News Perimeter Security
Annual CSI Study: Cost of Cybercrime Is Skyrocketing
Average annual loss per company has more than doubled since last year, according to bellwether study
More Security Insights
- Information Protection: The Impact Of Big Data
- Cloud-based data backup: A buyer's guide - How to choose a third-party provider for development, management of your data backup solution
- Informed CIO: SDN and Server Virtualization on a Collision Course
- InformationWeek 2013 IT Spending Priorities Survey
- The Untapped Potential of Mobile Apps for Commercial Customers
- Using InfoSphere Information Server to Integrate and Manage Big Data
If your organization was hit hard in the wallet by cybercriminals in the past 12 months, you're not alone.
According to the Computer Security Institute's annual Computer Crime and Security Survey, which is scheduled for release later this week, companies reported average annual losses of $350,424 in the past year, up sharply from the $168,000 they reported the previous year. (See CSI/FBI: Violations, Losses Down and 10th Annual CSI/FBI Survey .)
This is the first year since 2002 that CSI -- which has developed the survey jointly with the FBI for 11 years -- has reported an increase in average annual losses. "Not since 2004 have average losses been this high," the CSI says in a sneak peek of its report.
For the first time, financial fraud overtook virus attacks as the source of the greatest financial losses, according to CSI. Virus losses, which had been the top cost for seven years straight, fell to second place. "But if separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss," the report says.
Insider abuse of network access or email surpassed virus incidents as the most prevalent security problem in the past year, with 59 and 52 percent of respondents reporting each, respectively.
Almost one fifth (18 percent) of respondents who suffered one or more types of security incidents in the past year also said they'd suffered at least one targeted attack -- a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.
The percentage of organizations reporting computer intrusions to law enforcement continued upward, reversing a decline over the past two years. Twenty-nine percent of respondents that experienced a security incident in the past 12 months reported it to the police; only 25 percent did so last year.
More details on the study, as well as a copy of the study itself, will be available on Dark Reading in the next few days.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.