The delay in the release of National Crime Records Bureau data on cyber crimes makes it irrelevant and does not paint the true picture on the ground, experts told BOOM. Digital crimes evolve faster than the law can catch up with it, and the NCRB data – considered to be a barometer of the crime rate – which records crimes upto 2023 is dated, they added.
NCRB - the government’s crime rate tracker, data showed a staggering 63.14 per cent jump in cyber crimes between 2021 (52,974 cases) and 2023 (86,420 cases) indicating that the digital landscape is becoming an increasingly active front for criminal activity.
Advocate Persis Sidhva said different types of cyber crime arise on a monthly basis. "How can 2023 data be relevant at the end of 2025? How do we really utilize the data which is almost two years old?" Sidhva told BOOM.
Meanwhile, cyber forensic expert Pragati Ratan said types of cyber crimes - digital arrests, APK files, fake cops calling - change because the citizen is getting smarter. However, this trend is not reflected by the government’s crime tracker.
Even the Enforcement Directorate’s recent move to rope in zonal offices across 28 cities is to primarily combat offences related to money laundering arising from betting scams like the Mahadev betting scam, he added. Betting apps in India are banned, but people are still losing money. More recently, the Parliament passed the Online Gaming Act, 2025 which banned online real-money games (RMGs), including poker and fantasy sports.
According to news reports, the ED is probing cases where more than Rs. 28,000 crore in reported losses and Rs. 8,500 crores in assets seized.
BOOM deep-dives and analyses the NCRB data on cybercrimes.
Sharp increase in cyber crimes, but FIRs and conviction rate low
The data published by NCRB also include crimes recorded under the now-scrapped Indian Penal Code, 1867 and other Special Local Laws (SLL) like the Copyright, Gambling, Lotteries and Trademark Acts.
The NCRB data also revealed that around 4,199 cases (4.9 per cent) were cases of sexual exploitation, while 3,326 cases (3.8 per cent) were extortion cases. Karnataka (21,889), Telangana (18,236), and Uttar Pradesh (10,794) led with the highest number of cybercrimes in the country, the report revealed. The increase in cyber crimes is not marginal but rather points to a significant and accelerating trend which may prove to be a rapidly escalating problem.
According to a Medianama report, despite a year-on-year increase in cybercrimes, only 2.43 per cent of cybercrimes reported to the National Cybercrime Reporting Portal (NCRP) were converted into FIRs in 2024.
The numbers have been worryingly low since 2020, where only 1.9 per cent of the complaints were converted to FIRs. The numbers marginally rose to 2.49 per cent (2021), 2.07 per cent (2022) and 2.63 per cent (2023).
Ex-cop Muktesh Chander said the data on NCRB–which refers to reported FIRs–is vastly different from the data available on the Indian Cybercrime Coordination Centre (I4C) – the centre’s nodal agency for cyber crimes. Chander also pointed out that in this day and age of digitisation of records, it should not take so long for data to be put out.
“The police are overwhelmed with the quantum of cyber crime cases before them. Which case will get converted and which does not, should not be a mystery. Technically speaking, all cybercrimes where the prima facie an offence is made out, should be converted into an FIR. The amount of money lost should not be a factor. Rs. 20,000 to a poor man is the same as what Rs. 20 lakhs would mean to the middle class. “Amount should not be a consideration,” Chander said.
Cyber expert Pragati Ratan says the parliamentary committee’s data and the police focus are also primarily on fraud-related crimes or where losses have been reported. New types of cyber crimes, which mostly target the elderly or the retired, crop up because people are getting smarter. In Telangana, technology is also playing spoilsport because it is being used by the law enforcement officials to apprehend the criminals. However, it's always a case of catch-up because the cyber fraudsters always find new loopholes in targeting citizens.
However, Karnataka and Telangana, which top the list of states with the highest number of cyber crimes sits on a different pedestal. Ratan–who heads cyber crimes division at the Telanaga Police Academy–said Telanaga’s high numbers can be attributed to the fact that the state police converts every single complaint into an FIR. “Every single call that comes on 1930 (the hotline to report cyber crimes) or complaints recorded on the government’s cyber crimes portal is converted into an FIR,” he added. “Telangana is investing at least Rs. 20-25 crores in technology, and to update the police on the latest scams which in turn helps the victims recover most of their money,” Ratan said.
Kerala and Maharashtra are also stepping up their game, and Ratan said by next year, we are likely to see a jump in cyber crime cases in these two states as well.
Also Read: Betting Apps Are Banned But Indians Are Still Losing Money This IPL Season
Police response lacking in cyber crime-related cases
Though cyber fraud tops the list of digital crimes, it is closely followed by digital crimes related to sexual exploitation and blackmail. Fraud accounted for 19,466 + 2,098 cases (including credit/debit card fraud). Cheating took the lion's share of the cases with 16,943 cases while Banking frauds–ATM (1,783 cases), misuse of OTPs (5,116 cases), and online banking (4,435 cases), also went up.
In 2023, more than 4,000 cyber crimes cases against women and children were recorded by the police stations across the country. Almost 1,305 cases of cyber bullying/stalking of women and children were recorded. Around 225 cases of fake profiles were noted while 36 cases involved the use of deepfakes.
Mumbai-based advocate Persis Sidhva, and director of Rati Foundation, said when it comes to crimes against women and children, the local police are more comfortable recording crimes that take place offline as compared to online or cyber crimes. There is a clear reluctance to record online abuse, she said. “When it’s a case of online and offline abuse, they recognize offline abuse and primarily register the FIR accordingly. The online elements of the crime get lost in translation,” she added.
Sidhva said managing the chain of custody in online abuse cases is difficult and the police are not equipped to do so. The police are also not able to adequately prepare victims about what the investigation entails. Like how their mobile phones are likely to be seized for forensic examination and or how long the trial is likely to take, she added.
Then we see police scrolling intimate images in front of the victims. In cases of children, these images are seen by the parents as well in the police station, Sidhva added. The advocate said a victim goes to the police with the hope that the content will be taken down. The FIR is incidental. But instead, the FIR is done, and the content remains online. This main concern is not addressed, she added.
Advocate Nakul Gandhi said victims of online abuse like deepfakes, or invasion of privacy where their personal images are being floated online as part of revenge porn prefer to move courts for take down orders as compared to relying solely on police response.
“The primary objective for a victim is to first get their content taken down from the internet,” Gandhi said. “If a case is made out, take down orders from high courts are almost immediate. In these cases, intermediaries like Meta (Facebook/Instagram), X (Twitter) are also tagged which makes the process faster,” Gandhi added. Meanwhile, the cyber police can continue probing the case, he said.
Also Read: A Woman’s Leaked Private Videos Expose The Gap In India’s Cybercrime Portal