10th CSI/FBI Survey Shows Cybercrime Losses Down for Fourth Straight YearUnauthorized Access Shows Dramatic Increase and Theft of Proprietary Information More Expensive Than EverPRNewswire The Computer Security Institute (CSI) announced today the results of its 10th annual Computer Crime and Security Survey: average cybercrime losses are down. The Computer Crime and Security Survey is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. The aim of this effort is to raise the level of security awareness, as well as help determine the scope of computer crime in the United States. The survey is available for free download from the Institute's Web site at GoCSI.com. Highlights of the 2005 Computer Crime and Security Survey include:
-- The total dollar amount of financial losses resulting from security
breaches is decreasing, with an average loss of $204,000 per
respondent-down 61 percent from last year's average loss of $526,000.
-- Virus attacks continue as the source of the greatest financial losses,
accounting for 32 percent of the overall losses reported.
-- Unauthorized access showed a dramatic increase and replaced denial of
service as the second most significant contributor to computer crime
losses, accounting for 24 percent of overall reported losses, and
showing a significant increase in average dollar loss.
-- Theft of proprietary information also showed a significant increase in
average loss per respondent, more than double that of last year.
-- The percentage of organizations reporting computer intrusions to law
enforcement has continued its multi-year decline. The key reason cited
for not reporting intrusions to law enforcement is the concern for
negative publicity.
Based on responses from 700 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the 2005 Computer Crime and Security Survey confirm that the threat from computer crime and other information security breaches is real. Chris Keating, CSI Director, believes that the Computer Crime and Security Survey, now in its 10th year, suggests that organizations that raise their level of security awareness "have reason to hope for measurable returns on their investments." He also notes, however, that the nature of cybercrime is changing: "Individual users are more exposed to computer crime than ever, due to the growth in identity theft schemes. With the press and the public paying more and more attention as identity theft becomes a vital societal issue, we can't help but note the shift in the survey results toward more financial damage due to theft of sensitive company data. This is an ominous, though not unexpected, development and underscores the need to insist that enterprise networks be properly safeguarded." Robert Richardson, CSI Editorial Director remarks, "The CSI/FBI survey continues to lend credence to our belief that our survey respondents are getting better and better results from their ongoing focus on information security. But that's not to say that all organizations are protecting themselves with equal vigor. And it's more clear than ever, not only that organizations are always under attack, but that security breaches-especially when widely publicized-can be disastrous both in terms of customer relations and financial results." Continued this year was CSI's collaboration with an academic team from the Robert H. Smith School of Business at the University of Maryland. The three-person team, led by Lawrence A. Gordon, Ernst & Young Alumni Professor of Managerial Accounting and Information Assurance, specializes in research on the economics of information security. CSI Director Keating says bringing academics into the survey process improves both the survey itself and the subsequent analysis of the results. Computer Security Institute (CSI) is the world's premier membership association and education provider serving the information security community. For over 32 years CSI has helped thousands of security professionals protect their organizations' valuable information assets through conferences, seminars, publications and membership benefits. The FBI, in response to an expanding number of instances in which criminals have targeted major components of information and economic infrastructure systems, has established Regional Computer Intrusion Squads located in selected offices throughout the United States. The mission of Regional Computer Intrusion Squads is to investigate violations of Computer Fraud and Abuse Act (Title 8, Section 1030), including intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes. Additionally, the FBI sponsors InfraGard, an information sharing and analysis effort between the FBI and the private sector. InfraGard is designed to assist in protecting the infrastructure of the United States. To learn more about InfraGard, your local chapter and how you can become a member, please go to www.infragard.net. For complete survey, go to GoCSI.com. CONTACT: Robert Richardson +1-610-604-4604 rrichardson@cmp.com SOURCE: Computer Security Institute CONTACT: Robert Richardson, +1-610-604-4604, or rrichardson@cmp.com, for Web site: http://www.infragard.net/ Web site: http://gocsi.com/ |