The US Department of Justice (DOJ) has announced plans to conduct the first ever national survey to measure the prevalence and impact of cybercrime on businesses within the US.
The survey, conducted by the DOJ's Bureau of Justice Statistics (BJS) and the Department of Homeland Security's National Cyber Security Division, will estimate the number of cyber attacks, frauds and thefts of information and the resulting losses during 2005.
The survey, which will start this month and will be completed by the end of the year, will provide critical information for businesses, industry, government and other users to make more informed decisions about how to target their resources to fight cybercrime.
It will collect information from a wide range of industry sectors about:
• The nature and extent of computer security incidents
• The monetary costs and other consequences of these occurrences
• Incident details, such as types of offenders and reporting to authorities
• The computer security measures various firms use.
Currently no US national measure exists on the extent of cybercrime, and the survey’s results will enable the US government to assess what needs to be done to reduce computer security vulnerabilities. It will also provide the first official national statistics on the extent and consequences of cybercrime among the country's 5.3 million firms with salaried employees.
Almost three-quarters of businesses responding to a Bureau of Justice Statistics pilot survey said they had been victims of cybercrime in 2001. Virus infections were the most common form of attack (64%), followed by denial of service incidents (25%) and vandalism or sabotage (19%). Among the companies that detected a computer virus, less than 6% said they notified a law enforcement agency.
More details about the survey can be found at www.ojp.usdoj.gov/bjs/survey/ncss/ncss.htm
Any survey that gives insight into the extent and cost of attacks has to be welcome, especially if it shocks some blasé organisations into tackling their vulnerabilities.