Survey: Costs of Cybercrime Overtake Physical Crime

Sixty-one percent of respondents believe it is the joint responsibility of both the federal and local law enforcement agencies to help combat organized cybercrime

by / March 18, 2006
Sixty-one percent of respondents believe it is the joint responsibility of both the federal and local law enforcement agencies to help combat organized cybercrime

Nearly 60 percent of U.S. businesses believe that cybercrime is more costly to them than physical crime, reports a recent IBM survey of companies in the healthcare, financial, retail and manufacturing industries. The costs resulting from cybercrime, these businesses report, are primarily from lost revenue, loss of current and prospective customers and loss of employee productivity.

Surveying 600 CIOs or other individuals qualified to answer questions about their company's IT practices, the IBM survey reveals that 84 percent of IT executives of U.S. businesses believe that organized criminal groups possessing technical sophistication are replacing lone hackers in the world of cybercrime. The threat from unprotected systems in developing countries is a growing challenge, according to almost three-quarters of respondents. And, alarmingly, almost three-quarters (74 percent) perceive that threats to corporate security are now coming from inside the organization.

These views come as a majority of respondents (61 percent) believe it is the joint responsibility of both the federal and local law enforcement agencies to help combat organized cybercrime. These responses by businesses are in stark contrast to consumer beliefs. A recent IBM survey of consumers showed that 53 percent of Americans hold themselves most responsible for protecting themselves from cybercrime, while 11 percent felt it was the job of federal law enforcement agencies, and only four percent hold local law enforcement agencies responsible.

"U.S. IT executives are making it very clear how seriously they take cybercrime threat, both from internal and external sources," said Stuart McIrvine, director of IBM's security strategy. "Paralleling their growing awareness of the impact of cybercrime on their business is the view that this is not a battle they can fight wholly on their own. The nature of crime is changing, and businesses, technology providers and law enforcement must work together to ensure the right safeguards are being put in place to securely operate in today's environment."

Taking Action
In light of the growing threat of cybercrime, many companies have increased their security measures to guard against cybercrime. According to the IBM survey, 83 percent of U.S. organizations believe they have safeguarded themselves against organized cybercrime, and they are responding to the increased/changing threat of cybercrime in a number of ways:
  • Upgrading virus software (73 percent)
  • Upgrading their firewall (69 percent)
  • Implementing intrusion detection/prevention technologies (66 percent)
  • Implementing vulnerability/patch management system on network (53 percent)
When asked which two initiatives were the most important to undertake over the course of the next year, IT business executives in the U.S. indicated upgrading their virus software (39 percent) and upgrading their firewall (32 percent) were of highest priority.

Global Comparison
IBM conducted the same survey in 16 additional countries to better gauge the attitudes regarding cybercrimes and their impact on international businesses. Both cybercrime and physical crime are viewed as considerable threats to U.S. and international organizations. And, when it comes to cost impact, both groups agree that cybercrime (57 percent of U.S. and 58 percent of international businesses) is more costly to their organizations than physical crime (43 percent and 42 percent, respectively).

However, while 83 percent of U.S. businesses boast that they have adequate safeguards in place to combat organized cybercrime, their international counterparts are not so confident, with just over half (53 percent) indicating they are prepared.

In combating cybercrime, there are some slight differences between U.S. and international IT business executives regarding their priority initiatives. The top two initiatives for U.S. businesses are upgrading their virus software (39 percent versus 24 percent of international businesses) and upgrading their firewall (32 percent). For international businesses, implementing intrusion detection/prevention technologies (33 percent versus 20 percent of U.S. businesses) and upgrading their firewall (27 percent) were the highest priorities. Just seven percent of U.S. businesses thought increasing the encryption of their files was a high priority while almost one-fifth (18 percent) of the international community thought this to be a higher priority.