Cybercrime Rates, Losses Fall, Survey Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:09 PM

Cybercrime Rates, Losses Fall, Survey Says

The downturn in losses is because of both better management of security tools and sheer luck in the form of a 12-month run without fast-spreading, big-dollar-amount attacks. But the survey also detailed some gloomier news: Losses to identity and information theft are up--way up.

A downward turn in overall cyber crime has hit its fourth year, said the 10th-annual survey on computer crime released Thursday, and average financial losses have tumbled by more than half.

The yearly survey, which is conducted by the Computer Security Institute (CSI) in coordination with the FBI, found that the average dollar amount pegged to a security breach fell by a whopping 61 percent compared to 2004, when the loss per polled company or government agency was estimated at $526,000. In 2005, the amount per respondent was only $203,000.

Even more important, said Robert Richardson, the editorial director of CSI and the author of the report based on the poll, was the finding that the percentage of those polled who have experienced attacks of various types continued to tail off in 2004.

Most categories of cyber crimes have been on the downturn since 2001, the survey's figures show, with the biggest drop found in denial-of-service (DoS) attacks. In 2001, DoS attacks were experienced by over 90 percent of those polled; in 2005, fewer than 50 percent said they'd been the victim of a DoS attack in the last 12 months.

"It's a four-year trend now, which is good news," said Richardson. "It shows that companies are getting better and better at utilizing some fairly unexciting technologies, work-a-day tools like anti-virus scanning and firewalls. Also, organizations are getting better at stopping the losses before they get bad."

The downturn in losses, Richardson said, is due not only to this better management of security tools -- especially those that defend against long-running threats, such as viruses -- but also because of a 12-month run without fast-spreading, big-dollar-amount attacks.

But while CSI's survey was generally upbeat, it also detailed some gloomier news: losses to identity and information theft are up, way up. Losses reported per respondent due to unauthorized access crimes was up a huge 580 percent in 2005 over 2004, while theft of proprietary information because of a security breach rose 211 percent.

"This is where you see the spike related to things like identity theft," said Richardson.

Most other recent surveys have noted a huge increase in those kinds of computer crimes, yet CSI's poll said the frequency of crime in the categories that fit with data theft have actually fallen off. There's a way to reconcile the two seemingly contradictory findings, said Richardson.

"Identity theft hits consumers disproportionably hard," he said. "When Acme Credit Card Authorization Transaction Co. finds out they've had an intruder who may have stolen records, that's certainly a bad thing, but while that discovery is going on, credit card transactions are still being processed. Acme's explicit loss, which is what this survey measures, may be the cost of accessing the damage, which would probably be small. What may not be small would be the loss due to customers lost because of that disclosure. But that's an implicit cost almost impossible to quantify. It's certainly not included in our survey."

Another thing that can't be gleaned from the survey, said Richardson, is a solid risk assessment of current dangers, even though that might be tempting.

"The wrong thing to take away [from the positive data here] is that the risk of attack has dropped," he said. "Security breaches, especially when widely publicized, can be disastrous, both in terms of customer relations and financial results, such as a loss of market capitalization due to bad publicity.

"What you can take away from this year's survey is that we're getting better at handling the routine security stuff, but not the much more aggressive attacks," he continued. "Why? Because we haven't seen one, not the kind that people keep predicting will sweep through the Internet before companies can react."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll