Skip to main content /TECH with /TECH

FBI: Cybercrime rising

Yet fewer companies reporting incidents

FBI: Cybercrime rising

By Daniel Sieberg
CNN Sci-Tech

(CNN) -- Cybercrime is on the rise throughout the United States, but many of those attacks are not being reported to the authorities, suggests a new report released Sunday by the FBI and the Computer Security Institute (CSI).

In the seventh annual "Computer Crime and Security Survey," about 90 percent of respondents detected a security breach within the last 12 months. However, only 34 percent reported the intrusions to law enforcement officials. This compares to 36 percent reporting incidents in 2001 and 25 percent in 2000.

"There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement," said Patrice Rapalus, director of the CSI, which prepared the survey with the FBI's Computer Intrusion Squad in San Francisco, California.

A private organization based in San Francisco that trains and educates its thousands of members on computer and network security issues, CSI describes itself as an advocate for "the critical importance of protecting information assets."

Participating in the survey were 503 security practitioners from corporations, government agencies, financial and medical institutions and universities. The names of the groups were not released.

Click here to see more results from the survey

Narrowing the gap between the number of cyberattacks in the private sector and the total reported to federal authorities has long been a goal of security professionals. Many firms cite the fear of bad publicity for their reluctance to alert authorities, while others prefer not to divulge any proprietary information to investigators.

Those practices need to stop, said Bruce Gebhardt, a former FBI special agent in-charge at the San Francisco office and now executive assistant director of the FBI.

"Now, more than ever, the government and private sector need to work together to share information and be more cognitive of information security so that our nation's critical infrastructures are protected from cyberterrorists," Gebhardt said.

Millions of dollars lost

The latest survey's findings' conclusions are comparable to those drawn by earlier reports. The most serious financial losses from cybercrimes occurred through theft of proprietary information and financial fraud -- $170 million and $115 million, respectively.

But not even half of the respondents (44 percent or 223 respondents) were willing or able to quantify their financial losses.

The total amount reportedly lost to cybercrime was $455.8 million, which compares with $378 million in 2001 and $265 in 2000. Overall, 80 percent of the companies that participated acknowledged financial some form of financial losses due to computer breaches.

Millions of dollars lost

Results of the 2002 survey also continued to challenge the notion that internal threats are greater than outside ones, said Rapalus.

According to the survey, twice as many respondents cited their Internet connection as a more frequent point of attack as those who said assaults came from within their internal systems.

The type of cyberattacks ranged from simple defacement of a Web site (similar to spraying graffiti on a front door) to denial-of-service attacks, which are meant to overwhelm a site and render it unusable. Eighty-five percent said they had been hit with some type of computer virus.

Company workers were also found to have caused mischief, as 78 percent of the respondents said they had detected some form of employee abuse over the Internet, including downloading pornography, accessing pirated software or inappropriate use of e-mail. This finding is actually down from last year when 91 percent of employees were found to have committed similar abuses.

However, financial losses due to these employee abuses actually increased, from $35 million to $50 million.


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top