CSI/FBI Annual Report: Attacks Continue, Losses Down
June 2003
Computer Security Institute (CSI) announced today the results of its eighth annual Computer Crime and Security Survey. The Computer Crime and Security Survey is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad.Overall financial losses from 530 survey respondents totaled $201,797,340. This is down significantly from 503 respondents reporting $455,848,000 last year. (75% of organizations acknowledged financial loss, though only 47% could quantify them.)
The overall number of significant incidents remained roughly the same as last year, despite the drop in financial losses.
Losses reported for financial fraud were drastically lower, at $9,171,400. This compares to nearly $116 million reported last year.
As in prior years, theft of proprietary information caused the greatest financial loss ($70,195,900 was lost, with the average reported loss being approximately $2.7 million).
In a shift from previous years, the second-most expensive computer crime among survey respondents was denial of service, with a cost of $65,643,300--up 250 percent from last year's losses of $18,370,500.
Survey results illustrate that computer crime threats to large corporations and government agencies come from both inside and outside their electronic perimeters, confirming the trend in previous years. Forty-five percent of respondents detected unauthorized access by insiders. But for the fourth year in a row, more respondents (78 percent) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (36 percent).
Based on responses from practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the 2003 Computer Crime and Security Survey confirm that the threat from computer crime and other information security breaches continues unabated.
Source...
