Jonathan Coad, partner at Swan Turton, who advises firms on protecting their reputations, will tell delegates that going to the police is not always the best option for IT directors and their organisations when they suffer a hacking attack.
"There are very good reasons to report computer crime on a public policy basis, to assist the police and ensure that statistics on e-crime are correct. The risk by doing that is that the story will be released to the press and there will be knock-on damage to the company," he said.
Coad said there was a significant risk that companies that reported major incidents to the police would find details leaking to the press, but he said firms should look at each incident on a case-by-case basis.
"If a company knows a crime has been committed but decides not to report it, it could come out another way - either through a whistleblower or a police inquiry. That could create a worse situation," he said.
Paul Vlissidis, head of penetration testing at consultancy NCC Group, said, "I have seen every reaction, from not wanting police involved to getting them involved as early as possible. The reality is that a lot of organisations never get the police involved or leave it until it is too late and the trail of evidence is destroyed."
Tony Neate, managing director of security information portal Get Safe Online, said it was wrong to suggest that police would leak information to the press on computer crime issues. "Confidences are not broken," he said.
Comment on this article: firstname.lastname@example.org