In 2003, for example, the Computer Security Institute and the Federal Bureau of Investigation (CSI/FBI) survey on computer crime was completed by 530 computer security practitioners in such U.S. facilities. More than half of the respondents said that their enterprises had experienced some kind of unauthorized computer use or intrusion in the previous year. Although this finding may seem to be a somewhat positive sign in that not all computer systems were adversely impacted, it is important to note that 99% of the companies surveyed thought they had adequate protection against cyber intruders because their work sites had anti-virus software, firewalls, access controls, and other security measures in place. Such findings indicate that better intrusion protection measures are needed. Furthermore, these computer intrusions were costly. The total estimated cost of the intrusions was reported to be nearly $202 million.
Other findings were important. For example, as in previous years, stealing proprietary information caused the biggest reported financial losses to the responding enterprisesÂ—in the $70Â–71 million range. In a change from previous years, the second most costly cybercrime, reported at a cost of $65 million, was Denial of Service (DoS). (Denial of service attacks render corporate Websites inaccessible, causing a loss of revenues.) Finally, as in previous years, viruses (82%) and employee abuse of the network (80%) were the two most cited forms of computer system attacks.
For the 2004 survey, 494 respondents participated. The 2004 survey had a change from a trend in recent years; the most costly cybercrime reported was Denial of Service (DoS). The second most costly cybercrime reported was stolen intellectual property. The survey is available for free at the Website http://www.GoCSI.com. For the 2005 survey results, the good news is that for hundreds of companies in the United States the reported total financial losses from crack attacks have declined 61% on a per-respondent basis from the 2004 survey results. The losses, however, still exceed a significant $130 million, despite the heavy use of crack attack prevention, intrusion and detection systems, and sound recovery plans. Virus attacks remain the number one reported problem.