Computer Crime Research Center


10th CSI/FBI Survey Shows Cybercrime Losses Down For Fourth Straight Year

Date: January 26, 2006
Source: Computer Crime Research Center

SAN FRANCISCO -- The Computer Security Institute (CSI) announced today the results of its 10th annual Computer Crime and Security Survey: average cybercrime losses are down.

The Computer Crime and Security Survey is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. The aim of this effort is to raise the level of security awareness, as well as help determine the scope of computer crime in the United States. The survey is available for free download from the Institute's Web site at

Highlights of the 2005 Computer Crime and Security Survey include:

* The total dollar amount of financial losses resulting from security breaches is decreasing, with an average loss of $204,000 per respondent-down 61 percent from last year's average loss of $526,000.
* Virus attacks continue as the source of the greatest financial losses, accounting for 32 percent of the overall losses reported.
* Unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to computer crime losses, accounting for 24 percent of overall reported losses, and showing a significant increase in average dollar loss.
* Theft of proprietary information also showed a significant increase in average loss per respondent, more than double that of last year.
* The percentage of organizations reporting computer intrusions to law enforcement has continued its multi-year decline. The key reason cited for not reporting intrusions to law enforcement is the concern for negative publicity.

Based on responses from 700 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the 2005 Computer Crime and Security Survey confirm that the threat from computer crime and other information security breaches is real.

Chris Keating, CSI Director, believes that the Computer Crime and Security Survey, now in its 10th year, suggests that organizations that raise their level of security awareness "have reason to hope for measurable returns on their investments." He also notes, however, that the nature of cybercrime is changing:

"Individual users are more exposed to computer crime than ever, due to the growth in identity theft schemes. With the press and the public paying more and more attention as identity theft becomes a vital societal issue, we can't help but note the shift in the survey results toward more financial damage due to theft of sensitive company data. This is an ominous, though not unexpected, development and underscores the need to insist that enterprise networks be properly safeguarded."

Robert Richardson, CSI Editorial Director remarks, "The CSI/FBI survey continues to lend credence to our belief that our survey respondents are getting better and better results from their ongoing focus on information security. But that's not to say that all organizations are protecting themselves with equal vigor. And it's more clear than ever, not only that organizations are always under attack, but that security breaches-especially when widely publicized-can be disastrous both in terms of customer relations and financial results."

Continued this year was CSI's collaboration with an academic team from the Robert H. Smith School of Business at the University of Maryland. The three-person team, led by Lawrence A. Gordon, Ernst &Young Alumni Professor of Managerial Accounting and Information Assurance, specializes in research on the economics of information security. CSI Director Keating says bringing academics into the survey process improves both the survey itself and the subsequent analysis of the results.

Computer Security Institute (CSI) is the world's premier membership association and education provider serving the information security community. For over 32 years CSI has helped thousands of security professionals protect their organizations' valuable information assets through conferences, seminars, publications and membership benefits.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo