Cost of IT security breaches doubles – FBI

Two in three US firms say they lost money after falling victim to security breaches last year, according to an FBI survey. The cost of intrusions was almost double that of 2000.

Eighty-five percent of respondents taking part in the sixth annual Computer Crime and Security Survey, detected computer security breaches in 2001. Most resulted in a financial hit, with 64 per cent saying their firms had lost money due to security lapses.

The survey discovered a slight increase in willingness to report computer crimes. More than a third (36 per cent) of the 538 security professionals polled reported intrusions to law enforcement, up from 25 per cent who contacted the authorities about breaches in the prveious year.

The average cost of security breaches, for those 186 firms prepared to estimate losses, was more than $2 million, compared to an average loss of $1.06 million recorded last year.

As in previous years, the most serious financial losses occurred through theft of proprietary information (34 respondents reported loses of $151 million) and financial fraud (21 respondents lost an estimates total of $93 million).

Internet connections, rather than internal systems, were cited as the most common point of attack.

Denial of service attacks, employee misuse of computers (downloading pirate software or porn) and viruses become more serious problem last year, according to the survey, which was conducted by the Computer Security Institute trade association with the FBI.

Patrice Rapalus, CSI Director, said the survey showed "neither technologies nor policies alone really offer an effective defence for your organisation".

Firms which want to build secure infrastructures should embrace "both the human and technical dimensions" of information security, and develop a properly funded strategy to combat security breaches, he said. ®