Language Selection

English French German Italian Portuguese Spanish

Cost of Computer Attacks Down

While the cost of fending off hackers appears to be dropping for U.S. companies, attacks that involved unauthorized access to information are becoming much more costly, according a survey published Thursday by the Computer Security Institute and the U.S. Federal Bureau of Investigation.

The survey, which included about 700 respondents from government and a variety of industries, found that the average losses related to computer attacks dropped by 61 percent in 2004. On average, companies reported that computer and network attacks cost them $204,000 last year, down from an average of $526,000 in 2003. The report did not explain how specific factors, such as loss of employee productivity or security consultant fees, contributed to these costs.

This marks the fourth consecutive year that this number has declined, said Robert Richardson, editorial director of the Computer Security Institute and a co-author of the report.

Part of the reason for the drop is the fact that companies have simply become better at protecting themselves, Richardson said. "For your run-of-the mill virus, your average organization has that under control," he said. "There's a very fast reaction on the part of antivirus vendors and there are automated pathways to update the virus data on enterprise networks."

ID Theft Increase

However, the cost of information theft jumped considerably in 2004. "To some degree, the heat of hacker activity has moved to identity theft," Richardson said.

The survey found that the average net loss attributable to unauthorized information access jumped from more than $51,000 in 2003 to more than $300,000 last year. Attacks that resulted in the theft of proprietary information cost companies more than $355,000 on average in 2004, up from $169,000 the previous year.

The Computer Security Institute's survey was done in conjunction with the San Francisco division of the Federal Bureau of Investigation's Computer Intrusion Squad. It canvassed about 700 CSI members in a wide variety of industries and government organizations. CSI is a San Francisco-based association of computer and network security professionals.

Given the demographics of the survey's participants, it's unsurprising that they're suffering less damage from attacks. "We ask people who care about security," Richardson said. "They care enough [about security] to be members of a professional organization, so my hunch is they're actually trying to get better at security."

The 2005 CSI/FBI Computer Crime and Security Survey, which reports data covering 2004, can be found at CSI's Web site.

By Robert McMillan
IDG News Service

More in Tux Machines

Leftovers: Gaming

Android Leftovers

Leftovers: OSS

Security Leftovers

  • Sick of memorizing passwords? A Turing Award winner came up with this algorithmic trick
    Manuel Blum, a professor of computer science at Carnegie Mellon University who won the Turing Award in 1995, has been working on what he calls "human computable" passwords that are not only relatively secure but also don't require us to memorize a different one for each site. Instead, we learn ahead of time an algorithm and a personal, private key, and we use them with the website's name to create and re-create our own unique passwords on the fly for any website at any time.
  • Car thieves use 'mystery device' to break into vehicles
    A car manufacturer recalled more than a million cars following security concerns about car hacking, as the National Insurance Crime Bureau issued an alert about a "mystery device" being used to break into vehicles by defeating the electronic locking system of later-model cars. So-called connected car "convenience technology" could put consumers at risk. "Right now, what has happened is the digital key fob has become a way for someone to steal your car," NICB investigator James "Herb" Price said.
  • Security Considerations When Moving from VMs to Containers
    We recently ran a sponsored series from Fox Technologies on Linux.com. We want to thank the company for its support and for sharing useful information for SysAdmins and developers alike. Fox Technologies is continuing the conversation with a free webinar September 17 that will address security considerations in moving from VMs to containers. More information about this webinar is below.