Comparison 2005 until 2007

2005

2006

2007

2005 CSI/FBI Computer

Crime and Security Survey,
based on responses from
700 U.S. corporations,
government agencies,
financial and medical
institutions, and
universities.

Almost 40% of respondents

to the CSI/FBI 2006
Computer Crime and
Security Survey attribute
20% or more of losses to
insiders threats.

The Computer Security

Institute (CSI) today
released its 2007 report
with news that the average
annual loss reported by
U.S. companies in the 2007
CSI Computer Crime and
Security Survey more than
doubled, from $168,000 in
last year's report to
$350,424 in this year's
survey. This ends a fiveyear run of lower reported
losses.

1. Total financial losses

from attacks have
declined dramatically.
Down 61% on a perrespondent basis from last
year, but still reportedly
$130M.
2. Attacks on computer
systems or (detected)
misuse of these systems
have been slowly but
steadily decreasing in all
areas. Exception to the
rule: a slight increase in the
abuse of wireless networks.
3. Defacements of
Internet websites have
increased dramatically.
95% of organizations
experienced more than 10
website incidents in 2004.
7. Computer security
investments per
employee vary widely.
State governments lead the
pack at $497, followed, in
descending order, by
utilities, transportation,
telecommuications,
manufacturing, and high
tech down to the federal
goverment at $49.
8. Despite continuing

Unauthorized access to
information was the second
most expensive type of loss
accounting for more than
$10,000,000 in 2006.
E-mail monitoring and web
activity monitoring were
employed by 61% of
respondents to evaluate the
effectiveness of security
measures taken.
48% did not report a
security breach or intrusion
to law enforcement to avoid
negative publicity.
73% identified the most
critical computer security
issue was data protection
(e.g., data classification,
identification and
encryption) and application
software vulnerability
security followed by Policy
and regulatory compliance,
63%, and identity thet and
leakage of private
information at 58%.

Financial fraud overtook

virus attacks as the source
of the greatest financial
loss. Virus losses, which
had been the leading cause
of loss for seven straight
years, fell to second place.
Another significant cause of
loss was system
penetration by outsiders.

discussion, there has been

no increased use by
organizations of
outsourcing
cybersecurity or using
insurance to manage
risks.

Analytical Summary

Base on the comparison above we can see that the financial loses because of
cyber crime is getting increase from 2005 until 2007.

Virus attack is the major attacks as the source of the greatest financial loss.

Email monitoring and web monitoring become major focus in 2006 because in
2005 we can see that defacements of Internet websites have increased
dramatically 95% of organizations