A recent research study by the Australian Institute of Criminology asked businesses from each industry sector to estimate how many computer security incidents they had experienced during the 2006–07 financial year (Richards 2009). The Australian Business Assessment of Computer User Security (ABACUS) survey defined a computer security incident as any unauthorised use, damage, monitoring attack or theft of your business information technology. Incidents such as viruses or worms were counted as one incident, not once per infected machine. A majority of businesses from all industry sectors reported experiencing no incidents and the proportion of businesses from each sector that experienced incidents did not vary greatly. The proportion of businesses that experienced one or more computer security incidents ranged from eight percent of businesses from 'other services' to 21 percent of businesses from the 'administration and support services' sector.
Source: Australian Institute of Criminology, ABACUS 2008 [computer file, weighted data]
- Richards K 2009. The Australian business assessment of computer user security: a national survey. Research and public policy series no. 102. Canberra: Australian Institute of Criminology. http://www.aic.gov.au/publications/rpp/102/index.html