The 2011 Norton Cyber Crime Report was released yesterday which is based on the company's analysis of an online survey of 19,636 respondents from 24 countries. The survey was conducted between 06 February and 14 March 2011.
Given the survey answers, Norton says that it calculates that a total of 431 million adults living in the surveyed 24 countries have been cyber crime victims within the past 12 months. This equates, it says, to 14 cyber crime victims every second; 820 cyber crime victims every minute; or almost 50,000 per hour.
Some 74 million US residents were cyber crime victims last year, the report states.
The Norton report also says that the direct cost of this cyber crime activity was approximately $114 billion - with another $274 billion in indirect costs related to lost time/productivity. This total of $388 billion "... costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion)."
The figures shouldn't be a total surprise, Norton says. For example,
"... 74 percent of respondents say they are always aware of cyber crime, many are not taking the necessary precautions. Forty-one percent of adults indicated they don't have an up to date security software suite to protect their personal information online. In addition, less than half review credit card statements regularly for fraud (47 percent), and 61 percent don't use complex passwords or change them regularly. Among those who access the Internet via their mobile phone, only 16 percent install the most up to date mobile security."
You can read the entire 2011 Norton Cyber Crime Report here.
In another cyber security statistic released this week, the Digital Forensics Association says that it has analyzed 3,765 data loss incidents from 33 countries over the past six years in which 806.2 million records have been known to have been improperly disclosed in one way or another. On average, its press release states, "... organizations lost over 388,000 people’s records per day/15,000 records per hour every single day for the past six years."
The Association estimates the cost to the organizations losing the data to be $156 billion. That figure, however, the Association states, " ... does not include the costs that the organizations downstream or upstream may incur, nor that of the data subject victims. Further, it is a low estimate of the cost, due to the fact that 35% of the incidents did not name a figure for records lost."
You can read the Digital Forensics Association's Leaking Vault report (PDF) here.
Finally, the Office for Civil Rights at the US Department of Health and Human Services delivered this week its annual report to the US Congress on the unauthorized disclosures of medical records that have occurred from 23 September 2009 to 31 December 2010. According to the OCR report, as described in an article by Modern Healthcare, 7.9 million people have seen their medical records improperly exposed in more than 30,750 incidents in the US.
There were 252 incidents involving 500 or more individuals, and some 30,500 incidents involving less than 500 individuals reported to the HHS. One bit of "good news" in the report is that, "The majority of small breach reports in 2009 and 2010 involved misdirected communications and affected just one individual each."
However, with the Health Net data breach this year alone affecting over 1.9 million individuals as well as the other medical data breaches listed here for the first six months of this year, I fully expect next year's OCR report to show another "healthy" increase in the number of authorized disclosure of US medical records for 2011.
You can read the OCR/HHS Annual Report to Congress on Breaches of Unsecured Protected Health Information (PDF) here.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.