Cybercrime attacks are seen by both financial and security experts to be potentially damaging for a company's corporate profile and profitability. Admission of a cybercrime incident can dent shareholder confidence in a company's corporate profile, analysts said.
Only a small fraction of cybercrime incidents are reported but security industry analysts said cybercrime incidents are much more widespread and include incidents in which customer records are hacked and both account holders and host entities end up losing money.
Recent investigations by the U.S. Congress and independent financial surveyors found that corporations continue to avoid reporting of the incidents in corporate filings.
Most business concerns are required under law to report cybercrime incidents and, more specifically, to inform investors each time they are subjected to cybercrime.
In the United States, the Securities and Exchange Commission requires all corporate entities to report incidence of cybercrime. Similar requirements apply to businesses elsewhere in the industrialized world.
Industry analysts said the only way a business could get away with zero admission to cybercrime incidents would be by not reporting such incidents to law enforcement agencies.
Congressional interventions to rectify the situation include initiatives in the Senate Commerce, Science and Transportation Committee, which wants corporate entities to be made more answerable. Sen. Jay Rockefeller, D-W.Va., is spearheading changes to cybersecurity legislation to strengthen the reporting process.
The SEC cybersecurity guidance currently is not mandatory, rather it expects companies to include cybercrime incidents among any material risks faced by a business.
In Europe, moves are afoot to set up a dedicated center to fight cybercrime amid estimates that tens of billions of dollars are lost each year to cybercrime activities.
Based in The Hague, Netherlands, the center will be operational next year and will operate alongside alongside Europol, the pan-European police force.
More than a third of the EU's 500 million citizens bank online, and an estimated $8 trillion changes hands globally each year in e-commerce, the Commission said in a report. EU experts cited studies that estimate cybercrime costs to exceed $388 billion worldwide.
British security forces also cited instances where huge losses suffered by U.K. companies went unidentified. An unnamed London-listed company hit by a cyberattack incurred revenue losses of $1.2 billion, MI5 national intelligence service Director General Jonathan Evans said. Evans did not not identify the company or say which country was behind the attack.
U.S. security experts say most hacking is sourced to China and Russia, but other security analysts say the Internet's current structure allows cybercriminals to operate from any number of jurisdictions, some virtually out of reach of international law enforcement agencies.
Fortune 500 companies were reported among victims of costly cybercrime incidents which most of them chose not to disclose to regulatory and security authorities.