Insiders cause more Financial Damage than Viruses: CSI Report

CSI Survey 2007 Logo On September 14, the Computer Security Institute released its 2007 report that states that the average annual loss reported by US companies in the 2007 CSI Computer Crime and Security Survey has more than doubled.

The average losses have apparently increased from $168,000 in the 2006 report to $350,424 in the 2007 report. On the whole, these figures represent the end of a five-year run of lower reported losses.

The survey found that financial fraud has overtaken virus attacks, making it the source of the greatest financial loss. And, losses related to viruses have fallen in the second place, after being the leading cause of loss for the last seven years. Yet another significant cause of loss was system penetration by outsiders.

Key findings of the 2007 CSI Computer Crime and Security Survey at a glance:

  • Almost one-fifth of those respondents who suffered one or more kinds of security incident said they’d suffered a “targeted attack,” i.e. a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.
  • Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59% and 52% of respondents reporting each respectively.
  • When asked generally whether they’d suffered a security incident, 46% of respondents said yes, down from 53% last year and 56% the year before.
  • According to Robert Richardson, CSI director and author of the survey, β€œAt a period when experts throughout the industry have been discussing with concern the growing sophistication and stealth of cyber attacks, here we have a couple hundred respondents saying they lost significantly more money last year.”

    ” There’s a strong suggestion in this year’s results that mounting threats are beginning to materialize as mounting losses,” Richardson added.