DigiSign Data Security Logo   Productos, servicios, consultoría Seguridad en la transmisión de información y en el comercio electrónico Noticias sobre Seguridad, Criptografía, etc.
  Temas de hacking y seguridad Pagina Central Preguntas Frecuentes y Ayudas
  Ir a la Página Superior
 

2004 FBI Computer Crime and Security Survey - June 11, 2004

SAN FRANCISCO — The Computer Security Institute (CSI) announced today the results of its ninth annual Computer Crime and Security Survey. The Computer Crime and Security Survey is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. The aim of this effort is to raise the level of security awareness, as well as help determine the scope of computer crime in the United States. The survey is available for free download from the Institute's Web site at GoCSI.com.
Highlights of the 2004 Computer Crime and Security Survey include the following:

  • Overall financial losses totaled from 494 survey respondents were
    $141,496,560. This is down significantly from 530 respondents reporting $201,797,340 last year.
  • In a shift from previous years, the most expensive computer crime was
    denial of service. Theft of intellectual property, the prior leading
    category, was the second most expensive last year.
  • Organizations are using metrics from economics to evaluate their
    security decisions. Fifty-five percent use Return on Investment (ROI),
    28 percent use Internal Rate of Return (IRR), and 25 percent use Net
    Present Value (NPV).
  • The vast majority of organizations in the survey do not outsource
    computer security activities. Among those organizations that do
    outsource some computer security activities, the percentage of security activities outsourced is quite low.

Based on responses from 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the 2004 Computer Crime and Security Survey confirm that the threat from computer crime and other information security breaches is real. Chris Keating, CSI Director, believes that the Computer Crime and Security Survey, now in its ninth year, suggests that organizations that raise their level of security awareness have reason to hope for measurable returns on their investments.

"Although the CSI/FBI survey clearly shows that cybercrime continues to be a significant threat to American organizations, our survey respondents appear to be getting real results from their focus on information security. Their average dollar losses per year have dropped in each survey for four straight years. Obviously, computer crime remains a serious problem and some kinds of attacks can cause ruinous financial damage. We don't believe that all organizations maintain the same defenses as our members -- financial damages for less protected organizations are almost certainly worse. And hackers won't become complacent anytime soon -- new attacks are devised every day. So we still have our work cut out for us. The message here is that it makes sense to continue our focus on adherence to sound practices, deployment of sophisticated technologies, and adequate staffing and training."

New to the survey this year was CSI's collaboration with an academic team from the Robert H. Smith School of Business at the University of Maryland. The three-person team, led by Lawrence A. Gordon, Ernst &Young Alumni Professor of Managerial Accounting and Information Assurance, specializes in research on the economics of information security. CSI Director Keating says bringing academics into the survey process improved both the survey itself and the subsequent analysis of the results.

Computer Security Institute (CSI) is the world's premier membership association and education provider serving the information security community. For over 31 years CSI has helped thousands of security professionals protect their organizations' valuable information assets through conferences, seminars, publications and membership benefits.

The FBI, in response to an expanding number of instances in which criminals have targeted major components of information and economic infrastructure systems, has established Regional Computer Intrusion Squads located in selected offices throughout the United States. The mission of Regional Computer Intrusion Squads is to investigate violations of Computer Fraud and Abuse Act (Title 8, Section 1030), including intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes. Additionally, the FBI sponsors InfraGard, an information sharing and analysis effort between the FBI and the private sector. InfraGard is designed to assist in protecting the infrastructure of the United States. To learn more about InfraGard, your local chapter and how you can become a member, please go to www.infragard.net

Computer Security Institute, 600 Harrison Street, San Francisco, CA 94107. Telephone: 415-947-6320, Fax: 415-947-6023, e-mail: csi@cmp.com

For complete survey, go to GoCSI.com

CONTACT: Robert Richardson, +1-610-604-4604, or rrichardson@cmp.com, for Computer Security Institute.

CSI, established in 1974, is a San Francisco-based association of information security professionals. It has thousands of members worldwide and provides a wide variety of information and education programs to assist practitioners in protecting the information assets of corporations and governmental organizations.

The FBI, in response to an expanding number of instances in which criminals have targeted major components of information and economic infrastructure systems, has established the National Infrastructure Protection Center (NIPC) located at FBI headquarters and the Regional Computer Intrusion Squads located in selected offices throughout the United States. The NIPC, a joint partnership among federal agencies and private industry, is designed to serve as the government's lead mechanism for preventing and responding to cyber attacks on the nation's infrastructures. (These infrastructures include telecommunications, energy, transportation, banking and finance, emergency services and government operations). The mission of Regional Computer Intrusion Squads is to investigate violations of Computer Fraud and Abuse Act (Title 8, Section 1030), including intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes.

Informe anterior 2001 FBI Computer Crime Survey

  
Volver al Comienzo de Página