Computer crime costs $67 billion, FBI says

By Joris Evers
Staff Writer, CNET News

Print
E-mail
Share

Related Stories: Win32.VB worm spreading quickly
January 18, 2006; Feds aim for more data sharing by terrorist screeners
January 17, 2006; Microsoft security zaps laptop tracer
December 14, 2005; Stolen PC holds sensitive consumer data
November 9, 2005; Separating myth from reality in ID theft
October 24, 2005; Port spike may portend an attack, experts say
June 23, 2005; Offline ID crimes still more severe
January 26, 2005

Dealing with viruses, spyware, PC theft and other computer-related crimes costs U.S. businesses a staggering $67.2 billion a year, according to the FBI.

The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period.

The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed.

Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent.

"This would be 2.8 million U.S. organizations experiencing at least one computer security incident," according to the 2005 FBI Computer Crime Survey. "With each of these 2.8 million organizations incurring a $24,000 average loss, this would total $67.2 billion per year."

By comparison, telecommunication fraud losses are about only $1 billion a year, according to the U.S. Secret Service. Also, the overall cost to Americans of identity fraud reached $52.6 billion in 2004, according to Javelin Strategy & Research.

Other surveys have attempted to put a dollar amount on cybersecurity damages in the past, but the FBI believes its estimate is the most accurate because of the large number of respondents, said Bruce Verduyn, the special agent who managed the survey project.

"The data set is three or four times larger than in past surveys," he said. "It is obviously a staggering number, but that is the reality of what we see."

Responding to worms, viruses and Trojan horses was most costly, followed by computer theft, financial fraud and network intrusion, according to the survey. Respondents spent nearly $12 million to deal with virus-type incidents, $3.2 million on theft, $2.8 million on financial fraud and $2.7 million on network intrusions.

These figures do not include much of the staff, technology, time and software employed to prevent security incidents, Verduyn said. Also, losses to individuals who are victims of computer crime or victims in other countries are not included, he said.

The FBI's next fiscal year, for which budgets must be reviewed and approved, begins Oct. 1. Protecting the U.S. against high technology crimes is third on the agency's list of priorities.

Defenses in place
Survey respondents use a variety of security products for protection. Antivirus software is almost universally used, with 98.2 percent of respondents stating they use it. Firewalls follow in second place, with 90.7 percent, and anti-spyware and antispam are each used by about three-quarters of respondents, according to the survey.

The results mean that close to one in 10 organizations does not have a hardware or software firewall. Or perhaps they don't know they have one--the Windows Firewall in Windows XP, for example. "Some are very small businesses that should have that technology, but they don't," Verduyn explained.

Biometrics and smart cards--both relatively new security technologies--were used only by 4 percent and 7 percent of survey respondents, respectively. Intrusion prevention or detection systems were used by 23 percent and VPNs, or virtual private networks, by 46 percent.

Organizations were attacked despite use of security products, with nine out of 10 respondents saying they experienced a security incident. In fact, the most common attacks aligned with the most commonly used defenses. Computer viruses, worms or Trojan horses plagued 84 percent of respondents, 80 percent reported spyware trouble, and 32.9 percent said attackers were probing their systems using network port scans.

Not all threats came from outside the organization. More than 44 percent of the survey respondents reported intrusions from within the company. "Companies may be unaware of the internal potential for computer security incidents," Verduyn said. He recommends applying policies and procedures to thwart attacks from the inside.

The FBI surveyed companies in Iowa, Nebraska, New York and Texas. Companies older than three years, with more than five employees and with more than $1 million in revenue were asked to participate. Survey participants were asked to provide their responses by the end of July 2005, with their answers covering the previous 12-month period.

See more CNET content tagged:
survey, computer security, theft, crime, VPN

Add a Comment (Log in or register) 5 comments

OK kids...
by Terry Murphy January 19, 2006 4:57 PM PST: Get your total cost of ownership scorecards out, your calculator
warmed up and ready, and start adding.

And by "kids," what I really mean is corporate IT management; to
the extent that IT and management can be used in the same
sentence when accounting for a genuine contribution towards
overall company interests.; Reply to this comment

Almost the amount MSFT makes EACH YEAR selling you buggy software
by Anon-Y-mous January 19, 2006 5:47 PM PST: It's odd that it costs everyone $67 billion and Microsoft makes almost that much each year selling you their software that *CAUSES* this cost of $67 Billion.

About time to make MSFT pay $1 billion PER VIRUS INCIDENT or exposed vulnerability *directly* into the national treasury. That would at least offset the cost to the country and make them more responsible.

If a bank left their door unlocked, their cameras off, and your safedeposit box open overnight and someone stole it, do you think YOU should be paying for their mistake? I think not. The bank should pay ALL clients for their mistakes. Same rules should apply to software.; Reply to this comment

Why the world puts up with all this? Rather just use a free online desktop
by iqula January 20, 2006 12:13 AM PST: I cannot understand why we put up with this and having to download and update and reboot every time we connect to the net, the online desktop offered free at http://www.cosmopod.com does away with all this can someone now give them the $67 billion so they can prosper.; Reply to this comment

For $67 Billion you'd think ...
by rcrusoe January 20, 2006 7:24 AM PST: that people would abandon Windows for a more secure OS like
Linux or OS X. But very, very few will.

Just goes to show you that P.T. Barum was right: "There's a
sucker born every minute".; Reply to this comment

Billions in Crime Need A Fast Block
by Iohagh January 26, 2006 1:50 PM PST: I hear that there is a patent on Single Use Credit Card Number ID in the USA and whomever uses that is going to really grow fast if they have the right marketing plan in the US because the US FFIEC is by fiat requiring that everyone use 4 factor authentication that leads to that product, a single use ID either in tokens or in offline devices. Basically the time is now and we the consumers are watching.; Reply to this comment

Latest tech news headlines

Q&A: What's ahead for Visual Studio and .Net
Posted in News - Business Tech by Adrian Bridgwater

November 22, 2008 6:10 AM PST
Lifestreaming in Obamaland
Posted in Outside the Lines by Dan Farber

November 21, 2008 11:59 PM PST
Judge orders Ballmer to testify in Vista suit
Posted in Beyond Binary by Ina Fried

November 21, 2008 7:35 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (6.54%) 494.13 8,046.42; S&P 500 (6.32%) 47.59 800.03; NASDAQ (5.18%) 68.23 1,384.35; CNET TECH (5.95%) 56.25 1,002.00

Inside CNET News

Scroll Left Scroll Right

Business Tech
Q&A: What's ahead for Visual Studio and .Net
Microsoft's Jason Zander and Matt Carter talk tools and set out the company's manifesto for data democracy.
Gallery
Photos: Gadgets we're thankful for, Part 1
Military Tech
Army backs Hydrogen Highway
US Army has awarded a $1.8 million contract to develop hydrogen filling stations.
Outside the Lines
Lifestreaming in Obamaland
The technologies that helped Obama reach the White House are going to make the president-elect's life more transparent and scrutinized than any previous White House occupant.
Video
The BlackBerry Storm touches down
Digital Media
MySpace Music to name Courtney Holt chief next week
The lengthy CEO search at MySpace Music is finally coming to an end. Now let's see what the new guy can do against Apple.
Video
SF Bay Area plugs in
Politics and Law
The key to innovation: Privately owned fiber?
A paper released by the New America Foundation proposes encouraging consumers to purchase their own fiber lines.
Cutting Edge
Water ice glaciers spotted on Mars
NASA scientists find what they believe are huge water ice glaciers sitting just beneath the Martian surface.
Gallery
Photos: Top-rated reviews of the week
Crave
This week in Crave
Didn't have time to follow Crave this week? Here's what you need to know to be the belle of the gadget ball.
Green Tech
Google crunches numbers on clean-energy policy
Search giant pressures policy makers with an analysis arguing that government and business can clean the U.S. energy supply while stimulating the economy.