Survey: Cybercrime down, costs up

Computer Security Institute's summary of survey

The latest results of an annual survey on computer crime and security show a drop in the number of computer security breaches to government and private-sector systems.

In last year's survey, 90 percent of survey respondents reported that they had detected a security breach in the past 12 months. This year, 85 percent reported security breaches.

However, the California organization that conducted the survey — with the cooperation of the FBI's San Francisco office — could not say whether government or the private sector is the greater victim of computer crime.

"We don't really break down the survey results based on government or private sector," said Patrice Rapalus, director of the Computer Security Institute (CSI). "But from 10 years in the business, I'd say it's pretty much even."

What is clear is that the cost of computer crime to victims is carrying a higher price than a year ago, according to highlights of the survey released Monday.

The complete survey will be released at the end of March, according to Rapalus, though some findings are available at CSI's Web site.

Among the findings is that 35 percent of the 538 respondents — 186 respondents — volunteered that they lost a combined $377.8 million last year through computer crime. The year before, 42 percent, or 249 respondents, owned up to losing a total of $265.5 million in the 12 months prior, according to CSI.

Rapalus said it is difficult to say whether the overall numbers mean things have gotten better or worse, although Bruce Gebhardt, the head of the FBI's northern California office, said the results "again demonstrated the seriousness and complexity of computer crimes."

The vulnerability of conducting business online is a law enforcement challenge that requires continued cooperation between government and industry, Gebhardt said in a statement.

Furthermore, Andrew Black, a spokesman for the bureau's San Francisco office, said governments must follow the same security rules as businesses do for their sites and networks.

"Unless all employees follow their [computer] security plan, they become vulnerable," Black said. "We impress on the system administrator to stay on the employees to follow the security safeguard plan. That would make our job a lot easier."

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.