Choose from any of our reports and we will be happy to send it/them to you via email at no cost.

    The State of Computer Security

    Internal Threat Rises to the Top

    Two recently released computer and information security surveys provide data on the subject:

    1. The 2007 Global State of Information Security survey by CIO and CSO magazines in conjunction with PricewaterhouseCoopers
    2. The 2007 CSI Computer Crime and Security Survey by the Computer Security Institute, with input from the FBI

    Some key points from the surveys:

    Losses are Greater in Size

    The average size of the loss suffered due to a breach is up, after declining for several years. However, average size remains low relative to very high levels in 2001 and 2002 before companies had widely adopted security measures.

    More Attacks are Targeted Attacks

    This may account for the new increase in loss size as perpetrators go after specific targets rather than random hacking.

    The Insider Threat Continues to Rage

    It has been common wisdom for several years that insiders (employees and former employees) constitute the greatest threat. This has been confirmed in surveys over the years, and it striking in its clarity in these two 2007 surveys. Insiders are a far greater risk than hackers from outside, due to their access to systems and information, and in the case of disgruntled ex-employees , due to motive.

    In fact it is now becoming clear that the $7 billion trading loss suffered by French company Societe Generale in 2007 was enabled by a security breach, in that the employee had access to areas of the network he should not have had.

    More Companies are Getting Serious About Security

    57% of respondents to the CIO survey reported having an overall security strategy, as opposed to only 37% in 2004.

    We will address the state of the insurance market for computer and data security in a follow-up bulletin.


    May 08, 2008

    Licata Risk Licata Risk & Insurance Advisors, Inc.
    265 Franklin Street
    Suite 1702
    Boston, MA 02110
    617-451-2140   advice@licatarisk
    501 East Las Olas Boulevard
    Suite 300/200
    Fort Lauderdale, FL 33301
    LicataRisk Advisors is an independent risk management and insurance consulting firm. We are not brokers and we do not sell insurance. We are not connected to any insurance company or product in any way and do not receive commissions. This is an important difference as you will have an expert on your side who is only committed to you.

    Licata Risk is not a law firm and does not practice law. General advice and contract input by the consultants, including those who are attorneys, is to provide insight into the risk and insurance aspects. Your attorney should be the final authority on any legal matter.