News Perimeter Security

Annual CSI Study: Cost of Cybercrime Is Skyrocketing

Average annual loss per company has more than doubled since last year, according to bellwether study

Tim Wilson September 11, 2007

More Security Insights

White Papers
More >>
Reports
More >>
Webcasts
More >>

If your organization was hit hard in the wallet by cybercriminals in the past 12 months, you're not alone.

According to the Computer Security Institute's annual Computer Crime and Security Survey, which is scheduled for release later this week, companies reported average annual losses of $350,424 in the past year, up sharply from the $168,000 they reported the previous year. (See CSI/FBI: Violations, Losses Down and 10th Annual CSI/FBI Survey .)

This is the first year since 2002 that CSI -- which has developed the survey jointly with the FBI for 11 years -- has reported an increase in average annual losses. "Not since 2004 have average losses been this high," the CSI says in a sneak peek of its report.

For the first time, financial fraud overtook virus attacks as the source of the greatest financial losses, according to CSI. Virus losses, which had been the top cost for seven years straight, fell to second place. "But if separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss," the report says.

Insider abuse of network access or email surpassed virus incidents as the most prevalent security problem in the past year, with 59 and 52 percent of respondents reporting each, respectively.

Almost one fifth (18 percent) of respondents who suffered one or more types of security incidents in the past year also said they'd suffered at least one targeted attack -- a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.

The percentage of organizations reporting computer intrusions to law enforcement continued upward, reversing a decline over the past two years. Twenty-nine percent of respondents that experienced a security incident in the past 12 months reported it to the police; only 25 percent did so last year.

More details on the study, as well as a copy of the study itself, will be available on Dark Reading in the next few days.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow

Dark Reading Discussions

Start the Discussion


InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.