The findings in this post are part of an ongoing project to develop a methodology for extracting climate and geopolitical risk—as well as other critical data points—from vast amounts of unstructured data, such as company filings. This work is part of a broader research initiative to uncover signals in corporate disclosures that can inform research, policy, and strategy. Over the coming months, we will be publishing further results from this stream. We are also developing these methodologies into a service. For inquiries, contact us at: adu@autonomy.work
The most comprehensive datasets on the impact of unlawful activity on UK businesses currently come from surveys. Examples include the government’s Commercial Victimisation Survey and the British Retail Consortium’s Annual Crime Survey, both of which have been useful in highlighting concerning trends—such as the recent rise in violent and abusive incidents in shops. While these studies provide valuable, wide-ranging data for policymakers, the anonymity of their participants and standardized formats limit researchers’ ability to examine individual companies or explore specific impacts beyond the survey’s predefined scope. The structured nature of these surveys likely obscures some unique and interesting stories that deserve attention.
Annual reports offer an alternative, potentially underutilized source of narrative data on how illegal activity affects businesses. Companies disclose civil and criminal incidents in their financial statements when such events have a material impact on operations. However, the extent to which UK companies actually include this information in the reports they file with Companies House is unclear.
By processing all electronically filed accounts in Companies House throughout 2024 (~2 million companies), we identified 123 companies that provided narrative data, and in some cases financial data, on the ways in which alleged illegal acts have impacted their operations. The dataset presented below is intended as a resource for researchers examining these risks.
Disclaimer: The inclusion of any names, companies, or incidents in this analysis does not necessarily imply wrongdoing on the part of any individual or entity. All information presented is derived from annual reports that reflect the perspectives and statements of the reporting companies and do not constitute legal determinations of liability or criminal conduct. Readers should interpret the data as a reflection of corporate disclosures rather than verified legal findings.
Dataset
Notes
The dataset only included companies that submit accounts electronically to Companies House, as these filings are machine-readable and easily transcribed for analysis. While estimates vary, Companies House reports that 60% of the 2.2M companies filing accounts submit electronically. Unfortunately, many of the UK’s largest companies, which tend to have more complex filings, submit scanned paper accounts and are therefore outside the scope of this analysis. As a result, the highest profile UK cases such as Arup’s recent £25M cyber incident, are not captured in our data. Fortunately, a shift toward mandatory electronic filings is expected in the coming years, which should significantly improve data accessibility and coverage. Therefore this study should serve as an indication of what may be possible to visualise in the not-so-distant future.
The dataset compiles reports of actual events that have occurred, rather than assessing the future risk of illegal activities occuring. This approach avoids including the boilerplate statements many companies include about potential illegal activity, particularly fraud, which are often generic and do not reflect the real impacts on business.
While every effort was made to capture all relevant disclosures throughout 2024 of an event impacting business, it’s possible that we have missed some items as we continue to experiment with our approach in searching and filtering annual reports for relevant data.
When financial data related to illegal activity was provided, such as stolen assets or insurance pay-outs, we extracted those figures. The total recorded financial impact within the dataset amounts to £46.3M.Statistics
Financial irregularities were found to be the most commonly reported event with 34 mentions, accounting for £33.3M of the total reported costs. 31 instances of cyber attack (£5.5M) and 30 thefts (£3.5M) were also reported.
The most common businesses reporting criminal events were wholesale retailers (17 companies) followed by manufacturing (14) and healthcare/social services (11).
| company_name | event_type | event_description | cost | cost_currency | cost_type | industry | sic_descriptions | locality | annual_report_link | report_extract |
|---|---|---|---|---|---|---|---|---|---|---|
Loading ITables v2.2.4 from the init_notebook_mode cell...
(need help?) |
Noteworthy Items
The largest cost associated with financial irregularities were reported by 144 Midland Road Limited, a development run by the well-known property mogul Nicole Bremner. The company claims to have lost £11M through material misappropriation of assets over a number of years through the activities of former director and property developer Abraham “Avi” Dodi. The company is conducting a forensic accounting review and yet to make a claim against Dodi. £11M is a significant sum of money for a development with net liabilities of £4.4M, most of which is owed to one of Dodi’s companies.
In the largest reported bank hack, £3.8M was stolen from Nutri-paw Ltd, a company that develops health supplements for dogs. Unfortunately, the company was only able to recover £800K of the funds with the rest being written off. The most expensive cyber-attack was targeted at Capita Pensions Solutions Limited costing the organisation £3.6M. These costs went towards specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment. Although the company’s report provides limited details on the incident, external sources indicate that the broader Capita Group, of which Capita Pension Solutions Limited is a subsidiary, estimates the total financial impact of the March 2023 cyber-attacks to be around £25M. The attack was reportedly linked to an unsecured Amazon S3 bucket, which allowed the Black Basta ransomware group to gain access to sensitive data, including the personal information of half a million pension holders.
The most expensive arson attack was the incident at SWX Bristol, a music venue owned by Electric Group Holdings Limited, that warranted a £2.95M insurance payout. The venue was attacked by Owen Marshall, who dowsed a towel in petrol before setting it alight and posting it through the venue’s letterbox in the early hours of July 13th 2021. Marshall’s motive stemmed from an unhealthy obsession with lockdown restrictions, leading him to target entertainment venues in Bristol based on the false belief that they would be introducing COVID-19 vaccine passport requirements imminently.
It’s rare for a business to have all its assets seized by the police and still live to tell the tale. However Eidolon-UK Chemical Services Ltd operates within a heavily scrutinised corner of the market. The company manufactures and distributes an organic chemical called trans-β-methyl-β-nitrostyrene, otherwise known as 1-phenyl-2-nitropropene. Beyond research applications, the chemical is used as a precursor in the synthesis of amphetamines. Eidolon clarify that the chemical is not on any postal service’s banned list, is not yet illegal anywhere in the world nor included on the USA’s TCSA list of toxic chemicals. Despite having to refund all customers and offer discounts following the police raid the company remains undeterred, having relocated to a new commercial lab. Eidolon faces continued obstacles marketing the chemical through established channels and has been subject to shadow bans on eBay and had its Etsy store suspended. The company maintains its own website with independent payment processing, offering discounts for cryptocurrency transactions.
Perhaps the most unsettling disclosure comes from Lehram Capital Investments Ltd who reveal that since 2019 they have come under sustained attack from an organised Russian crime syndicate determined to annihilate the business and prevent it from exposing the extent of the group’s criminal activities throughout the continent. A former company director is reported to have suffered repeat accidents causing them serious harm and permanent damage resulting in confidential settlements. Directors report facing threats of murder, kidnapping, extortion and persecution towards themselves and family members. Although Lehram’s report does not name those it accuses of harassment, legal proceedings and media reports suggest the company’s troubles date back to its 2013 acquisition of the Gramoteinskaya coal mine in Siberia. Lehram’s director Igor Rudyk was supposedly detained on immigration charges, coerced under duress, and forced to sign over the mine to a criminal group allegedly linked to Siberian industrial magnate Alexander Shchukin, with the involvement of regional officials. Lehram continues to pursue legal action internationally.
Loss of stock due to theft is a common occurrence with stolen items across the reporting period including construction tools, jewellery, consumer electronics, pharmaceuticals, C18th kitchenware and a salt bin. Primo Drinks, the UK’s largest family run drinks wholesaler, writes of a large theft issue in their North East branch in 2023 involving all but one employee. The company fired and replaced the entire team.