Estimating the extent and cost of computer crime is a critical task for government and industry to ensure that responses are appropriately focused, and that scarce resources are most cost effectively employed to combat the problem. While the sampling method is limited and the results cannot be used to estimate the overall nature, extent and cost of computer crime in Australia, the Annual Computer Crime and Security Survey is an important source of information about trends among those surveyed. The results released in 2005 show a decline in the number of electronic attacks that harm the 'confidentiality, integrity or availability of network data or systems'. Thirty-five percent of respondents in the 2005 report indicated that they experienced an attack compared to 67 percent in the 2002 report. There was a rise in the estimated cost of attacks from $5.78 million in the 2002 report to $16.85 million in the 2005 report. However, the survey methodology is particularly susceptible to distortion in the way different respondents may calculate their own losses. Key findings in the 2005 report are that financially motivated attacks are increasingly prevalent and more sophisticated, and that the ways in which offenders target vulnerabilities in operating systems and application software are not easily addressed.
Reported incidences and overall costs [see attached PDF for graph]
Source
- AusCERT 2005 Computer crime and security survey