Cybercrime At A Glance

2 min read

But just how much damage can cybercrime cause? About US $67 billion to U.S. companies last year, according to an estimate based on the Federal Bureau of Investigation's 2005 Computer Crime Survey, released in January. The FBI questioned 2000 public and private organizations in four states and extrapolated some of the results to the rest of the country. It found that viruses and spyware were the most common problems reported [see table], while the effects of viruses and worms were the most costly. The attacks came from 36 different countries, with half of all the attacks originating in the United States or China.

A small fraction of the organizations reported the incidents to law enforcement officials. Most of the others were either unaware that the attacks were illegal or believed that law enforcement would not help them--and might even harm them.

"There's this incorrect myth that once you call law enforcement, you're going to have your hard drive and files taken away and you'll lose your business because all your equipment is gone," says Tim Rosenberg, a research professor at George Washington University, in Washington, D.C., and CEO of Lancaster, Pa.­based White Wolf Security. Many companies also wrongly believe that reporting the crimes invites negative publicity.

What can organizations do about the pervasive cybersecurity threats? According to Rosenberg, companies need to stop measuring security investments just in monetary terms. He says that companies should start thinking of information security as a kind of marathon. "It's a lifestyle," he says. "It should affect every decision you make every day. You can't eat healthy and then not work must change your lifestyle."

US $67 billion

Estimated financial losses from security attacks in the United States, extrapolated from survey data

$32 million

Financial losses from security attacks reported by respondents to the FBI

$12 million

Respondents' losses from viruses and worms


Portion of organizations sampled by the FBI that suffered a cybersecurity attack


Portion of respondents that had virus problems


Portion of those organizations that reported the problem to authorities


Portion of respondents that had spyware attacks Whether it is an experiment by an amateur virus writer somewhere in India, done just for the individual's personal entertainment, or the carefully planned and executed for-profit scheme of an Israeli spyware company, a computer security attack is annoying and damaging.

This article is for IEEE members only. Join IEEE to access our full archive.

Join the world’s largest professional organization devoted to engineering and applied sciences and get access to all of Spectrum’s articles, podcasts, and special reports. Learn more →

If you're already an IEEE member, please sign in to continue reading.

Membership includes:

  • Get unlimited access to IEEE Spectrum content
  • Follow your favorite topics to create a personalized feed of IEEE Spectrum content
  • Save Spectrum articles to read later
  • Network with other technology professionals
  • Establish a professional profile
  • Create a group to share and collaborate on projects
  • Discover IEEE events and activities
  • Join and participate in discussions