Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Says Computer Crime Costs Billions Every Year

Posted by Zonk on from the that's-a-pricy-meatball dept.

JamesAlfaro wrote to mention a C|Net article putting a pricetag on computer crime. From the article: "The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed. Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "

6 of 142 comments (clear)

  1. The Real Data and CSI Links by eldavojohn · · Score: 5, Informative

    This article doesn't even mention the Computer Security Institute (CSI), the organization which conducts and publishes these surveys. The FBI allows them use of crime databases and is just presented the end result. On top of that, they present you with one graph and label it as referenced from the "Computer Crime Survey" when, in fact, this survey also had to do with security and is entitled 2005 Computer Crime and Security Survey. I believe you'll find a wealth of information in that PDF as it contains many graphs that break down respondents of crimes, average security expenditures, types of attacks, etc. If you're interested in what constitutes a "computer crime," check out the policy and sample cases (some amusing) as we all know that what is and isn't illegal with computers can get very fuzzy very fast.

    I think this is a case of CSI running a survey and doing a damn fine job on the support but the media (and Slashdot) feel that FBI is better news than CSI.

    --
    My work here is dung.
  2. Some Guy says computer crime creates jobs by dada21 · · Score: 5, Insightful

    I believe the FBI is correct, but I also believe that one should lock the door to their houses, offer potential robbers the thought that the family might be armed, get a decent alarm and security company and insure their belongings for the maximum amount.

    My IT business makes about 40% of its income dealing with security issues. We have to turn new business away usually, as most new customers that we go visit are so insecure it isn't even funny. With insecurity comes more than just data theft but spyware and viruses and the rest, as we all know. It amazes me how many companies leave their homes unlocked, the lights on, the alarm off, and a big sign on the front steps saying "Come and get it!"

    The solution to computer crime isn't using the FBI -- I'd like to turn their offices off and throw out the key. The solution to computer crime is:

    1. Developing a good infrastructure and upgrade cycle
    2. Commit to teaching users proper ways to set up their data and desktops
    3. Purchasing security sofware and services from companies that do the best job finding the holes and plugging them.

    Is the law useful? Not one bit. Most companies aren't going to bother suing civilly for damages, and no one wants to bother calling the cops. The chalk line around your stolen data isn't very useful. Get a good consultant, pay them well, and make them back it up with guarantees. Problem solved.

  3. Who knows what else the FBI says... by Anonymous Coward · · Score: 5, Insightful

    Word to the wise:

    Next time someone says "XXX Trend is costing us YYY dollars every year", it's probably going to be followed up with "Therefore we should spend ZZZ dollars dealing with it."

    XXX = overstated threat
    YYY = some made up figure
    ZZZ = profit

  4. WTF, why 64% to 20% Why not 21% or 19%? by Doug+Dante · · Score: 5, Insightful
    "Often survey results can be skewed ... the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "

    Why? Because that seemed like a good number? This inexplicable change causes me to question the validity of the whole study.

    --
    The world will not get better through technology. We must seek to be better people.
  5. Sarcastic question by Guppy06 · · Score: 5, Insightful

    Did they include the NSA's illegal wiretaps in that tally?

  6. Re:Questions? by Anonymous Coward · · Score: 5, Informative

    At the company I used to work at (Small to Med Cap Engineering firm), I got a copy of this letter asking me (as the head IT guy, we didn't have a CIO) to fill out the online form.

    I filled it out, and really I used numbers off the top of my head. We really never had actual security breeches by hackers, but they were asking for an aggregate of security incidents and measures. I included budgetary expenditures for preventative as well as reactionary security.

    I've filled out surveys like this for Gartner and others and I have to say, while the overall methodology followed norms, I really did not get a sense that they had much of a clue as to what the IT industry would classify as loss related to computer crime. Under their model, as I understood it - if you had to buy anti-virus software, that was a business loss due to cybercrime!