St. Barnabas Healthcare System was one of those companies hit by Melissa. Virus-scanning software it was testing caught the problem before it became serious, but the experience gave the company a new perspective on viruses. "Viruses used to be like a mosquito bite to most companies. Now they look like malaria," says Tony Macaluso, VP of technology resources and chief technology officer for the Toms River, N.J., health-care company.

Viruses, which represent the single biggest computer and network security concern among business, are a growing problem, according toInformationWeek's Global Information Security Survey, conducted with PricewaterhouseCoopers LLP. Released this week, the survey is based on responses from 2,700 executives, security professionals, and technology managers from 49 countries (for the methodology used, see sidebar story, "Security Survey Methodology"; for more results, go to www.informationweek.com/743/secure.htm). Even with new, more advanced security available, companies are still vulnerable. Global networks, Internet technologies, and a demanding pace of change are putting companies at risk.

Globally, about 64% of companies were hit by at least one virus in the past 12 months, up from 53% the year before. In the United States, viruses stung 69% of companies. Those figures are about four times as high as the next highest category of security breaches: unauthorized network entry.

Most other forms of security problems declined or remained flat in the past year, with reports of information loss dropping from 15% of respondents to 11%; data and system integrity losses falling from 14% to 11%; and denial of service declining from 13% to 11% (see chart, below).

The only category of security problem other than viruses to show an increase this year is Trojan horses, which mimic familiar programs to trick users' into divulging passwords and other key information. The number of companies reporting Trojan horses jumped from 3% to 8%.

The percentage of companies suffering security breaches increased slightly. Last year, 27% of companies responding said they had not suffered a security breach. This year, only 24% could make that claim. In the United States, just 22% reported no security breaches.

It's hard to know exactly who is responsible for security breaches. But when asked who they suspected was responsible, survey respondents cited computer hackers or terrorists as the leading cause. A year ago, only 14% named hackers and terrorists as the probable cause of breaches and espionage; this year, that number jumped to 48%. Respondents also pointed to contract service providers, which were named by 31% of respondents this year compared with 9% a year ago.

continued...page 2, 3, 4, 5, 6

Illustration by Teofilo Olivieri