Feeds

Cost of IT security breaches doubles – FBI

More firms blow the whistle

  • alert
  • submit to reddit

SANS - Survey on application security programs

Two in three US firms say they lost money after falling victim to security breaches last year, according to an FBI survey. The cost of intrusions was almost double that of 2000.

Eighty-five percent of respondents taking part in the sixth annual Computer Crime and Security Survey, detected computer security breaches in 2001. Most resulted in a financial hit, with 64 per cent saying their firms had lost money due to security lapses.

The survey discovered a slight increase in willingness to report computer crimes. More than a third (36 per cent) of the 538 security professionals polled reported intrusions to law enforcement, up from 25 per cent who contacted the authorities about breaches in the prveious year.

The average cost of security breaches, for those 186 firms prepared to estimate losses, was more than $2 million, compared to an average loss of $1.06 million recorded last year.

As in previous years, the most serious financial losses occurred through theft of proprietary information (34 respondents reported loses of $151 million) and financial fraud (21 respondents lost an estimates total of $93 million).

Internet connections, rather than internal systems, were cited as the most common point of attack.

Denial of service attacks, employee misuse of computers (downloading pirate software or porn) and viruses become more serious problem last year, according to the survey, which was conducted by the Computer Security Institute trade association with the FBI.

Patrice Rapalus, CSI Director, said the survey showed "neither technologies nor policies alone really offer an effective defence for your organisation".

Firms which want to build secure infrastructures should embrace "both the human and technical dimensions" of information security, and develop a properly funded strategy to combat security breaches, he said. ®

Top three mobile application threats

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.