TWiki> Repository Web>WeeklyPapersFall07>CsiSurvey2007 (26 Sep 2007, AndrewBlaich)EditAttach

2007 CSI Computer Crime and Security Survey

Authors: Robert Richardson

Complete Citation

R. Richardson. 2007 CSI Computer Crime and Security Survey. The 12th Annual Computer Crime and Security Survey (Computer Security Institute)

Abstract

For the past five years, this survey—perhaps the most widely quoted set of statistics in the industry—has shown a drop in average estimated losses due to cybercrime. This year, however, the tide has turned and respondents have reported a significant upswing.

Because this is the longest-running survey in the information security field, it’s possible to see that losses climbed steadily beforethe loss numbers began to fall in 2002. The losses at their peak were still dramatically higher than they are this year. The drop from that peak came as a surprise to many and indeed no small amount of reflection has been invested in sorting out just how it could be that security practitioners thought they were losing less and less money.

There are, no doubt, many causes, but there were several surveys and studies not done by CSI where one could see drops both in the frequency and the cost of many different types of cybercrime. At least within the enterprise, most respondents to this survey over the years thought their better security performance was real enough (though, of course, a number of organizations continued to suffer catastrophic attacks and data breaches).

A drop in losses was welcome evidence that the efforts put into cyber security were showing some return on investment. At the same time, there was reason to believe that the downward trend couldn’t continue indefinitely. A number of developments within the criminal world persuaded many knowledgeable observers that it was inevitable that the gains made would be given up with the arrival of newer, more insidious threats.

Though it’s wrong to project a trend from a single year’s results, and particularly from an informal survey such as this one, there is nevertheless a strong suggestion in this year’s results that mounting threats are beginning to materialize as mounting losses. This year’s survey results are based on the responses of 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.

This is the 12th year of the survey. In previous years, the survey was titled the CSI/FBI survey, but although our colleagues within the Bureau have continued to provide insight and opinion regarding the survey, the “FBI” nomenclature has been discontinued and the survey is now entirely administered by CSI.

We anticipate that this will give us more flexibility in the use and direction of our research efforts.

Annotations

-- AndrewBlaich - 26 Sep 2007

  • Picture_1.png:
    Picture_1.png

  • Picture_2.png:
    Picture_2.png

  • Picture_3.png:
    Picture_3.png

  • Picture_4.png:
    Picture_4.png
Attachments Attachments
Topic attachments
I Attachment Action Size Date Who Comment
pdfpdf CSISurvey2007.pdf manage 1918.9 K 26 Sep 2007 - 23:01 AndrewBlaich  
pngpng Picture_1.png manage 53.9 K 26 Sep 2007 - 15:44 AndrewBlaich  
pngpng Picture_2.png manage 114.0 K 26 Sep 2007 - 15:44 AndrewBlaich  
pngpng Picture_3.png manage 105.3 K 26 Sep 2007 - 15:44 AndrewBlaich  
pngpng Picture_4.png manage 55.5 K 26 Sep 2007 - 15:45 AndrewBlaich  
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r2 - 26 Sep 2007 - 23:01:42 - AndrewBlaich
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback