At the Infosec IT security show last month, several speakers voiced optimism about recent moves to tackle computer crime in the UK.

Tony Neate, e-crime liaison at the UK’s newly-established Serious Organised Crime Agency (Soca), argued in a keynote speech that Soca is better able to combat IT crime than the National Hi-Tech Crime Unit, (NHTCU), which has been absorbed into the new body.

“The future is looking brighter because people are prepared to talk about [security breaches] now,” Neate said. “The NHTCU has not gone away, we are now part of an organisation with four other arms. We’re getting cleverer and will still be there to support business and consumers.”

Regional police forces, which will be the first port of call for firms wishing to report security breaches, will be given extra resources to help them cope with high-tech crime, Neate added. Previously, firms could report breaches directly to the NHTCU.

However, some attendees, including security lobbyist Lord Erroll, Sir Merlin Hay, said they were concerned that firms may now be discouraged from disclosing information about attacks on their networks, because local police might not have the right expertise, and the NHTCU’s Confidentiality Charter is no longer in place.

“It will be interesting to see how [Soca] beds down,” said Hay. “The people in it are good, but it worries me that new police agencies are being set up with huge powers but outside the Police Act – I’d like to see more democratic accountability.”

Many IT chiefs agreed organisations should be open about disclosing attacks on their systems. Peter Pederson, chief technical officer of online betting firm Blue Square, said that the best approach is to “stand shoulder to shoulder” with law enforcers and keep customers informed.

“Customers welcomed our honesty and applauded our willingness to come forward, although [security breach disclosure] legislation would be useful to put us on an even keel,” said Pederson. “We’ll wait and see if [our relationship with law enforcers] changes [with the creation of Soca] but I think we’ll work with them in the same way.”

Stephen Bonner, director of technical security at Barclays Capital, predicted that firms would not be very discouraged by the disappearance of the Confidentiality Charter, and suggested that Soca would have better resources to tackle IT crime.

On the issue of funding for security projects, several speakers said IT managers should make requests to the board in terms of clear business objectives, rather than technology, and that some security upgrades could be justified in terms of compliance with regulations.

Rorie Devine, information security director at online gambling company Betfair, said funding is more likely to be approved if the board is given more than one quantitive risk assessment, showing the probability of costs arising.

“If you tell them there is a 40 percent chance of being hit by a virus attack next week, explain where that risk comes from,” said Devine. “Scare [tactics] have had their day. Decide what it is you have to protect and make sure you have a starting point for how much money you have to spend.”