Original URL: http://www.theregister.co.uk/2006/03/16/ibm_cybercrime_survey/

Cybercrime costs biz more than physical crime

Lock up your servers, thar be hackers about

By John Leyden

Posted in CIO, 16th March 2006 12:16 GMT

Cybercrime is more costly to businesses than physical crime, according to a recent IBM survey of 600 US businesses. Lost revenue, wasted staff time dealing with IT security attacks and damage to customer goodwill were rated as a bigger problem than conventional crime by 57 per cent of firms in the healthcare, financial, retail and manufacturing industries. Respondents in the US finance industry (71 per cent) were the most concerned about the threat of cybercrime.

Almost three-quarters (74 per cent) of the US CIO (chief information officer) respondents to IBM's telephone poll reckon the threat of information security attacks originating from insiders is a significant risk. Most (84 per cent) reckon technically sophisticated criminal groups are replacing lone hackers as their principle adversaries. Businesses tend to put more responsibility on law enforcement agencies (61 per cent) to combat organised crime than consumers. A recent IBM consumer survey revealed that 53 per cent of Americans hold themselves most responsible for protecting themselves from cybercrime, while just 11 per cent felt it was the job of federal law enforcement agencies. Only four per cent of consumers held local law enforcement agencies responsible.

According to the IBM survey, 83 per cent of US organisations believe they have safeguarded themselves against organised cybercrime but most concentrated on upgrading virus software (73 per cent), improving firewall defences (69 per cent) and implementing patch management systems (53 per cent).

IBM said these procedures are a necessary first step but fail to go far enough. It advises organisations to develop multi-layered defences in order to thwart hack attacks instead of taking a "patch or band-aid" approach to safeguarding corporations against information security attacks.

International comparison

IBM conducted the same survey in 16 additional countries (China, UK, India, Russia, Poland, Czech Republic, Germany, Spain, Italy, France, Argentina, Brazil, Australia, Mexico, Japan, and Canada) to gauge international attitudes to cybercrime. Both groups agree that cybercrime (57 per cent of US and 58 per cent of international businesses) is more costly to their organizations than physical crime (43 per cent and 42 per cent, respectively). But while the majority of US businesses reckon they have adequate safeguards in place to combat organised cybercrime, their international counterparts are not so confident, with just over half (53 per cent) indicating they are prepared.

The US and international business community share similar concerns over the impact of cybercrime. Both groups indicated that loss of revenue (63 per cent US versus 74 per cent international) and loss of current customers (56 per cent US versus 70 per cent international) would have a significant impact on their businesses. But Europeans and those from other nations outside the US were more worried about the effect of cybercrime attacks on brand reputation. Over two-thirds (69 per cent) of international businesses cited this to be a key cost associated with cybercrime, compared to only 40 per cent of US businesses. ®