UK businesses fail to report cybercrime

IT managers fail to report cybercrime like Trojan horses

A third of UK companies don't report incidents of cybercrime and security breaches, a new InfoSecurity survey shows.

The security firm polled 285 UK businesses and found that the firms were subject to hacking attacks - such as Trojans and port scans - almost daily. It also spoke to 20 chief security officers of large companies, who revealed that IT managers find it difficult to balance whether or not to report cybercrime.

The IT experts cited the dilemma of being responsible to report crime to "prevent and predict"' incidents, versus the effect reporting the crime could have on the company's reputation, which can often cause more damage than the crime itself.

The primary concern is often to protect company reputation. "From my experience as a media lawyer, reporting crime to the police is a double-edged sword as invariably the press have found out about the incident within 24 hours of reporting it to the police, creating a real PR risk," said media lawyer Jonathan Coad from Swan Turton .

But Tony Neate, managing director of safety campaign GetSafeOnline said that in order for police and other law enforcement agencies to fight crime effectively they need to know the scale of the problem.

"How and who we report to is a matter for debate, whether it is the ISP, bank, or local police," Neate said. "Without collating the scale of the e-crime problem, we will never truly be aware of the cost to society at large and the measures that need to be put in place to fight it."

Phillip Virgo, secretary general of think tank Eurim , said that firms and consumers need a clearer idea of where to turn to for assistance.

"The time has come to respond to the needs of the customer for security tools they can understand, realistic advice, guidance and support on how to use them and for reporting systems that will route their enquiry to some-one who will respond - be it law enforcement or technical support," he said.