Cyber Risk Management | Business Case

The Growing Threat to Organizations

In March 2000, the Computer Security Institute (CSI) announced results of its fifth annual Computer Crime and Security Survey. The survey is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation (FBI) Computer Intrusion Squad.

Respondents included 643 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.

Highlights of the 2000 CSI/FBI Computer Crime and Security include the following:

There is no such thing as a completely secure computer network. 90% of the respondents suffered breaches to their computer networks within the past year. The companies reporting these breaches were primarily large corporations and government agencies.
There is an accident waiting to happen if you do not monitor e-business security. When asked, 32% of the respondents reported that they did not know if there had been unauthorized access or misuse of their computer network.
Internal users are just as risky as outsiders. From the survey taken, 71% of the respondents reported unauthorized access by those within the organization.
Network security breaches hurt the bottom line, as 74% of respondents reported financial losses stemming from breach of computer security. The report also indicates that 273 organizations that were able to quantify their losses reported a total loss of over $265 million. Reported theft of proprietary information resulted in losses totaling in over $66 million for 66 respondents. Losses from financial fraud totaled in over $55 million for 53 respondents.

Conducted in April and May of 1999, the joint ICSA/Global Integrity Industry Survey was completed by 745 respondents including Administrators, Managers and Executives in IT, Security, Networking and Data Management.

Highlights of the survey include the following:

Corporate security breach is on the rise. The number of companies hit by an unauthorized access (hacking/cracking) breach increased nearly 92% from 1997 to 1998.
e-Business activities make you a bigger target. Companies conducting business online are 57% more likely to experience a proprietary information leak and 24% more likely to experience a hacking-related breach.
New internet exposures threaten your network. Hackers/crackers (21%), malicious code (17%), email (15%) and secure remote access (14%) are claimed to be the greatest source of concern. A reported 77% of respondents had suffered losses from virus attack.
Companies are not ready for secure e-business as 52% of the respondents claimed their company's state of information security is average or below. As well, 35% claimed that security doesn't have high visibility.
e-Business losses are more than financial. Of the respondents who admit suffering a security breach, there were significant interruptions to business operations and additional loss of reputation along with the financial loss.