CBI demands action on cybercrime
The Confederation of British Industry calls on the government to fight cybercrime. It says many companies refuse to put their business online for fear of losing money or reputation.
In a report released Wednesday, the Confederation of British Industry (CBI) warned that the growth of e-commerce in the United Kingdom is suffering because of these worries. The CBI has carried out a survey of British companies and discovered that two-thirds of the companies that responded had suffered a "serious cybercrime attack"--which the CBI defines as having experienced hacking, credit card fraud or a virus attack--in the past year.
The CBI wants to see the government taking more action against these threats. It recommends that a "U.K. Center for Cybercrime Complaints" be set up where companies could report incidents.
The CBI also wants the Computer Misuse Act 1990 to be updated to cover attacks on information-technology systems, and it suggests that the government take a greater role in the fight against cross-border cybercrime. The act covers hacking into someone else's computer and modifying data; the recently updated Terrorism Act expanded the definition of terrorism to include actions that "seriously interfere with or seriously disrupt an electronic system" where there is an intent "to influence the government or to intimidate the public." However, neither specifically covers attacks on a company's IT systems.
Government officials were unable to give an immediate response to the CBI's recommendations but are expected to comment later Wednesday. Douglas Alexander, the e-commerce minister based at the DTI, is responsible for promoting the growth of e-commerce in the United Kingdom, but Internet crime--especially any changes in relevant criminal law--would be handled by the Home Office.
There have been repeated demands for a confidential channel for U.K. businesses to report cybercrime attacks. In June, the head of Britain's National High-Tech Crime Unit (NHTCU) called for such a body to be created and admitted that without one there is no way of telling the true scale of Internet crime in the United Kingdom.
Many companies are thought to cover up cybercrime attacks, because they are worried about negative publicity. A year ago, Powergen hit the headlines when it emerged that the credit card details of 7,000 customers had been exposed on its Web site. The company managed to scrape together some good PR when it decided to pay compensation of 50 pounds ($72) to each person affected by what was condemned as a gross breach of consumer confidence.
The CBI found that the damage to a company's reputation was more of a concern than financial losses. Nearly 70 percent of those who responded to the survey thought that a cybercrime attack would have negligible financial impact, while loss of trust and bad publicity was seen as a bigger threat.
Digby Jones, director-general of the CBI, believes that fears over potential financial losses and the damage to reputation that Internet crime can cause are stalling the growth of e-commerce. He believes that this will only be overcome when everyone involved is reassured that adequate security is in place.
"Achieving that means firms understanding what the threats are and the government keeping the law up-to-date and making sure it's properly enforced," he said.
The CBI carried out the survey by sending a questionnaire to a range of U.K.-based companies across a range of sectors. It received 148 replies.
The survey found that organizations are happier to take part in transactions with other businesses rather than selling to consumers. While 53 percent of companies responding to the survey see the Internet as a safe place for business-to-business transactions, only 32 percent think the same is true for online sales to consumers.
Hacking is now seen as the No. 1 threat to businesses. In the past, malicious actions carried out by people working within a company were seen as the greatest danger. The CBI's survey found that 45 percent of cybercrime carried out in the past 12 months was caused by hackers, followed by 13 percent perpetrated by former employees, another 13 percent by organized criminals, and 11 percent by current employees.
According to the CBI, credit card fraud represented only 4 percent of the most serious incidents in the past year.
Staff writer Graeme Wearden reported from London.