Cybercrime Costs On the Rise in U.S.

Computerworld - Cybercrimes cost some of the top companies in the U.S. a total of at least $377.8 million last year, according to a new survey by the FBI and an association of IT security workers.

The survey, released last week by the San Francisco-based Computer Security Institute (CSI) and a team at the FBI's San Francisco office, found that almost two-thirds of the 538 CSI member companies, government agencies and universities questioned suffered financial losses because of computer security breaches during the past 12 months.

However, total financial losses are likely much higher than reported, said Richard Power, editorial director at the CSI. Although 85% of the security employees who took part in the annual survey detected breaches, only 35% could or would quantify their financial losses.

"I would characterize the results that were

	Feeling the Loss The most expensive types of cybercrime: Information Theft: $153.2M Fraud $91.2M Viruses: $45.3M Insider Internet abuse: $35M

quantified as conservative. This is serious crime," said Power. Most of the organizations surveyed are private sector companies, and they "represent a significant chunk of mainstream American business," Power added.

Losses Mounting

Last year's survey cited $265.5 million in damages - but it had only 249 respondents.

This year, thefts of information and financial fraud accounted for $244.2 million of the losses reported - a figure that was almost equal to the total losses listed in those categories for the previous three years combined, according to the CSI and the FBI. Other categories included losses due to viruses, laptop theft, sabotage and system penetration.

"As companies are getting better at quantifying their losses, we're beginning to see what crime is going to look like in the Information Age," said Power. "We're seeing a level of sophistication that goes beyond the stereotypical hacker."

That sophistication and the size of the businesses being targeted may explain the hefty price tag associated with a relatively small number of the breaches. The CSI and the FBI said a group of just 34 respondents reported more than $151 million in losses from thefts of proprietary data, a per-company average of almost $4.5 million. A group of 21 companies reported $92.9 million in losses from financial fraud.

As part of the new survey, 267 firms reported more than $41 million in combined losses resulting from unauthorized employee access to systems or abuse of network access privileges by insiders.

All told, 91% of those surveyed reported some sort of insider abuse of network access during the past year.

Read more about spam, malware and vulnerabilities in Computerworld's Spam, Malware and Vulnerabilities Knowledge Center.