Sign Up: Free Daily Tech E-letter  
Technology Home
Tech Policy
Government IT
Personal Tech
Special Reports


Study: Online Crime Costs Rising


_____Cybercrime Headlines_____
FTC Says List Will Not Reduce Spam (, Jun 15, 2004)
Maryland Governor Signs Spam Law (, May 27, 2004)
E-Mail Scammer Gets Four Years (, May 18, 2004)
More Cybercrime Headlines
Canadian Authorities Charge 'Randex' Author (, May 28, 2004)
Old Economy Fed Up With Cyber-Security (The Washington Post, May 20, 2004)
Cisco Networking Code May Have Been Stolen (The Washington Post, May 18, 2004)
More Security News

E-Mail This Article
Print This Article
Permission to Republish
By David McGuire Staff Writer
Monday, May 24, 2004; 10:15 PM

Online criminals are attacking corporate and government networks more frequently, costing businesses an estimated $666 million in 2003, according to a survey of computer security executives released today.

The survey was conducted by CSO [Chief Security Officer] magazine in cooperation with the U.S. Secret Service and the CERT cybersecurity center at Carnegie Mellon University in Pittsburgh.

It showed that more than 40 percent of 500 executives polled said hackers have become the greatest cybersecurity threat to business and government networks, compared to 28 percent who feared internal threats such as disgruntled or recently fired employees. More than 40 percent of the respondents said the number of computer crime incidents increased from 2002 to 2003, compared to 6 percent who said it dropped.

The rise in the number of executives who fears hackers marks a shift in corporate attitudes toward security, said CSO publisher Robert Bragdon. "Historically businesses have always focused on the internal threats being the biggest dangers to their organization," he said.

Despite the shift to watching for external threats, 36 percent of the respondents said that they monitor employees' Web use and other activities to prevent internal sabotage and leaks.

Computer systems falling prey to ever more sophisticated attacks are increasingly essential to the daily operations of businesses and government agencies, said Harris Miller, president of the Information Technology Association of America.

ITAA has long warned that many companies have not devoted enough time and money to cybersecurity. Miller said he hopes studies like this will convince executives of the dangers of shortchanging their electronic defenses.

"A lot of CEOs and a lot of CFOs say 'what is the return on investment for all these investments in cybersecurity?' Studies like this show that CEOs and CFOs unwilling to make those investments are paying a dangerous game of Russian roulette," Miller said.

Nevertheless, nearly 100 percent of executives surveyed said they used firewall software in their corporate networks, and more than 80 percent used encryption and similar technology to protect their electronic transactions.

The survey's results come out a week after the Business Roundtable -- a group whose membership represents some of the nation's largest companies -- blasted the software industry for developing products that are vulnerable to hackers and other security threats, leaving the corporations to pay the costs after suffering attacks.

"Most of the significant cyber-incidents that have harmed American business and consumers over the past several years have had at their root cause defective and readily exploitable software code," the group said in a statement on how cybersecurity policy should be developed.

A 37-member taskforce comprising business and software industry executives as well as cybersecurity experts, reported to the Department of Homeland Security in April that most corporations fail to take cybersecurity seriously at the top levels of management.

The report did not recommend that the government make cybersecurity a requirement for the private sector, but said that auditing firms should include cybersecurity readiness as part of the criterion for determining whether companies have adequate internal and financial safety controls.

The Bush administration's national cyberspace strategy recommends that companies take stronger steps to insure their electronic security but does not require it.

The CSO survey was conducted between April 15 and April 26. The authors sent e-mail solicitations to the magazine's subscribers and members of the Electronic Crimes Task Forces, run by the Secret Service. Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About | Advertising | Contact | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication