The CSI, an association for the information security community, conducted the survey of 700 US computer security practitioners with the help of San Francisco FBI's Computer Intrusion Squad.
The results confirm that the total dollar amount of financial losses resulting from security breaches is decreasing, with an average loss of $204,000 per respondent in 2004, down 61% from the average loss of $526,000 in 2003.
Virus attacks were again the source of the greatest financial losses, accounting for 32% of the overall losses reported, but losses resulting from unauthorised access leapt into second place, accounting for 24% of overall reported losses and overtaking those caused by denial of service attacks.
But the results also reveal a significant increase in the average loss per respondent caused by the theft of proprietary information – more than double that of the previous year.
"Individual users are more exposed to computer crime than ever, due to the growth in identity theft schemes,” said Chris Keating, CSI Director. “With the press and the public paying more and more attention as identity theft becomes a vital societal issue, we can't help but note the shift in the survey results toward more financial damage due to theft of sensitive company data.”
“This is an ominous, though not unexpected, development and underscores the need to insist that enterprise networks be properly safeguarded," he added.
According to the survey, the number of organisations reporting computer intrusions to law enforcement agencies has also declined, continuing the trend of the past few years. The key reason cited by respondents for not reporting such intrusions is that of concern over negative publicity.