Businesses shy away from prosecuting cyber criminals

Businesses often shy away from sharing information about cyber crime with the police because they do not want to end up dealing with a public court case, according to an expert.

John Harrison, an independent consultant with three decades experience working for BT, said that companies often don't want to prosecute when they become a victim of cyber crime.

Harrison, speaking at the ENISA conference in Greece, said that there was a risk of embarrassment for the business, and that the information coming out in the public domain far outweighed any benefit derived from going ahead with a prosecution.

He said: "The risk is - if I share [the crime] with law enforcement, will they feel obliged to [prosecute it in] court? Even if I don't want to."

Harrison added that he saw the benefits of organisations like FS-ISAC in Holland working with law enforcement as the police could obviously help banks, but other industries didn't necessarily mirror this "natural fit".

He added: "I know in the UK they don't [go to the police] because at a strategic level it's not about instant response, but about trying to fix things."