They say that 83% of all statistics are lies. Think about that for a second.
One of the largest things media outlets use to back their claims are statistics. It is absolutely incredible how many times a media outlet will quote a statistic and not credit where it came from. Further, they are fond of taking creative liberty with how they quote the article to suit their needs.
These statistics cover damage to systems, percentage of intrusions, virus infections and everything else related to security. There are simply too many instances of suspect statistics as they relate to the computer security industry to read, match and provide analysis of them all. Most of the statistics here are simply referenced and left to the keen reader to draw their own conclusions. Analysis may be provided for articles and reports that are widely quoted or otherwise interesting. Use the feedback link at the bottom of the page if you wish to recommend an article or report for analysis, please include why you feel this article is important.
Due to the number of articles with statistics and the time drain in trying to analyze them, this page only serves as a very primitive repository for quotes and statistics about security. It is intended to be used by utilizing the 'find' feature in your web browser while viewing the Statistics or Archive pages. As time permits, we will try to lump similar statistics together.
This archive is an exact duplicate of the statistics page until 7/01/05, it was decided to leave the archive as it was because anyone needing data out of the archive would already be familiar with the old lay out.
08.12.98 Susan Jennison "Hackers Pay No Heed to Chaos They Might Cause" * Costs $10 billion to keep intruders at bay * Pentagon had 25,000 hacker attacks last year (1997) Tim Wilson/InternetWeek "Profits Embolden Hackers" * Several corporations said they lost $10 million in a single break-in. * Over 50% corporations have experienced more than 30 penetrations.. * Over 60% said they lost $200,000 as a result of each intrusion * 520 US companies reported a total loss of $136 million in 1997 36% increase from previous year 54% cited Internet as frequent point of attack 07.22.98 Nicole Manktelow "Police seek help in hacking case" * Up to $10 Million had been lost due to credit card fraud * Users ran up hourly charges .. as much as $16,000 04.06.98 Reuters "Suspected NASA hacker nabbed" * More than $70,000 worth of damage done to NASA Web Site during hack Reuters "Software piracy costs Massachusetts $850 million" * Piracy cost Mass. more than 4,300 jobs and $850 million in damage during 97 * MS Report said 25% rate of piracy cost $240 million in wages, $600 in sales, and $11 million in taxes. * Software is a 9.2 billion industry in Mass. 01.23.99 Carolyn O'Doherty "Terrorists attack by hackers hits firms" * 18,000lbs damage to the ISP 11.22.99 Daniel Wood, Christian Science Monitor * "Electronic crime is now estimated to be more than a $10-billion-per-year business." Kevin Power "FBI finds hackers can't resist a government agency" Survey: FBI's International Computer Crime Squad and CSI * In 12 months, abusers cost their employers about $270,000 in losses * In 12 months, abusers cost about $72,000 to agencies * 70 percent of attacks used to occur from within * 46 percent of agencies reported Internet security incidents * 61 percent of agencies reported viruses * 21 percent of agencies reported systems penetration incidents * 38 percent of agencies reported notebook thefts * 18 percent of agencies reported telecommunication fraud * 10 percent of agencies reported data or network sabotages * 29 percent of agencies reported internal systems problems * 17 percent of agencies reported problems with remote dial-in intrusions * 19.5 percent of agencies reported they didn't know whether their systems had been compromised 01.98 "Australians gather data on attacks" Survey: Office of Strategic Crime Assessments in Canberra Australia Victoria Police Computer Crime Investigation Squad "1997 Comptuer Crime and Security Survey" Based on questions in FBI/CSI survey. * 37% of Australian respondents confirmed unauthorized intrusion in last 12 months * 17% didn't know about any unauthroized intrusion * 77% estimated ttoal losses at under $10,000 * One respondant estimated less than $10,000 damage * One respondant estimated "figures in excess of $500,000" * One respondant estimated "close to $1 million for the calendar year" 10.23.97 Jim Wolf/Reuters "Pentagon computers broken into hundreds of times" * More than 250 unclassified US DOD systems were broken into * Number of attacks will double this year * May 1996, GAO estimates 250,000 unauthorized efforts in 1995 Cloverdale "FBI raids Bay homes in hunt for hackers" * DoD is hacked some 250,000 times each year (GOA) * 1996, as many as 162,500 "break-ins" occured (65% of the 250,000) 04.29.98 Daily Yomiuri "Japan fears its becoming a base for hackers" * Japan CERT studying 644 unauthorized access cases from Oct96 to Mar98 * Japan Police uncovered 101 high-tech crimes in 1997 06.30.98 Stone/Newsbytes "Canadian Survey Finds Firms Vulnerable To Internet" Survey: KPMGs 7th Annual Canadian Fraud Survey Report * 11% of respondents belive the Internet is a secure way to send info * 43% of respondents stated they use the internet to transmit sensitive info * 82% of respondents consider their systems to be a potential security risk for fraud * Less than half reported using security measures when transmitting info over net * 57% of resopndents admitted their firm had been a victim of fraud * 47% of respondents believe fraud will increase in 1998 * 77% of respondents cited their employees as principal source of fraud 04.16.98 "Your Company Info Could Be At Risk" Survey: Reed Exhibitions (Reed and Check Point Software Technologies) * 62% of advisors are using Net without any security * 56% of advisors are connected to Net * 18% of advisors had firewalls ... Federal Computing World "More than 50% of Fed Agencies victims" * More than half of Federal agencies report unauthorized access * Financial losses are estimated to have risen by more than 3,000% 04.06.98 Ann Kellan/CNN "CEOs hear the unpleasant truth about computer security" * Hackers breaking in cause estimated $10 billion a year problem * Quotes DOD GOA report * Almost 2,000 web sites offering tips/tools/techniques to hackers 08.10.98 ZDNet "U.S. Still not prepared for cybercrime" * 94% of companies did not have in-house expertise to respond to computer emergency * 58% of companies detected security incidents * Only 4 incidents were reported ... Sheridan Nye "BT Turns Sheriff On Lawbreakers To Stop Fraud" * Telephone fraud believe to siphon between 3 and 6 percent of revenues * 3 - 6 percent == "billions of dollars" ... Original source unknown * 241 companies put $136.8 million damage tag on intrusions * 36% increase over 1997 figure of $100.1 million "Companies leave databases wide open to espoinage [sic]" Survey: Arthur Anderson - 200 South African Companies * 75% ignore internet security * 73% of resopndants have no security policy * 61% have no security awareness program for end users 07.22.98 Ashok Khindria "Hide Behind a Firewall to Beat Cyber Criminals" * Computer crime in Britain is doubling every year * Security lapses have cost #1.5 billion since 1992 * Cost of average security breakdown soared from #2,000 to #9,000 * Single most expensive incident was #1.2 million 04.08.98 Peter Weiss "Net attacks much less frequent than many fear" Source: Analysis of security incidents on the Internet 1989-1995 * No more than 2.5 million attacks in 1995 * Other experts have estimated as high as 900 million attacks * No more than 4% could have gone undetected by CERT/CC * 1 in 540 chance of Internet break-in where attacker gains control ... "News/400 Goes After Gerstner's CC# in Ethical Hack" * 40% of companies reported breaches of info security * $800 million to $300 billion estimated losses * At least half the attacks were internal 05.28.98 Rutrell Yasin "Attacks Spur Intrusion-Detection Efforts" Source: 320 Fortune 1000 companies interviewed by WarRoom/Mark Gembicki * 69% were targets of information espionage last year * 53% reported attacks in 1996 * 68% of companies implemented some form of IDS * 27% of respondents had implemented IDS in 1996 * 84% of respondents expressed interest in IDS * 31% of respondents expressed any level of confidence in IDS 06.23.98 Yomiuri Shimbun "New Unit to Combat High-Tech Crime" * NPA recorded 263 high-tech crimes last year (1993) * 263 was eight times more than 1992 ... New York Times "Laptop theft is on the rise" Source: Computer Security Institute (CSI) * 1998 survey of 458 entities: 65% reported laptops stolen in last year * Laptop theft was third most common electronic skulduggery * Viruses were reported by 84% * Insider abuse was reported by 78% * Safeware (Insurance Company) reported 309,000 claims of stolen laptops in 1997 * 17% increase in laptop theft over previous year * About 100,000 desktops reported stolen * Total cost of thefts put at $1.3 billion 08.06.98 Rob Lemos "Cops see little hope in controlling computer crime" * Quotes GOA 250k stat * NASA estimates that hacker criminals broke in to over 120,000 of their systems in 1996 * DOD Hackers broke into their own servers in 96/97, they attacked 38,000 machines Only 4% of the incidents were detected. Of the 4%, only 27% were reported. * DOJ's Charney says cases involving encrypted data climbed 3% in 1996 to 7% in 1997 * One cracker who had stolen over 100,000 credit cards, worth an estimated $160 million 04.30.98 "Return of the Hack" * Quotes GOA 250k stat * Annual cost of hacking to US industry is reckoned to be $10 billion * Mitnick is in jail awaiting trial on charges relating to nearly $30 million in fraud * 95% of hackers infiltrate to show how clever they are or to create havoc * 5% of attackers .. threaten companies' livelihoods and even people's lives. ... Gary Anthes/Computerworld "Lotsa Talk, Little Walk" Source: Ernst & Young/Computerworld Survey of 4,255 IT/IS Managers * 84% said senior management believes IS is 'important' * 41% said they had no formal security policies * 75% said they had no incident response plans * 50%+ said they had no disaster recovery plans * 33%+ said they don't monitor their networks for suspicious activity * less than 20% use encryption to safeguard sensitive informatino CyberCrime (book) 1988 National Center for Computer Crime Data in California 32% persons arrested for computer crime were women. 43% were minorities. 25% were white males David Carter, professor @ Michigan State U. 200 businesses: 93.6% victims 43.3% victims 25+ times average fraud $23,000 - involving computers $500,000[an error occurred while processing this directive]