Annual Cybercrime Assessment—New FBI Report

The 2005 FBI Computer Crime Survey [hereinafter CCS] has been released and some of its findings are quite interesting. More than 2,000 public and private organizations in four states took part in the survey.^[1] According to Houston-based special agent Bruce Verduyn, this survey differs from the Computer Security Institute’s Computer Crime and Security Survey, in that “about three times as many organizations [were surveyed] and [the CCS] focused more on new technologies, where attacks originated, and how organizations responded.”^[2]

According to the CCS:

• nearly nine out of ten organizations experienced computer security incidents in a year, with 20% experiencing 20 or more attacks;
• 83.7% of the organizations experienced viruses, just under 80% had spyware, and just over 20% experienced “port scans” or data sabotage;
• 64% of the respondents incurred a loss, with viruses account for $12 million in losses;
• the attacks came from 36 different countries, with the US and China accounting for more than half of the intrusion attempts;
• most organizations have initiated new security procedures, but the most sophisticated methods, such as biometric scanners and smart cards are still rarely used;
• nearly 44% of the organizations reported intrusions from within; and
• only 9% of all incidents were actually reported to law enforcement because the organizations believed that the infractions were not illegal or that there was little law enforcement could do.^[3]

(Note: the link on the FBI’s page to the CCS is not working, so we are unable to look through the report for other information.)

---

[1] FBI, Hot off the Press: New FBI Computer Crime Survey, Jan. 18, 2006.
[2] Id.
[3] Id.