Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

04 May 2007

Cybercrime unreported due to reputation risks

Eleanor Dallaway

One in ten people who make online transactions have been a victim of fraud. But at what point does it become worthwhile to report it?

Businesses often prioritise saving their reputation over reporting incidents of cybercrime to the police, a recent report has shown. The survey, carried out by organisers of the Infosecurity Europe show, questioned 285 companies and 20 chief security officers. Results suggested that one third of UK businesses fail to report information security crimes and breaches to the police.

Speaking at the Infosecurity Europe exhibition on 25 April, in a session called ‘Should you always report crime?’, managing director of government and industry-funded web-site GetSafeOnline, Tony Neate stressed the importance of reporting information security crime. “If we don’t know what the problem is, then we can never find a solution,” he said. “Without collating the scale of the e-crime problem, we will never truly be aware of the cost to society at large, and the measures that need to be put into place to fight it.”

With 60% of Britons having access to the internet at home, 95% of them using it on a daily basis, the chances of being subject to online fraud are increasing. In 2006, more than £30bn was spent online in the UK, but instead of seeing an increase in reported crime to correlate with an increase in incidents, the number of arrests has decreased over the past two years.

Managers are forced to choose between an organization’s responsibility to report crime in order to prevent further incidents, and their fear of the company’s reputation becoming known as a target, according to speakers at the session.

“The reputation of a company is very important. Fifty-three per cent of people would stop spending money in shops that have suffered security breaches. So the difficulty in reporting crime to the police, is that it always means you’re also reporting it to the press, and this is a real PR risk,” said Jonathan Coad, a partner of UK law firm Swan Turton.

On 1 April, the Home Office released a rule that online fraud should be reported to the financial institution concerned, not the police. “This is a good start,” said Neate, adding that phishing and identity theft are the biggest problems, “but police should only deal with spam if there is criminal intent behind it”.

Jonathan Coad offers an eight-point checklist of how to react in the incident that your company has been affected by cybercrime:

  • Assess possible damage
  • Is there a legal obligation to report the incident?
  • Consider the timescale/method
  • Get a PR expert who will minimize reputation damage
  • Check your legal rights
  • If there has been a security breach, offer comforts to customers
  • Prepare a press strategy
  • Monitor press reports

Back to news index



 

 
Search this Site:
Google Custom Search

sign up for enews





Click here...