CBI demands action on cybercrime

The Confederation of British Industry calls for more government action after finding that fear of Internet crime is stopping businesses getting online
Written by Graeme Wearden, Contributor

The UK's top business leaders are calling upon the government to take action against cybercrime, warning that many firms are still refusing to put their business online for fear of losing money or reputation.

In a report released on Wednesday, the Confederation of British Industry (CBI) warned that the growth of e-commerce in the UK is suffering because of these worries. The CBI has carried out a survey of British companies and discovered that two-thirds of the firms that responded had suffered a "serious cybercrime attack" -- which the CBI defines as having experienced hacking, credit card fraud or a virus attack -- in the last year.

The CBI wants to see the government taking more action against this threats. It recommends that a "UK Centre for Cybercrime Complaints" is set up, where firms could report incidents. The CBI also wants the Computer Misuse Act 1990 to be updated to cover attacks on IT systems, and suggests that the government takes a greater role in the fight against cross-border cybercrime. The Act covers hacking into someone else's computer and modifying data, while the recently updated Terrorism Act has expanded the definition of a terrorist to include actions that "seriously interfere with or seriously disrupt an electronic system" where there is an intent "to influence the government or to intimidate the public." However, neither specifically covers attacks on company's IT systems.

Government officials were unable to give an immediate response to the CBI's recommendations, but are expected to comment later today. Douglas Alexander, the e-commerce minister based at the DTI, is responsible for promoting the growth of e-commerce in the UK, but Internet crime -- especially any changes in relevant criminal law -- would be handled by the Home Office.

There have been repeated demands for a confidential channel for UK businesses to report cybercrime attacks. Back in June, the head of Britain's National High-Tech Crime Unit (NHTCU) called for such a body to be created, and admitted that without one there is no way of telling the true scale of Internet crime in the UK.

Many firms are thought to cover up cybercrime attacks, because they are worried about negative publicity. A year ago, Powergen hit the headlines when it emerged that the credit card details of 7,000 customers had been exposed on its Web site. The company managed to scrape together some good PR when it decided to pay compensation of £50 to each person affected by what was condemned as a gross breach of consumer confidence.

The CBI found that the damage to a firm's reputation was more of a concern than financial losses. Nearly 70 percent of those who responded to the survey thought that a cybercrime attack would have negligible financial impact, while loss of trust and bad publicity was seen as a bigger threat.

Digby Jones, director-general of the CBI, believes that fears over potential financial losses and the damage to reputation that Internet crime can cause is stalling the growth of e-commerce. He believes that this will only be overcome when everyone involved is reassured that adequate security is in place. "Achieving that means firms understanding what the threats are and the Government keeping the law up to date and making sure it's properly enforced," he said.

The CBI carried out the survey by sending a questionnaire to a range of UK-based firms across a range of sectors. It received 148 replies.

The survey found that organisations are happier to take part in transactions with another businesses, rather than selling to consumers. While 53 percent of companies responding to the survey see the Internet as a safe place for B2B, only 32 percent think the same is true for B2C.

Hacking is now seen as the number one threat to businesses. In the past, malicious actions carried out by people working within a firm was seen as the greatest danger. The CBI's survey found that 45 percent of cybercrime carried out in the last 12 months was caused by hackers, followed by 13 percent perpetrated by former employees, another 13 percent by organised criminals, and 11 percent by current employees.

According to the CBI, credit card fraud represented only four percent of the most serious incidents over the last year.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards