The Fraud Was An Event. This is a Condition.
Why recovery from digital crime outlasts the crime by months

Morgan is a secondary school teacher in their mid-forties — the kind of person who spends the working day managing other people’s problems and expects, by the time they get home, to be done with crises for a while.
That stopped being true about six months ago.
It is a Tuesday evening and Morgan is at the kitchen table again. There is a folder. It has grown over six months from a single printed email into something that requires a cardboard divider. Bank correspondence in one section. Police reference numbers in another. A third section for the accounts Morgan did not open — the mobile contract in Rotherham, the credit card with the bank they have never used, the subscription to something they cannot name. Each one requires a letter. Each letter requires evidence. Each request for evidence requires a call. Each call begins with a recorded message about high volumes and current wait times.
The original incident took an afternoon. Someone rang, someone convinced, someone transferred. The amount was not catastrophic — significant, but not life-altering. That number appeared on every police form filled in. It appeared in the bank’s assessment of the case. It is the number that gets counted in the statistics that appear in reports that describe the scale of digital fraud in this country. It does not include the folder.
The folder is where the real cost lives. Not the money that went on a Tuesday afternoon six months ago, but the forty-seven hours since — logged, because Morgan started logging them in month two, when it became clear that nobody else was. Forty-seven hours on hold, on calls, writing letters that ask institutions to confirm what happened to a person who already knows what happened to them but must prove it again to each new department in turn. There is also the thing that does not log easily — a low hum, a background awareness, persistent and exhausting, that the folder is never quite finished, that somewhere there is probably another account, that the next letter might require something not yet thought to keep. The fraud was an event. This is a condition.
The cost nobody counts
UK Finance recorded more than £1.17 billion in fraud losses across 2024 — 3.3 million separate incidents. The figure cited in press releases, parliamentary briefings, and annual reports is always the money. What those reports do not contain is the folder. What they do not count is the recovery.
Only around 14 per cent of frauds against individuals are ever reported to Action Fraud or the police. Partly this reflects a belief, often well-founded, that reporting will not lead anywhere. The Office for National Statistics found that 71 per cent of fraud victims reported being emotionally affected. The Police Foundation report Invisible Harms documented physical and psychological impacts less understood and less measured than the financial loss, and found specialist support services to be lacking and early intervention largely absent. The shame, the self-blame, and the erosion of trust that follow an incident appear in no statistic that the banks or the government routinely publish.
The true cost of digital crime is not the original loss. It is everything that comes after.
A system designed for process, not people
The systems that are supposed to help are not designed for the person in front of them. They are designed for process — for case management, for compliance, for due diligence, for the protection of the institution carrying out the review.
The fraud team calls back to confirm what the victim already knows. The police reference number opens a portal that summarises what has already been submitted. The credit agency writes to confirm that flagged accounts have been noted — which requires a written acknowledgement that the confirmation was received. Each exchange adds documentation to someone else’s record. None of it changes the situation for the person who was defrauded.
The letter templates are identical. The call scripts are identical. The processing timelines are fixed. Every victim becomes a case reference moving through queues designed for the average. The average does not spend Tuesday nights logging hours because nobody else is.
When no one can act
A significant proportion of digital fraud targeting UK victims is perpetrated from overseas. This creates a hard stop in the recovery process that victims often reach only after months of effort. They are told, eventually, that the perpetrator is outside UK jurisdiction. That nothing further can be done. That the case is closed on the institutional side.
This is the moment many victims describe as the most damaging — not the original fraud, but the formal confirmation that the system has run its course without resolution. The UK government’s fraud strategy for 2026 to 2029 acknowledges the cross-border dimension, but the gap between published strategy and what an individual victim actually encounters remains substantial.
The crime was an afternoon. The recovery is a year of your life.
My opinion
What I notice, after three decades inside the technology industry, is how consistently the conversation stops at the immediate aftermath. We see the incident — the money transferred, the case number assigned, the bank’s response issued. What is not visible is the secondary and tertiary blast radius: what comes after, which no single organisation owns. Each institution closes its part of the process. The story continues for the person at the kitchen table. Support exists, but it is fragmented and difficult to navigate — and when someone is told that nothing can be done because the perpetrator is in a foreign country, that moment carries a weight that no fraud report measures. The consequences run much further than the original event, and they rarely land on the institution.
Questions the system never asks
Fraud recovery touches more people than the statistics suggest. If any of this is familiar — from your own experience, someone close to you, or the systems you work inside — these are worth engaging with directly.
Will any of this be familiar — from your own experience, or someone close to you?
If you have been through a recovery process — for fraud, for a breach, for anything like this — what would you want someone to know about what it actually involved?
Should the cost of recovery fall on the victim — or on the institutions whose systems were exploited, and whose processes extend the damage?
What would you want the person sitting at that kitchen table on a Tuesday night, six months in, to know — that nobody told them?
The true cost of digital crime is not the original loss. It is the months of bureaucracy, cognitive weight, and institutional indifference that nobody counts.
Authors Note
Morgan is a fictional character. Their story is drawn from a combination of professional observation and personal proximity to real events. The experiences described are real. The person is not.
You’re reading The Next Evolution by Neil Catton, articles that explore the human world and the intersection of technology, they try and ask difficult questions - not to scare - but to inform. If someone forwarded this to you, you can subscribe free at neilcatton.substack.com.
Neil Catton is the author of The Next Evolution, The Cognitive Crucible and The Shadow System - available on Amazon, and writes at the intersection of technology, ethics, and human purpose.

