The report came from the Computer Security Institute (CSI), based in San Francisco, which each year produces its "Computer Crime and Security Survey” with the participation of the FBI. It was based on responses from 538 computer security practitioners in US corporations, government agencies, financial institutions, medical institutions and universities.
The main findings were:
- 64% acknowledged financial losses due to computer breaches.
- 35% percent (186 respondents) were willing and/or able to quantify their financial losses. These 186 respondents reported $378 million in financial losses. (In contrast, the losses from 249 respondents in 2000 totalled only $266 million.
- As in previous years, the most serious financial losses occurred through theft of proprietary information (34 respondents reported $151 million) and financial fraud (21 respondents reported $93 million).
- For the fourth year in a row, more respondents (70%) cited their internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (31%).
- 36% reported the intrusions to law enforcement authorities; a significant increase from 2000, when only 25% reported them. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.)
- 40% of respondents detected system penetration from the outside (only 25% reported system penetration in 2000).
- 38% of respondents detected denial of service attacks (only 27% reported denial of service in 2000).
- 91% detected employee abuse of internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems). Only 79% detected net abuse in 2000.
- 94% detected computer viruses (only 85% detected them in 2000).