Chamber and committees

Survivors have lost confidence, so can the cabinet secretary outline what kind of further inquiry might take place? For example, is it a full public inquiry that is being considered? What would be its remit and timescale? Who is doing the work on that? Can she clarify whether the terms of reference of the Scottish child abuse inquiry include abuse of children who were in care when the abuse took place where the abuse took place outside the care setting and by perpetrators who were not employed in the care sector or connected to it?

I am pleased to open on behalf of Scottish Labour. As a member of the Criminal Justice Committee, I thank my fellow committee members, the committee clerks and all stakeholders who were involved in the committee’s work on the issue.

The committee’s report is important and timely. Cybercrime rates across Scotland are at a significant level. As Sharon Dowey said, more than 14,000 cybercrimes were recorded in Scotland last year—a number that remains well above pre-pandemic levels. Cybercrime amounted to 5 per cent of all crimes recorded in Scotland last year, but digital technology and online spaces are being used to carry out more traditional crimes, too. We can see that from the fact that cybercrime accounted for 27 per cent of all sexual crimes reported last year.

In recent years, several high-profile cyberattacks have been launched against private companies and public bodies across Scotland—major companies such as Marks and Spencer, the Co-op, Adidas and H&M have been hit by cyberattacks this year alone. NatWest provided alarming evidence to the committee that its customers have to be protected from more than 100 million cyberattacks every month.

Earlier this year, Glasgow City Council, the City of Edinburgh Council and West Lothian Council all suffered cyberattacks that were aimed at disrupting online education services. Hackers managed to access a significant amount of information from NHS Dumfries and Galloway last year, including the confidential details of staff and patients. In 2020, SEPA endured one of Scotland’s worst-ever cyberattacks, when thousands of its digital files were stolen. Whether we look at cybercrime statistics or examples of cyberattacks, it is clear that cybercrime is an issue that affects all of Scotland, including individuals and organisations.

Two common themes emerged in the evidence that the committee heard on how we can better protect ourselves from cybercrime. The first theme was that the current state of Scotland’s cyber resilience is inadequate and must be improved. Digital participation in Scotland has continued to increase, particularly among older people, and more than 90 per cent of adults now use the internet for work or personal activities. That is to be welcomed, but it brings greater risks of cybercrime.

Previous results from the Scottish crime and justice survey found that nearly 5 per cent of internet users in Scotland had experienced computer viruses, received scam emails or had banking details stolen online. In addition, the Scottish household survey found that nearly 10 per cent of all adults in Scotland did not take any online security measures, such as not opening emails from unknown senders or not sharing personal information online. That is why some of the proposals in the Scottish Government’s cyber resilient Scotland framework that focus on improving cyber learning are welcome.

Embedding cyber learning in the school curriculum, expanding the availability of cyber learning resources and improving access to cyber learning opportunities for adults are all practical steps. The £300,000 that has been allocated for an upskilling fund to strengthen cybersecurity skills across the public sector is also very welcome.

However, I believe that the Scottish Government must do more to educate everybody—in particular, young men and boys—on the harmful effect that far-right and misogynistic online content can have on their behaviour, and to tackle the resulting sexism, misogyny and violence in schools. That is why I again call on the Scottish Government to bring forward a cross-campus strategy to tackle the issue. I think that that is relevant to today’s debate.

Although education is vital in improving cyber resilience, we must also look at other avenues to achieve that aim, such as legislation. The Online Safety Act 2023 has now come into force, and I urge the Scottish Government to work with the UK Government and Ofcom to ensure that it is effective, especially in the light of the fact that reports of online child abuse in Scotland have doubled in a year.

The Scottish Government should also make representations to the UK Government and Ofcom on ensuring that the provisions in the Online Safety Act 2023 that are designed to tackle fraudulent online advertising are implemented as soon as possible, and I encourage ministers to engage with the UK Government and Ofcom on how the Cyber Security and Resilience (Network and Information Systems) Bill will be implemented in Scotland, should it be passed at Westminster.

There are many other aspects of improving Scotland’s cyber resilience that I hope will be considered in today’s debate, such as the need for regulation to reduce the harms associated with AI technology, including deepfakes, and the need to ensure that digital technology that is used in the public sector is better protected from cyberattacks. I welcome the action that the Scottish Government is taking, such as its recent announcement on deepfakes.

The second theme that emerged in evidence to the committee in relation to tackling cybercrime was the need for the Scottish Government to invest more in cybersecurity. Organisations ranging from the Cyber and Fraud Centre Scotland to the Scottish Courts and Tribunals Service have identified the need for further investment. The committee heard from Police Scotland on the significant financial challenges that it faces, which Sharon Dowey mentioned, and how that affects its ability to tackle cybercrime.

I hope that the need for greater investment in cybersecurity will be explored further in today’s debate. It is important to note that the true scale of cybercrime across Scotland is likely to be greater than we expect, given that it often goes unreported by individuals and organisations. It is also likely to become a bigger issue in the future.

I hope that the Scottish Government will reflect on all the points that I have raised and that other members will raise on the need for cyber resilience and investment in cybersecurity.

Islanders on Cumbrae are concerned about CalMac proposals for scheduled maintenance windows, which could lead to a direct cut to the island’s vital lifeline ferry services, and believe that CalMac and Transport Scotland must drop the proposals, which could mean that services are withdrawn for either six hours per week or one 24-hour period per month. Will the cabinet secretary provide reassurance that there will be no reduction in service and capacity next year, and that the 2026 summer timetable will match this year’s one?

To ask the Scottish Government what steps it is taking to protect and improve ferry services to Scotland’s island communities. (S6O-05284)

Thank you very much.

Does either of the other witnesses want to come in? It would be helpful to know how significant the gap in availability is and to have an assessment of the extent to which rehabilitation is available, not just where specified criteria apply but where, ideally, it should be available.

I will ask about the financial memorandum relating to this part of the bill. Pam Gosal, the member in charge of the bill, has told the committee that she believes that, if the obligations set out in the financial memorandum were met, there would be sufficient capacity in the system in relation to part 2 of the bill. What are your views on that? I do not know whether you have had an opportunity to look at it in detail. For example, are the finances the only issue, or are there issues to do with recruitment and whether we have people available who would be able to carry out those functions? Have any of the witnesses looked at the costings around some of these proposals? Glyn Lloyd, would you like to come in on that?

I understand. Are there any non-legislative changes that could be made to improve the opportunities for and success of rehabilitation programmes and services for domestic abuse survivors? Obviously, the bill is a legislative mechanism. Do you think that we need a legislative mechanism? Quite often, this Parliament thinks that legislation helps to drive change that could happen without legislation, but the legislation is a way of trying to ensure that that happens. Do witnesses have any comments on whether we need legislation?

I have some questions about part 2 of the bill, “Assessment of offenders for rehabilitation programmes and services”. Glyn Lloyd has already referred to the lack of availability of programmes. Are there any gaps in the current assessment process for offenders’ suitability for rehabilitation programmes and for services that take place in court, during custody and prior to release from prison that would be addressed by part 2 of the bill?

Who wants to speak about part 2 of the bill?

I appreciate that there has already been a consultation, so you will be keen to get legislation through before the election and the end of the parliamentary session. Would it not have been preferable to delay the bill or introduce a further bill once the implications of the internal market act were clear, so that the significant policy choices could be set out in primary legislation?