scale and operational exposure – At 66.6% of total losses (£10.5m) and an average of £8.1k per report, limited companies account for the majority of financial impact. Across the North West, this reflects their volume, transaction activity, and reliance on digital systems, making them the most consistently targeted group. As a result, they sit firmly at the centre of the regional risk landscape.
• PLCs experience fewer incidents but significantly higher losses per attack – At 21.6% of losses (£3.4m), PLCs stand out with an average of £17.9k per report, more than double that of limited companies. In contrast, this highlights targeted, high-value attacks, where criminals focus on organisations with larger financial flows and higher-value transactions.
• Smaller business types show lower total losses but remain vulnerable to targeted incidents – Sole traders (0.3%, £46.9k), charities (2.1%, £334.8k), and partnerships (0.4%, £58.3k) contribute relatively small shares of total losses. However, their loss per report figures (£711–£7.3k) indicate that successful attacks still carry meaningful financial impact, particularly given their typically lower financial resilience.
• LLPs and niche structures show minimal losses but are not excluded from risk – LLPs account for just 0.1% of losses (£18.3k) with £2.3k per report, reflecting their smaller footprint rather than reduced exposure. Meanwhile, attackers continue to follow opportunity and access, not business type.
• Loss patterns reflect a clear shift from volume to value as business size increases – While limited companies absorb the largest share overall, the higher loss per report in PLCs demonstrates a move towards precision targeting, where fewer incidents deliver greater financial return. In other words, as business size increases, so does the financial attractiveness of each successful attack.

About The Data - North West UK Cyber Crime Statistics

Based on a rolling 12 months of data from Report Fraud.

Data is provided by the following police forces: Cheshire, Cumbria, Greater Manchester, Lancashire, Merseyside, and North Wales.

The North West UK cyber crime statistics data is extracted from the NFIB Fraud and Cyber Crime dashboard between 01/01/2025 and 31/12/2025.

Only 'cyber-enabled' fraud and cyber crime offences amounting to a crime under the Home Office Crime Recording rules are included.

Cyber-enabled crimes are traditional crimes, which can be increased in their scale or reach by use of computers, computer networks or other forms of IT.

Information reports and crimes reported directly from partner agencies and industry are not included at this time and will account for differences to Office for National Statistics figures for fraud offences in the same period.

For more information relating to different types of fraud and cyber crime please see the A-Z of fraud section on the Report Fraud website.

Limitations

North West UK cyber crime statistics data is based on victim selection during the reporting process and this has not been verified.

Losses are based on loss amounts as reported in Report Fraud recorded crimes and these have not been verified. Where possible, efforts have been made to review losses reported in excess of £500k but further investigation may be required to determine if loss amounts are a true reflection of the financial impact of the reported crime.

Extreme outliers have been removed to limit data skew.

Crime Types

See crime type definitions in the main cyber crime stats article.

Regional Breakdown

Below is a list of regions that our cyber crime research is broken down into:

• London
• South East
• South West
• North West
• North East
• East
• East Midlands
• West Midlands
• Yorkshire & Humber
• Scotland
• Wales
• Northern Ireland

Further Reading

For more information about North West UK cyber crime statistics, take a look at the following sources:

• Cyber Security Breaches Survey 2025 - UK Gov
• National Cyber Security Centre
• Office for National Statistics