But just how much damage can cybercrime cause? About US $67 billion to U.S. companies last year, according to an estimate based on the Federal Bureau of Investigation's 2005 Computer Crime Survey, released in January. The FBI questioned 2000 public and private organizations in four states and extrapolated some of the results to the rest of the country. It found that viruses and spyware were the most common problems reported [see table], while the effects of viruses and worms were the most costly. The attacks came from 36 different countries, with half of all the attacks originating in the United States or China.
A small fraction of the organizations reported the incidents to law enforcement officials. Most of the others were either unaware that the attacks were illegal or believed that law enforcement would not help them--and might even harm them.
"There's this incorrect myth that once you call law enforcement, you're going to have your hard drive and files taken away and you'll lose your business because all your equipment is gone," says Tim Rosenberg, a research professor at George Washington University, in Washington, D.C., and CEO of Lancaster, Pa.based White Wolf Security. Many companies also wrongly believe that reporting the crimes invites negative publicity.
What can organizations do about the pervasive cybersecurity threats? According to Rosenberg, companies need to stop measuring security investments just in monetary terms. He says that companies should start thinking of information security as a kind of marathon. "It's a lifestyle," he says. "It should affect every decision you make every day. You can't eat healthy and then not work out...you must change your lifestyle."
US $67 billion
Estimated financial losses from security attacks in the United States, extrapolated from survey data
Financial losses from security attacks reported by respondents to the FBI
Respondents' losses from viruses and worms
Portion of organizations sampled by the FBI that suffered a cybersecurity attack
Portion of respondents that had virus problems
Portion of those organizations that reported the problem to authorities
Portion of respondents that had spyware attacks Whether it is an experiment by an amateur virus writer somewhere in India, done just for the individual's personal entertainment, or the carefully planned and executed for-profit scheme of an Israeli spyware company, a computer security attack is annoying and damaging.