The CSI, an association for the information security community,
conducted the survey of 700 US computer security practitioners with
the help of San Francisco FBI's Computer Intrusion Squad.
The results confirm that the total dollar amount of financial
losses resulting from security breaches is decreasing, with an
average loss of $204,000 per respondent in 2004, down 61% from the
average loss of $526,000 in 2003.
Virus attacks were again the source of the greatest financial
losses, accounting for 32% of the overall losses reported, but
losses resulting from unauthorised access leapt into second place,
accounting for 24% of overall reported losses and overtaking those
caused by denial of service attacks.
But the results also reveal a significant increase in the
average loss per respondent caused by the theft of proprietary
information – more than double that of the previous year.
"Individual users are more exposed to computer crime than ever,
due to the growth in identity theft schemes,” said Chris Keating,
CSI Director. “With the press and the public paying more and more
attention as identity theft becomes a vital societal issue, we
can't help but note the shift in the survey results toward more
financial damage due to theft of sensitive company data.”
“This is an ominous, though not unexpected, development and
underscores the need to insist that enterprise networks be properly
safeguarded," he added.
According to the survey, the number of organisations reporting
computer intrusions to law enforcement agencies has also declined,
continuing the trend of the past few years. The key reason cited by
respondents for not reporting such intrusions is that of concern
over negative publicity.
