Cybercrime has become one of the fastest-growing threats facing UK organisations, cutting across industries, business sizes, and regions.
Attacks ranging from phishing and ransomware to data theft and business email compromise now represent a routine operational risk rather than a rare edge case.
Government-published independent research (DSIT) estimates:
- The average cost of a significant cyberattack on a UK business is ~£195,000.
- Scaled up, the annual UK cost of significant cyberattacks is ~£14.7 billion (about 0.5% of GDP).
Despite this, public understanding and concern around cybercrime is not evenly distributed. Some areas appear highly alert — frequently searching for advice, guidance, and news — while others experience high volumes of reported cybercrime with comparatively low visible concern.
To understand this disconnect, this research compares reported cybercrime incidents against search behaviour related to cybercrime, using search volume as a proxy for public concern.
The UK Counties with the Highest Levels of Reported Cybercrime
| Rank | Police Force (County) | Avg. Monthly Reported Crimes | Reported Crimes per 10,000 Residents |
| 1 | Devon and Cornwall | 123 | 4.7 |
| 2 | Greater Manchester | 254 | 4.6 |
| 3 | Staffordshire | 92 | 3.6 |
| 4 | Hampshire | 154 | 3.3 |
| 5 | North Wales | 45 | 3.3 |
| 6 | Derbyshire | 85 | 3.2 |
| 7 | Northumbria | 92 | 3.2 |
| 8 | Nottingham | 100 | 3.0 |
| 9 | Avon and Somerset | 131 | 2.8 |
| 10 | Gwent | 41 | 2.6 |
*Note: GSV stands for Google Search Volume.
Devon and Cornwall records the highest reported cybercrime rate of any county in the dataset (4.7 reported crimes per 10,000 residents per month), despite its largely rural profile. This suggests that cybercrime exposure is not limited to major metropolitan centres.
Greater Manchester follows closely (4.6 per 10,000 residents), reinforcing its position as one of the UK’s highest-risk counties for cybercrime on a per-capita basis. While the county includes major urban centres like Manchester and Salford, the elevated rate shows that cybercrime risks extends beyond the city core and across the wider county’s business and residential landscape.
Several mid-ranking counties also show notably high per-capita risk. Staffordshire (3.6 per 10,000 residents) and Hampshire (3.3 per 10,000 residents) both experience higher-than-average cybercrime rates relative to population. In these areas, a mix of medium-sized cities, commuter towns – and increasing numbers of businesses in these locations – may contribute to increased exposure to cyber risks.
North Wales (3.3 per 10,000 residents) and Derbyshire (3.2 per 10,000 residents) further demonstrate that elevated cybercrime risk is not confined to the UK’s urban hubs. These counties include smaller cities and towns, yet still record higher per-capita cybercrime rates comparable to more densely populated regions.
Counties like Northumbria (3.2 per 10,000 residents) and Nottingham (3.0 per 10,000 residents) also appear in the top ten, indicating sustained cybercrime exposure across a range of regional contexts. Meanwhile, Avon and Somerset (2.8 per 10,000 residents) and Gwent (2.6 per 10,000 residents) round out the list, showing that even lower-ranked counties in the top ten still experience meaningful levels of reported cybercrime relative to population size.
County-Level Public Concern About Cybercrime
| Rank | Police Force (County) | Combined City GSV | GSV per 10,000 Residents |
| 1 | PSNI | 1,550 | 36.0 |
| 2 | Greater Manchester | 1,920 | 34.7 |
| 3 | Northumbria | 790 | 27.6 |
| 4 | West Midlands | 4,430 | 25.3 |
| 5 | Avon and Somerset | 1,150 | 24.4 |
| 6 | Devon and Cornwall | 580 | 22.1 |
| 7 | Police Scotland | 3,490 | 22.0 |
| 8 | Metropolitan | 19,580 | 21.8 |
| 9 | North Wales | 280 | 20.7 |
| 10 | Staffordshire | 510 | 19.8 |
PSNI (Northern Ireland) ranks highest for cybercrime-related search interest, with 36.0 searches per 10,000 residents. This suggests a particularly high level of public engagement with cybercrime topics relative to population size, despite comparatively lower reported cybercrime rates. Cities like Belfast and Londonderry likely contribute to this interest, but the ranking may reflect a county-wide pattern rather than isolated urban behaviour.
Greater Manchester follows closely, recording 34.7 searches per 10,000 residents. While the area in cludes a major city centre, the elevated search rate indicates that concern extends across the wider county.
Several other counties show similarly high levels of per-capita concern. Northumbria (27.6 searches per 10,000 residents) and the West Midlands (25.3 per 10,000 residents) both rank in the top four, indicating significant interest in cybercrime-related information.
Avon and Somerset (24.4 per 10,000 residents) and Devon and Cornwall (22.1 per 10,000 residents) further demonstrate that high cybercrime concern is not exclusively an urban issue. Despite lower population density in parts of these counties, residents search for cybercrime-related information at rates comparable to, or even exceeding, many metropolitan areas.
Police Scotland also ranks highly (22.0 searches per 10,000 residents), reflecting strong public interest across a wide geographic area that includes cities like Glasgow, Edinburgh, Aberdeen, and Dundee. This elevated search rate suggests widespread engagement with cyber security topics, even though reported cybercrime rates per capita remain low relative to many English counties.
Overall, this per-capita analysis highlights that public concern about cybercrime varies significantly by county and does not simply mirror population size or raw search volume. Some regions demonstrate exceptionally high engagement relative to their population.
This sets the stage for a deeper comparison between where cybercrime is searched for most and where it is most frequently reported.
Where Cybercrime Risk and Awareness Are Most Out of Sync
| Rank | Police Force | GSV per 10,000 | Crimes per 10,000 | Awareness Gap |
| 1 | PSNI | 36.0 | 1.5 | 34.5 |
| 2 | Greater Manchester | 34.7 | 4.6 | 30.1 |
| 3 | Northumbria | 27.6 | 3.2 | 24.4 |
| 4 | West Midlands | 25.3 | 1.4 | 23.9 |
| 5 | Police Scotland | 22.0 | 0.2 | 21.8 |
| 6 | Avon and Somerset | 24.4 | 2.8 | 21.6 |
| 7 | Metropolitan | 21.8 | 1.0 | 20.8 |
| 8 | Devon and Cornwall | 22.1 | 4.7 | 17.4 |
| 9 | North Wales | 20.7 | 3.3 | 17.4 |
| 10 | Humberside | 18.5 | 2.1 | 16.4 |
At the top of the ranking, PSNI (Northern Ireland) shows the largest awareness gap of any police force area (34.5, calculated from 36.0 searches per 10,000 residents versus 1.5 reported crimes per 10,000). This indicates exceptionally high public engagement with cybercrime topics relative to the level of reported incidents, suggesting strong awareness, interest, or concerns about digital threats.
Greater Manchester ranks second, with an awareness gap of 30.1 (34.7 searches per 10,000 residents compared with 4.6 reported crimes per 10,000). While the county also records one of the highest per-capita cybercrime rates, the much higher level of search interest indicates that public concern substantially exceeds it.
A similar pattern is evident in Northumbria (awareness gap: 24.4) and the West Midlands (23.9). In both counties, cybercrime-related searches per 10,000 residents (27.6 and 25.3, respectively) significantly outpace reported crime rates (3.2 and 1.4).
Several regions display particularly prominent mismatches driven by low reported crime but high concern. Police Scotland, for example, records an awareness gap of 21.8, derived from 22.0 searches per 10,000 residents and just 0.2 reported crimes per 10,000. This indicates one of the strongest disproportions between concern and reported incidents in the dataset. Avon and Somerset shows a similarly large gap (21.6), again pointing to elevated awareness relative to recorded cybercrime.
The Metropolitan Police area (Greater London) also appears high in the ranking, with an awareness gap of 20.8 (21.8 searches per 10,000 residents versus 1.0 reported crimes per 10,000). While London often dominates discussions of cybercrime due to its scale, this per-capita comparison shows that public concern still substantially outweighs reported incident levels.
Taken together, these findings underline that the largest awareness gaps are not confined to one type of region.
To conclude
This analysis shows that cybercrime in the UK is not just about where attacks happen — it’s about where awareness keeps pace with risk.
By grounding the data at county (police force) level, rather than duplicating figures across multiple cities, a clearer picture emerges. Some counties experience high cybercrime volumes alongside strong awareness, while others face similar levels of risk with far lower visible concern.
Improving cyber resilience starts with awareness, but it must quickly translate into action.
Staff training, better monitoring and clear incident response planning can help individuals and businesses go a long way.
Aligning awareness with actual risk is one of the most effective ways UK businesses can reduce exposure — regardless of area.
Concern doesn’t always match risk. Is your business prepared?
Whether your region shows high concern or your business needs extra protection and training against cyber threats, ramsac helps businesses turn insight into action.
Our cybersecurity services are designed to reduce real-world risk, combining monitoring to detect threats early with consultancy to strengthen defences, policies, and staff behaviour — including the safe use of AI tools like ChatGPT.
Contact us today to build cyber resilience that goes beyond awareness.
