Computer Crime Losses Drop Significantly
Eighth annual Computer Crime and Security Survey by CSI and FBI show security breaches remain the same but financial losses are declining.
Financial losses from computer crime are down significantly from last year according to the latest Computer Crime and Security Survey conducted by the Computer Security Institute (CSI) and the FBI. According to the survey, overall financial losses totaled $201.7 million, a sharp drop from the previous survey total of $455.8 million.
Overall, the number of significant incidents remained roughly the same as last year, despite the drop in financial losses.
As in prior years, theft of proprietary information caused the greatest financial loss with $70.1 million in reported losses. The average reported loss from the 530 respondents was approximately $2.7 million. In a change from previous survey results, the second-most expensive computer crime was denial of service, with a cost of $65.6 million, up 250 percent from last year's losses of $18.3 million.
The CSI says the survey results illustrate that computer crime threats to large corporations and government agencies come from both inside and outside their electronic perimeters. For the fourth consecutive year, survey respondents said their Internet connections were a more frequent point of attack than their internal systems.
CSI Director Chris Keating said the survey results has delivered on its promise to raise the level of security awareness and help determine the scope of crime in the U.S.
"The trends the CSI/FBI survey has highlighted over the years are disturbing. Cyber crimes and other information security breaches are widespread and diverse," Keating said. "Fully 92 percent of respondents reported attacks. Furthermore, such incidents can result in serious damages. The 251 organizations that were able to quantify their losses reported a total of over $200 million."
Keating added, "Clearly, more must be done in terms of adherence to sound practices, deployment of sophisticated technologies, and most importantly adequate staffing and training of information security practitioners in both the private sector and government."