Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Says Computer Crime Costs Billions Every Year

Posted by Zonk on from the that's-a-pricy-meatball dept.

JamesAlfaro wrote to mention a C|Net article putting a pricetag on computer crime. From the article: "The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed. Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "

2 of 142 comments (clear)

  1. The Real Data and CSI Links by eldavojohn · · Score: 5, Informative

    This article doesn't even mention the Computer Security Institute (CSI), the organization which conducts and publishes these surveys. The FBI allows them use of crime databases and is just presented the end result. On top of that, they present you with one graph and label it as referenced from the "Computer Crime Survey" when, in fact, this survey also had to do with security and is entitled 2005 Computer Crime and Security Survey. I believe you'll find a wealth of information in that PDF as it contains many graphs that break down respondents of crimes, average security expenditures, types of attacks, etc. If you're interested in what constitutes a "computer crime," check out the policy and sample cases (some amusing) as we all know that what is and isn't illegal with computers can get very fuzzy very fast.

    I think this is a case of CSI running a survey and doing a damn fine job on the support but the media (and Slashdot) feel that FBI is better news than CSI.

    --
    My work here is dung.
  2. Re:Questions? by Anonymous Coward · · Score: 5, Informative

    At the company I used to work at (Small to Med Cap Engineering firm), I got a copy of this letter asking me (as the head IT guy, we didn't have a CIO) to fill out the online form.

    I filled it out, and really I used numbers off the top of my head. We really never had actual security breeches by hackers, but they were asking for an aggregate of security incidents and measures. I included budgetary expenditures for preventative as well as reactionary security.

    I've filled out surveys like this for Gartner and others and I have to say, while the overall methodology followed norms, I really did not get a sense that they had much of a clue as to what the IT industry would classify as loss related to computer crime. Under their model, as I understood it - if you had to buy anti-virus software, that was a business loss due to cybercrime!