Nearly nine out of every ten companies experienced a computer security incident in 2005, the Federal Bureau of Investigation (FBI) said Wednesday in a large-scale survey of over 2,000 businesses.
According to the 2005 FBI Computer Crime Survey, 87 percent of the organizations polled acknowledged they'd suffered some kind of security attack during the year. One of five admitted that they'd been victimized by 20 or more attacks.
Most of the companies nailed by a security attack has been hit with either a virus or a piece of spyware, with more advanced types of attacks -- port scans and data sabotage -- occurred much less frequently.
In fact, added the FBI's report, the low number of port scans may indicate an undercount of security events. "Port scans being at only 33 percent is a strong indicator that many respondents are not detecting the almost unavoidable port scans most networks experience. This may imply that even the 5,389 reported computer security incident types indicated by individual organizations may be significantly lower than the actual number."
Other key findings of the report showed that a 64 percent majority felt some kind of financial pain, with the average cost totally more than $24,000. Cleaning up after virus attacks was the costliest burden for the sampled companies; of the $31.7 million in expenses for all events, $11.9 million was spent on virus attacks.
The survey, which differs from the more widely publicized annual CSI/FBI Computer Crime and Security Survey run by the Computer Security Institute and the FBI, is a new venture for the agency, and said Special Agent Bruce Verduyn, who administered the poll, a more thorough survey.
"We surveyed about three times as many organizations and focused more on new technologies, where attacks originated, and how organizations responded," he said.
The survey can be downloaded in PDF format from the FBI's Web site.