Cyber Security Industry Alliance Newsletter • Volume 2, Number 7 • March 2006

DOJ to Conduct National Computer Security Survey

First-ever Comprehensive National Survey to Set
Baseline Cybercrime Costs and Attack Rates

 

The Department of Justice (DOJ) announced plans to conduct the first-ever national survey to measure the prevalence and impact of cybercrime on businesses within the United States. The survey, conducted by DOJ's Bureau of Justice Statistics (BJS) and the Department of Homeland Security's National Cyber Security Division, will estimate the number of cyber attacks, frauds and thefts of information and the resulting losses during 2005. CSIA will be working closely with the Department of Justice and DHS on this national survey on the cost of cybercrime to business.

The survey, which begins this month and will be completed by the end of the year, will provide critical information for businesses, industry, government and other users to make more informed decisions about how to target resources to fight cybercrime. The comprehensive survey will collect information from a wide range of industry sectors about:

  • The nature and extent of computer security incidents.
  • The monetary costs and other consequences of these occurrences.
  • Incident details, such as types of offenders and reporting to authorities.
  • Computer security measures various firms use.

To date, the Department has sent out a preliminary run of 3500 surveys.

Cyber threats are a national issue that can be adequately addressed only through cooperation among private firms, and federal, state and local agencies. The President's National Strategy for Securing Cyberspace calls for DOJ to develop better data about victims of cybercrime and to track future changes.

Currently no national baseline measure exists on the extent of cybercrime. The survey data will enable the federal government to assess what needs to be done to reduce computer security vulnerabilities and will provide the first official national statistics on the extent and consequences of cybercrime among the country's 5.3 million firms with salaried employees.

In time, tens of thousands of businesses of all kinds will be asked to participate.

Almost three-fourths of businesses responding to a BJS pilot survey said they had been victimized by cybercrime during 2001. Computer virus infections were the most common form of attack (64 percent), followed by denial of service incidents (25 percent) and vandalism or sabotage (19 percent). Among the companies that detected a computer virus, less than 6 percent said they notified a law enforcement agency.

We encourage all to support this important project. Additional information about the new survey can be found at: www.ojp.usdoj.gov/bjs/survey/ncss/ncss.htm.