Third of UK businesses do not report e-crime
A survey by Infosecurity Europeof 285 companies has found that a third of businesses do not report their information security crimes and breaches. Further to this, according to interviews Infosecurity Europe conducted with a panel of 20 Chief Security Officers (CSOs) of large enterprises, businesses are subject to attempted e-crime every day, but it is hard to establish at what point it becomes sensible to report it. There is a balance to be made between the company’s responsibility to report crime in order to prevent and predict incidents in the wider business community and the clear material loss from reputational damage.
“From my experience as a media lawyer, reporting crime to the police is a double edged sword as invariably the press have found out about the incident within 24 hours of reporting it to the police, creating a real PR risk.” Says media lawyer Jonathan Coad from Swan Turton.
The counter argument is given by Tony Neate, Managing Director, GetSafeOnline who says, “In order to be effective we need to know what the scale of the problem is, this can only be measured if we report incidents when they occur. How and who we report to is a matter for debate, whether it is the ISP, bank, or local police. Without collating the scale of the e-crime problem, we will never truly be aware of the cost to society at large and the measures that need to be put in place to fight it.”
Phillip Virgo, Secretary General, EURIM, comments on the findings, “We must stop patronising small firms and‚ consumers if we want them to do serious business on-line. “How do they find out whether their system has‚ been recruited into a botnet or if it is‚ their firewall, operating system, browser and applications programmes fighting for supremacy? The time has come to respond to the needs of the customer for security tools they can understand, realistic advice, guidance and support on how to use them and for reporting systems that will route their enquiry to some-one who will respond – be it law enforcement or technical support.”
At Infosecurity Europe 2007 the subject of e-crime will be covered in a number of keynotes and seminars. Including the keynote on, “Should You Always Report Crime?”, chaired by Geoff Smith, Head of Information Security Policy, DTI with Tony Neate, Managing Director, GetSafeOnline; Philip Virgo, Secretary General, EURIM and Jonathan Coad, Partner, Swan Turton. These experts will debate whether the reporting structures are in place to allow a company’s assets to be protected while an investigation is appropriately prosecuted and if there is a willingness and capability for this to happen. The keynote, which is free to attend for Infosecurity Europe visitors, takes place at 3pm on Wednesday 25 Apr 2007.
Infosecurity Europe is the number one event dedicated to information security. With over 300 exhibitors, the event is the most comprehensive showcase for the most diverse range of new and innovative products and services from the World’s top information security experts and vendors. The event enables security professionals and business managers to establish a commercial justification for information security, refine their security policies and select the most appropriate solutions to support their security strategy in order to safeguard their company’s reputation and assets. Over 11,000 visitors are expected to attend this year’s event with many travelling from overseas to participate in the FREE education programme that addresses both strategic and technical issues drawing on the skills and experience of senior end users, technical experts and real world case studies. Infosecurity Europe takes place at the Grand Hall, Olympia, London from 24th to 26th April 2007.