the police

Companies keep silent on data breaches

On the anniversary of the scrapping of the UK confidentiality charter businesses are reluctant to discuss data breaches

Written by David Neal

IT Week, 10 Apr 2007

One year on from the scrapping of the Confidentiality Charter that let businesses report IT crime in confidence directly to the police, new research by the organisers of the Infosecurity Europe event has revealed that a third of corporate IT security breaches in the UK currently go unreported.

Many of the respondents said they were unsure which crimes are worth reporting, while others chose not to alert the police for fear of brand damage. This concern is likely to have been heightened by the recent example of clothing retailer TK Maxx, which was obliged by US laws to reveal that the card details of almost 46 million customers worldwide had been compromised by a computer security breach.

Advertisement

Jonathan Coad, a media specialist at law firm Swan Turton, said newsworthy breaches are often leaked to the press. “Reporting crime to the police is a double-edged sword as invariably the press has found out about the incident within 24 hours,” he said.

Coad’s comments highlight the loss of the Confidentiality Charter, a consequence of the absorption last April of the National Hi-Tech Crime Unit into the Serious Organised Crime Agency (Soca). The charter was established to encourage more open IT crime reporting by guaranteeing privacy for businesses and offering them a direct link to the e-crime unit.

That was a very different approach to the one adopted by many US states, which have introduced legislation to force firms to go public with breaches affecting the safety of customer data.

Mark Watts, IT partner at law firm Bristows, said that firms might be wise not to disclose information on breaches too early. “In the US we are already seeing ‘breach fatigue’ where consumers are faced with so many notifications they find it difficult to weed out the important ones,” he explained. “Firms should look at the incident and decide if there is a real prospect of data theft. If there is not, why worry consumers?”

Ollie Ross, head of research at user group The Corporate IT Forum, said the reluctance of corporate victims to report IT crime means much of it goes unresolved. “But as the TK Maxx incident has demonstrated, the stakes are very high,” he added.

However, Maxine Holt of analyst firm Butler Group argued that corporate victims not reporting crimes “is of no use to anybody”.

Tags:

Comments

Have your say on this article

White papers

Related jobs

More Accounting jobs

Most read

Most commented

Special Reports

Latest

Spotlight

Andrew Higginson, Tesco Personal Finance

Profile: Andrew Higginson, CEO of Tesco Personal Finance

He’s spent more than a decade at the top of...

Top 30 Accounting Networks and Associations 2008

The race to become the biggest firm on the planet...

Barack Obama Accountancy Age cover October 2008

Obama: asset or liability?

What an Obama presidency could mean for you

Find your next job

Find your next job
Salary Checker

Job of the week

More finance jobs

Newsletters

Sign up here for the very latest news delivered to your inbox. Choose from the following options:

Your next job

Have your say

THE BIG QUESTION: TAX CUTS
Will proposed tax cuts help to stimulate the economy?
Yes
No

Advertisement

Search white papers

Search white papers

Advertisement