A joint survey by the San Francisco-based Computer Security Institute (CSI) and the San Francisco FBI Computer Intrusion Squad found that computer crime is on the rise.
The sixth annual "Computer Crime and Security Survey" queried 538 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities. It found that 85% of respondents – primarily large corporations and government agencies – detected computer security breaches within the last twelve months. Another 64% acknowledged financial losses due to computer breaches.
Only 35% of the respondents were willing and/or able to quantify the financial fallout from those breeches, reporting over $377.8 million in financial losses. That's an increase of over $100 million from 2000, when losses from 249 respondents only totaled $265.5 million. The average annual loss to computer crime over the three years prior to 2000 was $120.2 million.
The most serious financial losses occurred through theft of proprietary information (34 respondents reported $151.2 million) and financial fraud (21 respondents reported $92.9 million).
For the fourth year in a row, more respondents (70%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (31%). Indeed, the rise in those citing their Internet connections as a frequent point of attack rose from 59% in 2000 to 70% in 2001. Yet only 36% of respondents reported the intrusions to law enforcement. Over 97% of respondents have websites, with 47% conducting electronic commerce on their sites.