Choose from any of our reports and we will be happy to send it/them to you via email at no cost.

The State of Computer Security

Internal Threat Rises to the Top

Two recently released computer and information security surveys provide data on the subject:

  1. The 2007 Global State of Information Security survey by CIO and CSO magazines in conjunction with PricewaterhouseCoopers
  2. The 2007 CSI Computer Crime and Security Survey by the Computer Security Institute, with input from the FBI

Some key points from the surveys:

Losses are Greater in Size

The average size of the loss suffered due to a breach is up, after declining for several years. However, average size remains low relative to very high levels in 2001 and 2002 before companies had widely adopted security measures.

More Attacks are Targeted Attacks

This may account for the new increase in loss size as perpetrators go after specific targets rather than random hacking.

The Insider Threat Continues to Rage

It has been common wisdom for several years that insiders (employees and former employees) constitute the greatest threat. This has been confirmed in surveys over the years, and it striking in its clarity in these two 2007 surveys. Insiders are a far greater risk than hackers from outside, due to their access to systems and information, and in the case of disgruntled ex-employees , due to motive.

In fact it is now becoming clear that the $7 billion trading loss suffered by French company Societe Generale in 2007 was enabled by a security breach, in that the employee had access to areas of the network he should not have had.

More Companies are Getting Serious About Security

57% of respondents to the CIO survey reported having an overall security strategy, as opposed to only 37% in 2004.

We will address the state of the insurance market for computer and data security in a follow-up bulletin.

 

May 08, 2008

Licata Risk Licata Risk & Insurance Advisors, Inc.
137 South Street, Second Floor
Boston, MA 02111-2848
617-451-2140     [email protected]
LicataRisk Advisors is an independent risk management and insurance consulting firm. We are not brokers and we do not sell insurance. We are not connected to any insurance company or product in any way and do not receive commissions. This is an important difference as you will have an expert on your side who is only committed to you.

Licata Risk is not a law firm and does not practice law. General advice and contract input by the consultants, including those who are attorneys, is to provide insight into the risk and insurance aspects. Your attorney should be the final authority on any legal matter.