They say that 83% of all statistics are lies. Think about that for a second.
One of the largest things media outlets use to back their claims are statistics. It is absolutely incredible how many times a media outlet will quote a statistic and not credit where it came from. Further, they are fond of taking creative liberty with how they quote the article to suit their needs.
These statistics cover damage to systems, percentage of intrusions, virus infections and everything else related to security. There are simply too many instances of suspect statistics as they relate to the computer security industry to read, match and provide analysis of them all. Most of the statistics here are simply referenced and left to the keen reader to draw their own conclusions. Analysis may be provided for articles and reports that are widely quoted or otherwise interesting. Use the feedback link at the bottom of the page if you wish to recommend an article or report for analysis, please include why you feel this article is important.
Due to the number of articles with statistics and the time drain in trying to analyze them, this page only serves as a very primitive repository for quotes and statistics about security. It is intended to be used by utilizing the 'find' feature in your web browser while viewing the Statistics or Archive pages. As time permits, we will try to lump similar statistics together.
The analysis section houses reviews and rebuttals to reports and surveys concerning the InfoSec community. You can also find collections of contradictory statistics and commentary on some news sources for their over all level of accuracy. This is a developing section and content may be slow to come as interest develops.
For a great read on computer crime damage figures, M.E. Kabay, PhD has written a paper titled "Understanding Studies and Surveys of Computer Crime" that explores the aspects/facets of determining such damage figures.
Dan Barrett does a nice job questioning statistics created by CERT and regurgitated in an IEEE Computer article: http://catless.ncl.ac.uk/Risks/18.04.html#subj9
Julie Ryan and Theresa Jefferson have published a great paper titled "The Use, Misuse, and Abuse of Statistics in Information Security Research" which examines several reports related to security and statistics. This is a must read.
While not specifically related to the InfoSec community, Stephen Jay Gould was a gifted palenontologist and researcher who had a knack for explaining things in a way most folks could understand them. Anyone looking for a no bullshit view of interpreting statistics should check out Full House: The Spread of Excellence from Plato to Darwin by Stephen J. Gould.
The Pew Internet and American Life Project's Report on Spyware -Mr. Zodiac
Recent Claims About Quantum Cryptography - Mr. Zodiac