Financial losses from cybercrime shot up for the third year in a row while the number of companies that report incidents to law-enforcement remains woefully low, according to the latest survey of computer crime statistics released yesterday by the FBI and the San Francisco-based Computer Security Institute.
Based on responses from 503 US corporations, government agencies, financial and medical organisations and universities, the results of the 2002 Computer Crime and Security Survey show that threats from computer crime and other information security breaches continue unabated and that the financial toll is mounting.
Ninety percent of respondents, primarily large corporations and government agencies, detected computer security breaches within the past 12 months, the survey showed.
Of those respondents, 44 percent were willing or able to quantify their financial losses — a total of nearly £320m.
The most serious financial losses occurred as a result of theft of proprietary information and financial fraud.
Despite the general belief that insiders are responsible for the majority of attacks, the survey found that for the fifth year in a row, more respondents (74 percent) cited their internet connection as the most frequent point of attack, compared to only 33 percent who cited their internal systems as the source of attack.
Even so, 78 percent of respondents detected employee abuse of internet access privileges.
The willingness of companies to report incidents, however, continues to be a major stumbling block in the war against cybercrime, according to the survey.
Only 34 percent of companies said they reported cybercrime incidents to law-enforcement agencies. Most said they didn't report incidents out of fear of negative publicity and the potential for competitors to use the information against them.
"I get the feeling talking to other [security managers at other firms] that very few investigate computer security incidents because very few have the capability to do so," said Mike Hager, vice president of Network Security and Disaster Recovery at investment house OppenheimerFunds. "I do not believe many corporations know that the majority of attacks occur behind the firewall and most still believe the firewall will stop them."