One third of UK firms hush up e-crime

Reporting e-crime to the police is a 'double-edged sword', according to many businesses

A third of UK businesses do not report information security crimes and breaches despite being targeted on a daily basis by cyber-criminals, new research claimed today.

A poll of 20 chief security officers at large enterprises by Infosecurity Europe found that businesses are subject to attempted e-crime every day.

The respondents stated that they have to strike a balance between the company's responsibility to report crime in order to prevent and predict incidents in the wider business community, and the clear material loss from reputation damage.

"Reporting crime to the police is a double-edged sword as invariably the press have found out about the incident within 24 hours of reporting it to the police, creating a real PR risk," said media lawyer Jonathan Coad from law firm Swan Turton. 

However, Tony Neate, managing director of GetSafeOnline, argued: "In order to be effective we need to know the scale of the problem, and this can only be measured if we report incidents when they occur.

"How and to whom we report is a matter for debate, whether it is the ISP, bank or local police.

"Without collating the scale of the e-crime problem, we will never be aware of the true cost to society at large and the measures needed to fight it."

Phillip Virgo, secretary-general at parliament-industry group EURIM, added: "We must stop patronising small firms and consumers if we want them to do serious business online.

"How do they find out whether their system has been recruited into a botnet or if it is their firewall, operating system, browser and applications fighting for supremacy?

"The time has come to respond to the needs of the customer with security tools they can understand, realistic advice, guidance and support on how to use them and for reporting systems that will route their enquiry to someone who will respond, be it law enforcement or technical support."