Businesses, Not Law Enforcement, Held Responsible For Cyber-Crime
Source: Tech Web
By Gregg Keizer
Date: August 12, 2003
By 2005, one in five enterprises will experience a serious Internet security incident targeting information and intellectual property, Gartner analysts said in a new study.
Of those attacks, nearly one in three will be either financially or politically motivated, said the report's author, Richard Hunter, a Gartner vice president and research director.
Cybercriminals are taking advantage of users, enterprises, and unsecured systems to usher in high-profit, low-overhead crimes.
"The criminal world is waking up to the fact that computers are both vehicles for and targets of crime," said Hunter. "Thieves know the importance of information."
The problem stems from unsecured enterprise networks, insecure physical locations, insider involvement, and a lack of interest on the part of law enforcement to pursue such crimes.
Insider crimes are particularly dangerous, and thus costly, said Hunter. While they will represent only 30 percent of all security incidents in the upcoming years, insider crimes will account for up to 70 percent of all costs of breaches incurred by enterprises.
Oftentimes, even CIOs at enterprises aren't fully aware of the extent of crime in their company, especially when the crime's perpetrated by an insider. In many cases, Hunter said, it's only the department head overseeing the employee who gets the full story.
And in an odd turn of events, it's not law enforcement that's forced to lead the battle against such crimes, but businesses.
"It's pretty clear at this point that law enforcement is not ramping up at the same level as criminal activity," said Hunter. To compound the problem, legislators worldwide are passing laws holding the enterprise responsible for securing facilities and for any ensuing legal damages.
"I'm not aware of any other rapidly growing crime with significant economic consequences where law enforcement is ceding responsibility to businesses," Hunter said.
Enterprises have to be prepared for not only the responsibility of their own defenses against information crime, but be ready to weather the economic fallout when the inevitable court case holds them responsible.
By 2007, Hunter predicts, statutes or case precedents in the U.S. will have established norms for accessing legal damages resulting from a company's negligent information systems security. And by the next year, there's a 6-in-10 probability that a settlement in such a case will break the $10 million mark.
Original article at: http://www.techweb.com/wire/story/TWB20030811S0013
^macro[showdigestcomments;^uri;Businesses, Not Law Enforcement, Held Responsible For Cyber-Crime]