Survey shows average cyber-losses jumping after five-year decline

The Computer Security Institute (CSI) released its 2007 report with news that the average annual loss reported by U.S. companies in the 2007 CSI Computer Crime and Security Survey more than doubled, from $168,000 in last year’s report to $350,424 in this year’s survey. This ends a five-year run of lower reported losses.

Financial fraud overtook virus attacks as the source of the greatest financial loss. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. Another significant cause of loss was system penetration by outsiders.

Additional key findings include:

— Almost one-fifth of those respondents who suffered one or more kinds of security incident said they’d suffered a “targeted attack,” i.e. a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.

— Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59% and 52% of respondents reporting each respectively.

— When asked generally whether they’d suffered a security incident, 46% of respondents said yes, down from 53% last year and 56% the year before.