One third of businesses do not report e-crime

Businesses do not report security breaches to police

A third of businesses do not report their information security crimes and breaches, according to research.

Interviews conducted by Infosecurity Europe with a panel of 20 chief security officers (CSOs) of large enterprises suggests that businesses are subject to attempted e-crime every day, but find it hard to establish at what point it becomes sensible to report it.

There is a balance to be made between the company’s responsibility to report crime to prevent and predict incidents in the wider business community and the clear material loss from reputational damage, say experts.

'From my experience as a media lawyer, reporting crime to the police is a double-edged sword as invariably the press have found out about the incident within 24 hours of reporting it to the police, creating a real PR risk,' said media lawyer Jonathan Coad from Swan Turton.

But Tony Neate, managing director of internet security campaign group GetSafeOnline says it is important to know the scale of the problem.

'This can only be measured if we report incidents when they occur,' he said.

'Without collating the scale of the e-crime problem, we will never truly be aware of the cost to society at large and the measures that need to be put in place to fight it.'

Phillip Virgo, secretary general of lobby group Eurim, says reporting systems need to be set up for businesses that make thing easy for them.

'The time has come to respond to the needs of the customer for security tools they can understand, realistic advice, guidance and support on how to use them and for reporting systems that will route their enquiry to some-one who will respond - be it law enforcement or technical support,' he said.