To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/smedirector/0,39024679,39118615,00.htm

E-crime hitting British business for billions
And it's not just organised criminals – it's your staff...

By Jo Best

Published: Tuesday 24 February 2004

E-crime is dogging British business, according to a survey from the National Hi-Tech Crime Unit (NHTCU). But the threat isn't just from organised criminal gangs – it could be coming from within companies themselves, research shows.

The figures released by NOP on behalf of the NHTCU show the cost to British business of e-crime is now running into billions of pounds as a result of cyberattacks that range from viruses and denials of service to internal threats - including criminal misuse of the internet at work and theft of data.

The survey, which questioned businesses from across England, found that 83 per cent had experienced some form of cybercrime, with viruses being the most prevalent form of attack, affecting 77 per cent of companies.

The total cost of cybercrime was over £195m just among those businesses questioned for the survey – £121m from financial fraud alone - suggesting that the threat to British economy from cybercrime could well now be in the billions.

While spoofing and DoS attacks chiefly plague larger organisations – think the eBay scams doing the rounds and the denial of service that hit SCO and Microsoft late last month - it seems the biggest threat to smaller companies comes from staff themselves.

And it's not just workers' attitude to viruses that's the problem. A significant proportion of employees are still doing things they should on the internet – according to the NOP figures, 17 per cent of employees are doing criminal things on the internet and seven per cent of company websites are misused.

Peter Scargill, IT director for the Federation of Small Business, said that while larger companies often have acceptable internet use policies as standard, SMEs often don't have the same luxury. "It tends to be suck it and see with small businesses," he told silicon.com. "If there's no apparent problem they let the staff get on with it and they don't find out someone's abusing [the internet] until it's too late. They need to know that if someone's doing something illegal, the company bears a share of responsibility in that."

And the smaller the company, the less chance they'll have the resources on site to deal with any electronic crime crisis, the research shows, with over a third of businesses having no crisis management team in place.

Awareness is one big problem dogging businesses when it comes to e-crime, said Len Hynds, head of the NHTCU, speaking at the e-Crime Congress today. "It is harder to convince the uninitiated of the very real risks [of e-crime]... but a threat which is out of sight is still a threat nonetheless," he said. "Organised crime is still reliant upon apathy...upon an assumption it's someone else's problem."

He added that companies not reporting cybercrimes was also a key challenge to be overcome. Scargill said that attitudes towards e-crime among small businesses in particular presented a problem. "People don't think about [viruses] as crime – they don't see that it has costs them money in terms of time and report it," and added that clear education - both from government and from within companies themselves - was needed.

The news from the NHTCU isn't all bad, however. The survey shows that 68 per cent of the businesses queried believe that they're spending enough money on preventing cybercriminals – up from 62 per cent two years ago.