Cyberattacks down, costs up

Results from an annual survey on computer crime and security show a drop in the number of computer security breaches to government and private-sector systems — but the cost of these attacks is rising.

In last year's survey, 90 percent of survey respondents reported that they had detected a security breach in the past 12 months. This year, 85 percent reported security breaches. Some examples of attacks and abuses on the rise include system penetration from the outside, denial-of-service attacks and employee abuse of Internet access privileges.

However, the California organization that conducted the survey — with the cooperation of the FBI's San Francisco office — could not say whether government or the private sector is the greater victim of computer crime.

"We don't really break down the survey results based on government or private sector," said Patrice Rapalus, director of the Computer Security Institute (CSI). "But from 10 years in the business, I'd say it's pretty much even."

It's clear that the cost of computer crime is rising, according to the survey highlights released last week.

Among the findings: Nearly 35 percent of the 538 respondents — 186 respondents — said they lost a combined $377.8 million last year because of computer crime. In last year's study, 42 percent, or 249 respondents, said they lost a total of $265.5 million, according to CSI.

Rapalus said it is difficult to say whether the overall numbers mean things have gotten better or worse, although Bruce Gebhardt, head of the FBI's Northern California office, said the results "again demonstrated the seriousness and complexity of computer crimes."

Andrew Black, a spokesman for the bureau's San Francisco office, said vigilance is essential.