Business Survey Says Cyber Crime Overtakes Physical Crime
March 20, 2006 Timothy Prickett Morgan
According to a global survey of over 3,000 IT managers spanning all industries and company sizes commissioned by IBM, cybercrime is becoming more of a big deal for big business than real–what IBM calls physical–crime.
To publicize the study, IBM released some of the findings among the 600 IT managers who were surveyed in the United States in last January and December. About 60 percent of those polled believe that the cost of lost revenues, loss of current and potential customers, and loss of employee productivity that are the result of hacking, denial of service, and other cybercrimes now exceeds losses from physical crimes like stealing and embezzling.
Some 84 percent of the executives polled said that they believe cybercrime has moved on from an initial phase where lone or small groups of hackers broke into systems or created malware to a more organized crime structure like that of the underworld we know from television and movies. And 74 percent of those polled on the United States say that the threats to corporate security come from inside–not outside–the organization. The IT managers polled say they want local and federal law enforcement agencies to help them combat this crime, much as they would any other kind.
“U.S. IT executives are making it very clear how seriously they take cybercrime threat, both from internal and external sources,” explains Stuart McIrvine, director of IBM’s security strategy. “Paralleling their growing awareness of the impact of cybercrime on their business is the view that this is not a battle they can fight wholly on their own. The nature of crime is changing, and businesses, technology providers and law enforcement must work together to ensure the right safeguards are being put in place to securely operate in today’s environment.”
So what are businesses doing? Upgrading their antivirus and firewall software, for one. Two-thirds of those polled have implemented or are in the process of implementing intrusion detection systems, and half are putting in place automated vulnerability screening and software patch management systems.