SAN FRANCISCO, April 7 (UPI) -- Most government agencies and large corporations that have their computer security breached do not report it to law-enforcement agencies, an FBI survey released Sunday said.
The survey, "2001 Computer Crime and Security Survey," conducted jointly by the Computer Security Institute and the FBI's Computer Intrusion Squad, showed that 85 percent of the 538 respondents detected computer security breaches in the past year, but only 36 percent of them reported these to law enforcement. The survey, now in its sixth year, pointed out, however, that this figure was significantly higher than 25 percent of reported cases in 2000.
Sixty-four percent of those surveyed said breaches had caused financial losses. Thirty-five percent (186) of the total respondents reported $377,828,700 in losses. Last year's figures were $265,589,940 from 249 respondents. Theft of proprietary information (34 respondents reported $151,230,100) and financial fraud (21 respondents reported $92,935,500) caused most of the damage.
Seventy percent said the Internet was a frequent point of attack. Last year's figures were 59 percent.
Ninety-one percent of those surveyed reported employee abuse of the Internet access, including downloading pornography or pirated software, or inappropriate use of e-mail systems, up from 79 percent last year.
Bruce J. Gebhardt, who is in charge of the FBI's Northern California office, said, the results "demonstrate the seriousness and complexity of computer crime."
CSI Director Patrice Rapalus cited the need to "fund, train, staff and empower those tasked with enterprise-wide information security."
"The survey results over the years offer compelling evidence that neither technologies nor policies alone really offer an effective defense for your organization," Rapalus said in a statement. "Organizations that want to survive in the coming years need to develop a comprehensive approach to information security, embracing both the human and technical dimensions."
The results were based on responses from 538 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.