The sixth annual "Computer Crime and Security Survey" queried 538 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities. It found that 85% of respondents – primarily large corporations and government agencies – detected computer security breaches within the last twelve months. Another 64% acknowledged financial losses due to computer breaches.
Only 35% of the respondents were willing and/or able to quantify the financial fallout from those breeches, reporting over $377.8 million in financial losses. That's an increase of over $100 million from 2000, when losses from 249 respondents only totaled $265.5 million. The average annual loss to computer crime over the three years prior to 2000 was $120.2 million.
The most serious financial losses occurred through theft of proprietary information (34 respondents reported $151.2 million) and financial fraud (21 respondents reported $92.9 million).
For the fourth year in a row, more respondents (70%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (31%). Indeed, the rise in those citing their Internet connections as a frequent point of attack rose from 59% in 2000 to 70% in 2001. Yet only 36% of respondents reported the intrusions to law enforcement. Over 97% of respondents have websites, with 47% conducting electronic commerce on their sites.
