[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] 2004 CSI/FBI Computer Crime Survey erschienen
Unten noch die Pressemitteilung vom CSI.
2004 CSI/FBI Computer Crime and Security Survey
by Lawrence A. Gordon, Martin P. Loeb,
William Lucyshyn and Robert Richardson
Some of the key findings from the participants in this year?s survey are
summarized here. The findings discussed below emphasize changes taking
place in the computer security arena, as well as items not considered in
previous CSI/FBI surveys.
. Unauthorized use of computer systems is on the decline, as is the
reported dollar amount of annual financial losses resulting from
. In a shift from previous years, both virus attacks and denial of
service outpaced the former top cost, theft of proprietary information.
Virus costs jumped to $55 million.
. The percentage of organizations reporting computer intrusions to law
enforcement over the last year is on the decline. The key reason cited
for not reporting intrusions to law enforcement is the concern for
. Most organizations conduct some form of economic evaluation of their
security expenditures, with 55 percent using Return on Investment (ROI),
28 percent using Internal Rate of Return (IRR), and 25 percent using Net
Present Value (NPV).
. Over 80 percent of the organizations conduct security audits.
. The majority of organizations do not outsource computer security
those organizations that do outsource some computer security activities,
the percentage of security activities outsourced is quite low.
. The Sarbanes-Oxley Act is beginning to have an impact on information
security in some industries.
. The vast majority of the organizations view security awareness
training as important, although (on average) respondents from all
sectors do not believe their organization invests enough in this area.
FOR IMMEDIATE RELEASE ---- June 10, 2004
Contact: Robert Richardson
- cmp -
Security Specialists Report Cybercrime Losses Down for Third Straight
SAN FRANCISCO -- The Computer Security Institute (CSI) announced today
the results of its ninth annual Computer Crime and Security Survey. The
Computer Crime and Security Survey is conducted by CSI with the
participation of the San Francisco Federal Bureau of Investigation's
(FBI) Computer Intrusion Squad. The aim of this effort is to raise the
level of security awareness, as well as help determine the scope of
computer crime in the United States. The survey is available for free
download from the Institute's Web site at GoCSI.com.
Highlights of the 2004 Computer Crime and Security Survey include the
* Overall financial losses totaled from 494 survey respondents were
$141,496,560. This is down significantly from 530 respondents reporting
$201,797,340 last year.
* In a shift from previous years, the most expensive computer crime
was denial of service. Theft of intellectual property, the prior leading
category, was the second most expensive last year.
* Organizations are using metrics from economics to evaluate their
security decisions. Fifty-five percent use Return on Investment (ROI),
28 percent use Internal Rate of Return (IRR), and 25 percent use Net
Present Value (NPV).
* The vast majority of organizations in the survey do not outsource
computer security activities. Among those organizations that do
outsource some computer security activities, the percentage of security
activities outsourced is quite low.
Based on responses from 494 computer security practitioners in U.S.
corporations, government agencies, financial institutions, medical
institutions and universities, the findings of the 2004 Computer Crime
and Security Survey confirm that the threat from computer crime and
other information security breaches is real. Chris Keating, CSI
Director, believes that the Computer Crime and Security Survey, now in
its ninth year, suggests that organizations that raise their level of
security awareness have reason to hope for measurable returns on their
"Although the CSI/FBI survey clearly shows that cybercrime continues
to be a significant threat to American organizations, our survey
respondents appear to be getting real results from their focus on
information security. Their average dollar losses per year have dropped
in each survey for four straight years. Obviously, computer crime
remains a serious problem and some kinds of attacks can cause ruinous
financial damage. We don't believe that all organizations maintain the
same defenses as our members--financial damages for less protected
organizations are almost certainly worse. And hackers won't become
complacent anytime soon--new attacks are devised every day. So we still
have our work cut out for us. The message here is that it makes sense to
continue our focus on adherence to sound practices, deployment of
sophisticated technologies, and adequate staffing and training."
New to the survey this year was CSI's collaboration with an academic
team from the Robert H. Smith School of Business at the University of
Maryland. The three-person team, led by Lawrence A. Gordon, Ernst &
Young Alumni Professor of Managerial Accounting and Information
Assurance, specializes in research on the economics of information
security. CSI Director Keating says bringing academics into the survey
process improved both the survey itself and the subsequent analysis of
Computer Security Institute (CSI) is the world's premier membership
association and education provider serving the information security
community. For over 31 years CSI has helped thousands of security
professionals protect their organizations' valuable information assets
through conferences, seminars, publications and membership benefits.
The FBI, in response to an expanding number of instances in which
criminals have targeted major components of information and economic
infrastructure systems, has established Regional Computer Intrusion
Squads located in selected offices throughout the United States. The
mission of Regional Computer Intrusion Squads is to investigate
violations of Computer Fraud and Abuse Act (Title 8, Section 1030),
including intrusions to public switched networks, major computer network
intrusions, privacy violations, industrial espionage, pirated computer
software and other crimes. Additionally, the FBI sponsors InfraGard, an
information sharing and analysis effort between the FBI and the private
sector. InfraGard is designed to assist in protecting the infrastructure
of the United States. To learn more about InfraGard, your local chapter
and how you can become a member, please go to www.infragard.net.
Copyright © 2004, Computer Security Institute, 600 Harrison Street, San
Francisco, CA 94107. Telephone: (415) 947-6320 Fax: (415) 947-6023,
email csi -!
- cmp -
com For complete survey, go to GoCSI.com
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.