Computer Crime Takes Heavy Toll on Companies

The cost of computer crime and vandalism is rising rapidly, as is the number of incidents occurring each year.

Fully 85 percent of the respondents to the Computer Security Institutes annual Computer Crime and Security Survey reported detecting a security breach during 2001.

And the cost to the respondents who could quantify their losses was $377.8 million, up more than $100 million from the $265.5 million lost in 2000.

Even that number is slightly misleading, considering that, in 2001, only 186 respondents put a dollar figure on their losses, compared with 249 in 2000. That means the average loss in 2001 was more than $2 million vs. a little more than $1 million the previous year.

The survey is a joint effort of the CSI, based in San Francisco, and the FBIs National Infrastructure Protection Center, and its respondents are computer security professionals in large companies, universities and government agencies.

Among the other key findings of the survey is the fact that 78 percent of the organizations that detected attacks against their Web sites suffered denial-of-service attacks. Thats an increase of 30 percent from the previous year. And 58 percent of the respondents who suffered any kind of attack against their Web site reported 10 or more incidents.

Also, 70 percent of all the respondents said that most of their attacks had come from outside the network, while only 31 percent said that their internal systems are a frequent point of attack. That finding runs counter to much of the accepted wisdom in the security industry, which holds that employees and other insiders represent the biggest threat to network security.

To the shock of no one, 94 percent of the respondents detected a computer virus during 2001, up from 85 percent in 2000.

Related stories:

• Special Report: Ignorance: The Hackers Best Friend
• Network Defenses Cant Foil Viruses