FBI: Online Crime Losses Down, Attacks Up
New study from the FBI and the Computer Security Institute cites dramatic drops and some notable rises in network security categories.
But Web site incidents, such as denial-of-service attacks, also rose between 2003 and 2004, as did unauthorized access incidents at Web sites involved in the report.
The 2005 CSI/FBI Computer Crime and Security Survey, produced by the Computer Security Institute (CSI) and San Francisco FBI's Computer Intrusion Squad, said the average dollar loss per survey respondent from a security breach was $204,000 in 2004.
That's a 61 percent drop from the previous year's figure of $526,000. Overall, 639 survey respondents were ''willing and able'' to estimate their losses, which rang up a total of just over $130 million.
Unauthorized access came in second at $31.2 million in total reported losses, representing 24 percent of all reported losses.
Unauthorized access skyrocketed by almost six fold year-over-year, from a reported $51,545 in losses in 2003 to $303,234 in 2004, a rise of 488 percent.
Theft of proprietary info was the third leading cause of financial loss at $30.9 million and also reported a significant average dollar loss per respondent increase to $355,552 in 2005, up from $168,529 in 2004 -- or 111 percent.
Rounding out the survey's list of dollar losses by type were: Denial of service ($7.3 million), insider 'Net abuse ($6.9 million), Laptop theft ($4.1 million), financial fraud ($2.6 million), misuse of a public Web application ($2.2 million), system penetration ($841,000), abuse of wireless network ($545,000), sabotage ($341,000), telecom fraud ($242,000) and Web site defacement ($115,000).
According to the report, one of the most dramatic findings from the survey was the marked increase in Web site incidents, such as the ones cited in the above paragraph.
Ninety five percent of respondents reported more than 10 Web site ''incidents''. Only 2 percent indicated they had experienced between 1 and 5 incidents. The 2004 survey found that only 5 percent had experienced more than 10 incidents and that 89 percent had experienced between 1 and 5 incidents.