Australian Institute of Criminology

Skip to content

Computer security incidents experienced by Australian businesses

Crime facts info no. 191

ISSN 1445-7288
Canberra: Australian Institute of Criminology, June 2009

A recent research study by the Australian Institute of Criminology asked businesses to estimate how many computer security incidents they had experienced during the 2007 financial year (Richards 2009). The Australian Business Assessment of Computer User Security (ABACUS) survey defined a computer security incident as any unauthorised use, damage, monitoring attack or theft of your business information technology. A single computer security incident that affected multiple machines was counted as one incident. Business size was found to be associated with the number of computer security incidents experienced. A majority of small businesses (those with 0–19 employees), medium businesses (20–199 employees) and large businesses (more than 200 employees) reported experiencing no computer security incidents. A greater proportion of large businesses experienced one to five, six to 10 and more than 10 incidents than did medium businesses. In turn, a greater proportion of medium businesses than small businesses experienced one to five, six to 10 and more than 10 computer security incidents.

Number of computer security incidents experienced, by business size (percent)

 Number of computer security incidents experienced, by business size (percent)

n=3,620

Source: Australian Institute of Criminology, ABACUS 2008 [computer file, weighted data]

References