Pakistan’s cybercrime landscape reached an inflection point in 2025, not because the threat diminished, but because reported complaints surged to their highest level on record.
Official figures presented to the National Assembly show that 150,542 cybercrime complaints were filed nationwide during the year, underscoring the scale at which digital crime has embedded itself into everyday economic and social life.
Financial fraud dominated the caseload, with 81,996 complaints, while WhatsApp account hacking alone accounted for 2,974 cases.
The numbers reveal a country grappling with a rapidly expanding digital threat environment, even as its enforcement outcomes remain thin.
The disclosures, made by Minister of State for Interior Talal Chaudhry in response to a parliamentary question, offered a rare statistical snapshot of how Pakistan’s cybercrime apparatus is functioning.
They also exposed a widening gap between public reporting and legal resolution, a gap that continues to erode confidence in the state’s ability to protect citizens in the digital sphere.
Financial fraud at the core of the crisis
Cyber-enabled financial crime emerged as the most pervasive category, cutting across urban and rural populations alike.
According to the Interior Ministry, scams ranged from fake investment schemes and online impersonation to account takeovers and digital payment fraud.
The total amount involved in reported financial crime cases stood at PKR 2.716 billion ($9.7 million) in 2025, a figure that reflects only those incidents that reached the reporting stage.
Recoveries, however, tell a more sobering story. Of the total amount involved, only PKR 452.376 million ($1.6 million) has been recovered so far, leaving the bulk of losses unrecovered as investigations continue.
These figures highlight the high-impact, low-recovery nature of cyber fraud, where money moves quickly across accounts and borders, often outpacing investigative capacity.
From complaints to cases: A narrow funnel
The conversion rate from complaints to formal legal action remains strikingly low.
Of the 150,542 complaints received by the National Cyber Crime Investigation Agency (NCCIA), just 10,756 were converted into formal inquiries after scrutiny.
From these inquiries, only 851 cases were registered under existing cybercrime laws. Arrests were made in 1,095 cases, indicating that some investigations extended beyond a single accused, but convictions remained rare.
Lawmakers were informed that only 31 convictions had been secured, a figure that stands in stark contrast to the volume of complaints.
The data suggests that for the overwhelming majority of victims, reporting cybercrime does not translate into judicial closure. The attrition across each stage of the enforcement pipeline has become a defining feature of Pakistan’s cybercrime response.
Limits of PECA enforcement
Pakistan’s primary legal instrument for addressing digital offences, the Prevention of Electronic Crimes Act (PECA), was enacted to streamline investigations and prosecutions in cyberspace.
Nearly a decade later, its enforcement record in financial crime cases remains limited.
Despite the law’s broad scope, including provisions for electronic fraud, identity theft, and unauthorised access, the number of cases reaching conviction remains negligible relative to reported incidents.
This enforcement pattern has fuelled criticism that PECA’s application is uneven. While financial fraud cases struggle to progress through the legal system, the law has been more visibly deployed in cases related to online speech, misinformation, and content deemed harmful or false.
Parliamentary disclosures did not directly address this disparity, but the contrast between complaint volumes and convictions continues to dominate public debate.
Government’s stated focus and emerging threats
In addressing lawmakers, the Interior Ministry emphasised preventive and awareness-driven measures.
Officials highlighted the launch of the NCCIA’s public reporting portal and a dedicated cybercrime helpline, 1799, alongside outreach programmes targeting schools, academic institutions, and vulnerable populations.
Women, elderly citizens, rural communities, and low-literacy groups were identified as priority audiences for cyber awareness initiatives.
The government also acknowledged emerging threats linked to artificial intelligence.
Deepfake videos and voice-cloning scams were identified as rapidly evolving risks that complicate attribution and investigation.
Officials confirmed that Pakistan’s first national Artificial Intelligence Policy is being finalised, with cybercrime mitigation forming part of the broader digital governance framework.
Awareness without assurance
While awareness initiatives have expanded reporting channels, the surge in complaints itself suggests that reporting mechanisms are outpacing enforcement capacity.
Many victims still do not come forward, either due to a lack of procedural knowledge, fear of stigma, or scepticism about outcomes. Those who do report often encounter lengthy processes, limited feedback, and uncertain resolution.
The official data presented to Parliament captures only registered complaints. Independent observers note that underreporting remains significant, particularly in cases involving small-scale fraud, harassment, or embarrassment-driven offences.
This hidden layer implies that the true scale of cybercrime may be far larger than official figures suggest.
Digital expansion, institutional strain
Pakistan’s rapid digitalisation has expanded access to online banking, mobile payments, and social media, but institutional adaptation has struggled to keep pace.
Cybercriminals have exploited gaps in user awareness and regulatory oversight, deploying increasingly sophisticated methods that blur the line between technical fraud and social engineering.
The NCCIA, tasked with handling this expanding caseload, operates within broader structural constraints.
Cyber investigations demand specialised skills, cross-border cooperation, and forensic capacity that traditional policing models were not designed to provide.
The parliamentary data reflects this strain, with thousands of complaints filtered out before reaching the inquiry stage.
Public trust and the enforcement deficit
The imbalance between reported harm and legal outcomes carries implications beyond individual losses. It shapes public trust in digital systems, financial inclusion initiatives, and the state’s regulatory authority.
As cybercrime increasingly targets everyday transactions, from mobile wallets to messaging apps, the perception of impunity risks becoming entrenched.
At the same time, the government’s visible focus on online content regulation has fuelled perceptions that enforcement priorities are misaligned with the most damaging forms of cybercrime.
While officials have defended these actions as necessary for national security and public order, the statistical disparity between financial crime complaints and legal action remains difficult to ignore.
A growing digital accountability gap
The record-breaking complaint figures of 2025 mark a critical moment for Pakistan’s digital governance framework.
They illustrate a society that is increasingly willing to report cybercrime, but also one that faces an enforcement apparatus struggling to deliver proportionate outcomes.
As digital platforms continue to mediate economic and social interactions, the gap between cyber harm and cyber justice has become more visible.
The data placed before the National Assembly does not merely quantify a crime trend; it documents an accountability deficit.
With billions of rupees lost, thousands of victims affected, and only a handful of convictions secured, Pakistan’s cybercrime challenge in 2025 stands as a test of institutional capacity in the digital age.
Comment