More sophisticated cyber crime costs UK billions

As cybercriminals grow in sophistication and organized crime becomes increasingly involved in the mix, the cost of cybercrime to U.K. business continues to grow, resulting in billions lost in down time, systems damage and client loss, according to a report released Tuesday by the National Hi-Tech Crime Unit (NHTCU).

As of last year, the estimated minimum cost of the impact of high-tech crime on companies based in the U.K. with more than 1,000 employees was £2.45 billion (US$4.61 billion), the NHTCU said. The results of the yearly survey were announced on the first day of the e-Crimes Congress in London.

In the survey of 200 large and medium-size companies, 89 percent said that they had experienced some form of high-tech crime in 2004; of those, 90 percent suffered from unauthorized access to, or penetration of, their company systems, while 89 percent suffered theft of information or data, the NHTCU said. Security breaches occurred from outside and, more often, from within a company's system.

Furthermore, 97 percent of all respondents said they had experienced virus attacks in the year, costing £70.8 million, while financial fraud cost 9 percent of respondents £68.2 million, the NHTCU said.

The survey was conducted by NOP (the market research division of United Business Media PLC) for the NHTCU, which was created as part of the National Crime Squad in 2001. Since its inception, the unit has been involved in over 100 investigations and has arrested over 200 people involved in serious and organized computer related crime, the NHTCU said.

The Director General of the National Crime Squad, Trevor Pearce, estimated that in 2004, nine out of 10 companies in the U.K. suffered some sort of cybercrime, reiterating the study's findings, and that the growing spread of that crime was having far reaching effects. "The inability to carry on with the day job (because of cybercrime) is a growing concern of companies," Pearce said, speaking at the e-Crimes Congress Tuesday.

According to Pearce, the biggest trend in cybercrime has been the emergence of organized crime. "We are seeing a professionalization of organized crime as they enter the high-tech world," he said.

Yet despite all of the warnings, a third of companies in the U.K. still do not perform security audits, and 35 percent have no crisis management procedures to deal with high-tech crime, Pearce said.

On average, a company experiences 7 virus attacks a day, though that figure can vary wildly depending on the company. For example, Alan Jebson, Group Chief Operating Officer at HSBC Holdings PLC told the audience that on the bank's busiest day last year, the U.K.-based financial institution was hit with 100,000 attacks.

"Criminals are attracted to the Internet by the sheer lever of opportunity," Jebson said.

Jebson expressed his industry's concern that as cybercrime continues to take new forms, consumers are becoming more fearful of conducting any financial transaction over the Internet.

Blossoming new security threats include the use of zombie networks or botnets to attack companies; phishing online identity theft scams; pharming frauds which redirect Internet users looking for legitimate Web sites to Web pages at another site controlled by the unknown attackers, and the use of money mules, people who allow their bank account to be used to store stolen money (most likely from the same bank) before it is then moved to another site, often offshore.