Annual CSI Study: Cost of Cybercrime Is Skyrocketing

Average annual loss per company has more than doubled since last year, according to bellwether study

Tim Wilson, Editor in Chief, Dark Reading, Contributor

September 11, 2007

2 Min Read

If your organization was hit hard in the wallet by cybercriminals in the past 12 months, you're not alone.

According to the Computer Security Institute's annual Computer Crime and Security Survey, which is scheduled for release later this week, companies reported average annual losses of $350,424 in the past year, up sharply from the $168,000 they reported the previous year. (See CSI/FBI: Violations, Losses Down and 10th Annual CSI/FBI Survey .)

This is the first year since 2002 that CSI -- which has developed the survey jointly with the FBI for 11 years -- has reported an increase in average annual losses. "Not since 2004 have average losses been this high," the CSI says in a sneak peek of its report.

For the first time, financial fraud overtook virus attacks as the source of the greatest financial losses, according to CSI. Virus losses, which had been the top cost for seven years straight, fell to second place. "But if separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss," the report says.

Insider abuse of network access or email surpassed virus incidents as the most prevalent security problem in the past year, with 59 and 52 percent of respondents reporting each, respectively.

Almost one fifth (18 percent) of respondents who suffered one or more types of security incidents in the past year also said they'd suffered at least one targeted attack -- a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.

The percentage of organizations reporting computer intrusions to law enforcement continued upward, reversing a decline over the past two years. Twenty-nine percent of respondents that experienced a security incident in the past 12 months reported it to the police; only 25 percent did so last year.

More details on the study, as well as a copy of the study itself, will be available on Dark Reading in the next few days.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights