Feeds

Cost of US cyber attacks plummets

But watch out for ID thieves

  • alert
  • submit to reddit

The essential guide to IT transformation

The cost of individual cyber attacks fell dramatically in the US last year but unauthorised access and the theft of proprietary information remain top security concerns.

The 10th annual Computer Crime and Security Survey, put together by the Computer Security Institute (CSI) in conjunction with information security experts at the FBI, shows financial losses resulting from security breaches down for the fourth successive year. The cost of breaches averaged $204,000 per respondent - down 61 per cent from last year's average loss of $526,000.

Virus attacks continue as the source of the greatest financial pain, making up 32 per cent of the overall losses reported. But unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to cybercrime losses. Unauthorised access was fingered for a quarter (24 per cent) of losses reported in the CSI/FBI Computer Crime and Security Survey 2005. Meanwhile losses from theft of proprietary information doubled last year, based on the survey of 700 computer security practitioners in various US corporations, universities and government agencies.

The study found fears about negative publicity are preventing organisation from reporting cybercrime incidents to the police, a perennial problem the CSI/FBI study reckons is only getting worse. Assuming that this isn't true of what respondents also told CSI's researchers (academics from the University of Maryland), the study presents a picture of reducing cyber crime losses that contrasts sharply with vendor-sponsored studies.

Chris Keating, CSI Director, said its study suggests that organizations that raise their level of security awareness but warns against complacency in the face of a changing cybercrime threat.

"Individual users are more exposed to computer crime than ever, due to the growth in identity theft schemes. We can't help but note the shift in the survey results toward more financial damage due to theft of sensitive company data. This is an ominous, though not unexpected, development and underscores the need to insist that enterprise networks be properly safeguarded," he said.

The CSI/FBI Computer Crime and Security Survey aims to help determine the scope of computer crime along with promoting security awareness. It can be downloaded from the CSI's website GoCSI.com (PDF - registration required). ®

Related stories

GAO gives US.gov D- for security
FBI publishes computer crime and security stats
Computer intrusion losses waning
The growing problem of identity theft

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.