By Joris Evers
Staff Writer, CNET News.com
June 14, 2006
SCOTTSDALE, Ariz.--While many headlines spell doom and gloom when it
comes to computer-related misdeeds, the average losses at businesses
due to cybercrime continue to drop, according to a new survey.
For the fourth straight year, the financial losses incurred by
businesses due to incidents such as computer break-ins have fallen,
according to the 2006 annual survey by the Computer Security Institute
and the FBI. Robert Richardson, editorial director at the CSI,
discussed the survey's findings in a presentation at the CSI NetSec
conference here Wednesday.
Respondents in the 2005 survey reported an average of $204,000 in
cybercrime losses, Richardson said. This year, that's down to
$168,000, about an 18 percent drop, he added. Compared with 2004, the
average loss is down 68 percent.
"How do you go about reconciling the sense of things getting worse
with the respondents who are saying they are losing less money?"
Richardson asked. The 2006 survey, a final version of which is slated
to be released next month, could provide some answers.
Most important, perhaps, the 615 U.S. CSI members who responded to
this year's survey reported fewer security incidents. Viruses, laptop
theft and insider abuse of Net access are still the most reported
threats, but all have decreased compared with last year.
"The danger of insiders may be somewhat overstated, according to the
survey group," Richardson said. About a third of respondents said they
had no losses at all due to insider threats, another 29 percent said
less than one-fifth of overall losses came from insider threats.
Consistent use of security technology may also contribute to the
improvements, with essentially all of the respondents stating that
they use firewall and antivirus software, not much of a change from
last year. This year, eight out of 10 said they also use spyware
protection, a category not listed a year ago.
"Overall, you have a picture that is pretty good in many ways,"
Richardson said. "We're seeing fewer of some of the attacks that have
been such a plague for us in many years, and respondents are using
less and less money."
That "less money" may be good for companies, but not for security
vendors. It refers to the percentage of IT budgets spent on security.
In the 2006 survey, nearly half of the respondents said less than 2
percent of the budget is spent on security. Last year that percentage
was 35 percent.
When it comes to cybercrime losses, consumers might be bearing the
brunt of them, and they are not covered by the survey, Richardson
suggested. "Consumers are the low-hanging fruit," he said. Costs
related to identity theft, for example, fall largely back onto the
consumer, he added, even if it did start with a data breach at an
Copyright =A91995-2006 CNET Networks, Inc. All rights reserved.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.