Why cops can`t seem to keep up with cyber criminals

As crime steadily migrates from the streets to screens, Maharashtra — despite being one of India`s most digitally advanced states — finds itself grappling with an alarmingly underprepared anti-cybercrime apparatus. While cyber offences such as financial fraud, sextortion and hacking have surged in recent years, the state’s ability to secure convictions has failed to keep pace, exposing deep cracks in its digital law-enforcement framework.

From 2015 to 2024, cybercrime complaints in Maharashtra surged exponentially from 2127 to 10,466, according to the data officially procured from the Maharashtra Cyber Cell.

These cases pertain to financial fraud, social media-related crimes, women-related crime, cyberbullying, debit/credit card, e-wallet, QR code and cryptocurrency fraud, ransomware, sextortion, etc.

Yet, conviction rates have remained alarmingly low, plummeting from 1.3 per cent in 2015 to 0.12 per cent in 2021, according to the official data. Concerningly, the data reveals that no charge sheets were filed in 2022, 2023, and 2024.

The widening gap between rising cybercrime and falling convictions points to a deep institutional crisis — driven by outdated investigations, low detection rates, a shortage of trained personnel, and technical hurdles like encryption, cross-border operations, and fast-evolving tactics that outpace cyber police.
“Conviction is the end result of a successful chain of events in the criminal justice system. If any link in the chain is weak or broken, the chances of securing a conviction drop drastically,” said a senior officer in the Mumbai Police, requesting anonymity.

“Many cybercrime cases involve foreign actors, anonymised IP [internet protocol] addresses, VPNs [virtual private networks], and encrypted platforms like TOR, making it extremely difficult for investigating officers to trace perpetrators — even when a strong case has been registered,” said the officer.

Systemic inertia

Experts say this isn`t just a reflection of legal complexity — it is also a glaring indictment of systemic inertia and institutional unpreparedness.

A prime reason for the alarmingly low conviction rate in Maharashtra is the frequent transfers of trained officers from cybercrime cells, which senior police officers claim disrupt investigations. “New officers take time to understand old cases. Meanwhile, evidence gets stale or compromised,” a senior officer stated.

Another officer who has worked in Cyber Cell of the Mumbai Police, said, “You can’t expect a constable who’s trained to crack conventional criminal cases to understand phishing scams or crypto laundering overnight. One has to undergo certain training to handle cyber cases. Once trained, the officer has to spend months or sometimes years investigating due to their complexity. We build domain expertise over the years, and then one transfer order undoes it all. New officers take time to understand old cases,” the officer said.

“After dedicatedly working for years in the cyber cell, when we receive our transfer orders, we feel that our work is undervalued,” the officer said.

ExpertSpeak

A cyber expert, Ritesh Bhatia, said the conviction rates in cybercrime cases remain dismally low due to a combination of systemic gaps. “One key reason is the lack of timely support and proactive cooperation from intermediaries like banks, social media platforms and telecom providers, which hampers crucial evidence gathering. Additionally, since there are so many cyber fraud complaints, the police do not have enough resources and often focus only on the big cases where people have lost crores of rupees.”

“Another significant challenge is the frequent transfer of officers just as they develop the technical expertise needed to investigate these complex crimes. This underscores the urgent need for dedicated cybercrime units staffed with specialists who can build long-term capabilities in this highly technical field,” Bhatia underlined.

Ritesh Bhatia, cyber expert who believes conviction rates in cybercrime cases remain low due to a combination of systemic gaps

“Importantly, I believe banks have a major role to play here. In this era of AI [artificial intelligence] and advanced analytics, their inability to detect and shut down mule accounts, coupled with poor KYC practices, makes them a weak link in the fight against cyber fraud. While raising digital awareness among citizens is essential, it cannot be the sole solution. We need stronger accountability for intermediaries, stricter government regulations, and meaningful penalties to truly protect people from falling prey to these evolving scams,” said Bhatia.

Another major roadblocks

One of the biggest hurdles in tackling cybercrime is the pace at which criminals adapt. “By the time police officers receive proper training to handle a particular type of cyber offence, criminals have already moved on to newer, more sophisticated tactics, as they use real-time innovation, leveraging the latest tools like AI-generated scams, deepfakes, etc,” admitted a senior IPS officer, requesting anonymity.

“By the time we understand how to crack one type of scam — like SIM swapping or phishing —they’re already onto deepfake extortion or crypto fraud. The modus operandi of cybercriminals changes in days or weeks. But the training programme cops undergo is not rolled out overnight; it takes months to be approved,” the officer said.

Low awareness and victims pulling out of cases, especially extortion, are other major roadblocks in securing convictions. “We can’t help if a sextortion victim backs off in the court or withdraws their complaint due to social stigma,” said the officer.

Cyber lawyers say many charge sheets are filed without robust digital evidence or a proper chain of custody. Adding to the challenge is the technical complexity of these crimes.

A cyber-legal expert, Akshat Khetan, said, “The low detection and conviction rates in cybercrime cases are primarily due to the evolving nature of digital offences and the rapid pace of technological advancement. Cyber criminals often operate across borders, use anonymisation tools and leverage encrypted platforms. This makes evidence tracking inherently complex and time-sensitive.”

“India has made significant strides through dedicated cyber cells and the strengthening of cyber laws. However, challenges remain in ensuring swift coordination among stakeholders, especially with private digital platforms, many of which are based overseas. Delay in data access and cross-jurisdictional procedures can also impact investigation timelines,” said Khetan.

“Further, cyber forensics is a specialised field and continuous investment in capacity-building, be it forensic labs, digital evidence preservation or expert manpower, is essential. Legal frameworks like the IT [Information Technology] Act are being progressively updated, and capacity-building initiatives are underway for judiciary and enforcement agencies alike,” he added.

Akshat Khetan, cyber-legal expert

“Public awareness and timely reporting play a crucial role. Many cybercrimes still go unreported due to a lack of awareness, affecting detection and conviction statistics,” said Khetan.

Noticeable gap

Asked if prosecutors and judicial officers are adequately trained in cyber law and digital evidence handling, Khetan said, “There’s still a noticeable gap in training when it comes to cyber law and handling digital evidence. Many officers and prosecutors are catching up, but the pace isn’t matching the speed at which cybercrime is evolving.”

“Cyber cases are frequently dismissed due to technicalities or a lack of proper evidence. And, it is a recurring issue. Digital evidence is delicate; if not preserved or presented properly, it fails to hold up in court. I’ve seen several cases fall apart simply because the technical chain of custody wasn’t maintained,” explained Khetan.

Speaking about the IT Act being effectively used in tandem with the Indian Penal Code/Bharatiya Nyaya Sanhita, Khetan said, “In practice, the IT Act is often sidelined or poorly applied. Investigators lean more on IPC sections, perhaps out of habit or lack of clarity, which weakens the cyber aspect of the case.”

“Delays in investigation and liberal bail conditions reduce the seriousness with which cyber offences are treated, impacting the momentum of the case and its eventual outcome,” he said.

Khetan told mid-day that cybercrime cases are often quashed due to improper application of relevant cybercrime sections, adding, “Wrong sections or weak drafting lead to technical loopholes that the accused can exploit.”

Criminal network

Asked how frequently cyber cases are dismissed in court due to technicalities or lack of proper evidence, cyber law expert Puneet Bhasin said, “That is not the scenario in the current times. Nowadays, it is more often the case that in the course of an investigation, it is difficult to trace the accused. In most cases, cyber criminals have a network wherein multiple mule accounts are used, and the entire methodology is such that the traceability of the actual accused is very, very difficult. So, even when the police investigate the identities of the beneficiary account holders, who have received fraud money, etc, what it tends to be is that it is some person who may be, let`s say, be an electrician or somebody like this in some remote village who is being given Rs 10,000 per month just to give his bank account to these cyber criminals. And in that account is somebody else`s account, which is being utilised for this purpose. So, the entire network is in such a way that reaching the end of it is very, very difficult. Cyber criminals have created a network like a spider`s web. That is the main reason why conviction rates are lower. It`s not just in Maharashtra. It is all over the country and not just our country but all over the globe.”

Cyber commandos

To strengthen India’s cybersecurity framework, Rashtriya Raksha University (RRU), in collaboration with the Indian Cyber Crime Coordination Centre under the Ministry of Home Affairs (MHA), launched the ambitious six-month Cyber Commando Training Programme on October 1, 2024, to equip 30 police officers from across the country with advanced cyber defence capabilities. “These officers will be trained to tackle the rapidly evolving cyber threats confronting India`s security forces,” said a senior government official.

The official added, “The programme aims to train 5000 specialised officers over the next five years as part of a national initiative. In collaboration with premier institutes like IITs, IIITs, and the National Forensic Sciences University, the programme will equip police personnel with up-to-date cyber skills. Once trained, these officers will rejoin their forces as key assets in tackling high-priority cyber threats.”

Astronomical rise in cybercrime cases

Source: Maharashtra Cyber Cell 

Source