HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews Phoenix Health Systems
news
regs
action
tech
views
wares
alert
live
notes
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

New Cyber Security Survey -- Spring 2001:

Financial losses due to Internet intrusions,
trade secret theft and other cyber crimes soar

SAN FRANCISCO, March 12, 2001 — The Computer Security Institute (CSI) announced today the results of its sixth annual "Computer Crime and Security Survey." The "Computer Crime and Security Survey" is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. The aim of this effort is to raise the level of security awareness, as well as help determine the scope of computer crime in the United States.

Based on responses from 538 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the "2001 Computer Crime and Security Survey" confirm that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting.

Highlights of the "2001 Computer Crime and Security Survey" include:

  • Eighty-five percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months.
  • Sixty-four percent acknowledged financial losses due to computer breaches.
  • Thirty-five percent (186 respondents) were willing and/or able to quantify their financial losses. These 186 respondents reported $377,828,700 in financial losses. (In contrast, the losses from 249 respondents in 2000 totaled only $265,589,940. The average annual total over the three years prior to 2000 was $120,240,180.)
  • As in previous years, the most serious financial losses occurred through theft of proprietary information (34 respondents reported $151,230,100) and financial fraud (21 respondents reported $92,935,500).
  • For the fourth year in a row, more respondents (70%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (31%). Indeed, the rise in those citing their Internet connections as a frequent point of attack rose from 59% in 2000 to 70% in 2001.
  • Thirty-six percent of respondents reported the intrusions to law enforcement; a significant increase from 2000, when only 25% reported them. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.)

Respondents detected a wide range of attacks and abuses on the rise:

  • Forty percent of respondents detected system penetration from the outside (only 25% reported system penetration in 2000).
  • Thirty-eight percent of respondents detected denial of service attacks (only 27% reported denial of service in 2000).
  • Ninety-one percent detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems). Only 79% detected net abuse in 2000.
  • Ninety-four percent detected computer viruses (only 85% detected them in 2000).

For the full report, go to: http://www.gocsi.com/prelea_000321.htm