Computer Crime Problems Research Center

Advisor Radar

How Pervasive Is Cyber-Crime?

This security survey presents some grim statistics on the frequency and effects of cyber-attacks, and debunks a number of common misconceptions regarding security.

The incidence of cyber-crime (e.g., successful and attempted security breaches, theft, financial fraud, and virus detection) continues to rise, according to the annual Computer Crime and Security Survey conducted by the Computer Security Institute (CSI), a San Francisco-based association of information security professionals. The survey reveals significant financial losses due to security breaches and information theft.

The mission of the survey, conducted in collaboration with the San Francisco Federal Bureau of Investigation's Computer Intrusion Squad, is to determine the pervasiveness of computer crime in the U.S. and to raise the level of awareness regarding security concerns. The 503 participants in the survey consisted of computer security professionals from U.S. corporations, government agencies, financial institutions, medical institutions, and universities.

The following are some of the general survey results:

  • 90 percent of respondents detected computer security breaches
  • 80 percent reported financial losses due to security breaches
  • 44 percent quantified their financial losses, reporting a total of US$455,848,000 in losses
  • Information theft and financial fraud contributed to the most serious financial losses
  • 74 percent of respondents reported their Internet connection as a frequent point of attack
  • 33 percent reported their internal systems as a frequent point of attack
  • 34 percent of respondents reported these intrusions to law enforcement

  • Other information gleaned from the survey identifies the types of attacks reported, with many of the percentages up from the previous year:

  • 40 percent of respondents detected a system breach from the outside
  • 40 percent detected a denial of service attack
  • 78 percent detected employee abuse of Internet access privileges
  • 85 percent detected computer viruses
  • 38 percent were aware of unauthorized access or misuse of their Web sites within the last 12 months
  • 39 percent of those who reported attacks reported 10 or more incidents
  • 70 percent of those attacked reported vandalism
  • 55 percent reported theft of transaction information
  • 6 percent reported financial fraud

  • CSI Director Patrice Rapalus emphasizes the survey's significance in that it debunks common misconceptions regarding security and cyber-attacks. Rapalus says it challenges "some of the profession's 'conventional wisdom' - for example, that the threat from inside the organization is far greater than the threat from outside the organization' and that 'most hack attacks are perpetrated by juveniles on joy-rides in cyberspace".

    The other critical fact this survey reveals, Rapalus says, is that "there is much more illegal and unauthorized activity going on in cyber-space than corporations admit to their clients, stockholders, and business partners or report to law enforcement." She hopes this awareness of the prevalence of cyber-crime will lead to increased staffing, more money spent on training, and more pressure put on the individuals responsible for security.

    Both Rapalus and Executive Assistant Director Bruce J. Gebhardt, former Special Agent in-Charge FBI San Francisco, agree that cooperation between the government and the private sector is essential to fight the increasing incidence of cyber-crime.


    Home | What's New | Articles | Links
    Library | Staff | Contact Us

    Copyright Computer Crime Research Center, 2001-2002 All Rights Reserved.
    Contact the CCRC Office at 380-612-735-907
    [email protected]

    Rambler's Top100 Rambler's Top100