Networks Show: Police admit they scare off cybercrime victims

Companies that are the victims of cybercrime are fearful of calling in law enforcement agencies, according to a leading...

Companies that are the victims of cybercrime are fearful of calling in law enforcement agencies, according to a leading cybercrime fighter.

Phil Swinburne, specialist policy adviser at the National Hi-Tech Crime Unit, told visitors at the Networks Show visitors in Birmingham earlier this week that financial cost was a key factor inhibiting victims' recourse to the police.

"As well as fearing a loss of reputation in being successfully targeted as a result of the crime being made public, there are also fears among business that getting involved with the law could create further damage," said Swinburne.

"Fears over collaborating with law enforcement agencies include a loss of control of internal security and also high expenses in collecting evidence for a potential prosecution," he added.

Swinburne said that collecting evidence could be extremely time-consuming for the company's security chief. He also admitted that there was a general assumption among business that the law enforcement agencies were under strength and there were some important misconceptions about how the police would investigate cybercrime.

Some companies, he said, believed that reporting a cybercrime would result in their PCs being taken away as part of the evidence-gathering process.

Swinburne defended his agency's record so far, saying that the agency had only been running since last October and had conducted 13 operations, resulting in 42 arrests.

The Hi-Tech Crime Unit was now trying to persuade those companies who did not want to press charges against their attackers, to at least share more of the information with the Unit, to help it to investigate other cases.

The lack of properly trained security staff was highlighted by Computer Associates' security head David Love. He warned that by 2003, internal security teams would be 50% under strength.

Love called on companies to make better use of their security staff by giving them more tools to detect and deal with threats automatically. At present, most organisations are managing systems manually.

Read more on IT risk management