Crime Report

"The 2005 FBI Computer Crime Survey should serve as a wake up call to every company in America."

Frank Abagnale * Author and subject of 'Catch Me if You Can' * Abagnale and Associates

"This computer security survey eclipses any other that I have ever seen. After reading it, everyone

should realize the importance of establishing a proactive information security program."

Kevin Mitnick * Author, Public Speaker, Consultant, and Former Computer Hacker * Mitnick Security Consulting

2005 FBI

Computer Crime Survey

www.fbi.gov/publications/ccs2005.pdf

Introduction 1

Key Findings 1

About the Questions 2

About the Recipients/Respondent . 2

About the Methodology 2

Survey Results . 3-15

About the Analysis . 16

Using the Survey Statistics/Content . . . . . . . . . . . . . . . 16

About the Contributors . 17

Contact Information 17

Table of Contents

2005 FBI Computer Crime Survey

The 2005 FBI Computer Crime Survey addresses one of the highest priorities in the

Federal Bureau of Investigation. These survey results are based on the responses of

2066 organizations. The purpose of this survey is to gain an accurate understanding

of what computer security incidents are being experienced by the full spectrum of

sizes and types of organizations within the United States. The 23-question survey

addressed a wide variety of issues including: computer security technologies used,

security incident types, and actions taken, as well as emerging technologies and trends

such as wireless and biometrics. The survey was conducted in four states including

Iowa, Nebraska, New York, and Texas and was performed by the corresponding FBI

offices in those areas. The survey was conducted in such a way that recipients could

respond anonymously.

This survey is not to be confused with the CSI/FBI Computer Crime and Security

Survey, which has been conducted for several years, and has a somewhat different

focus, method, and restricted number of respondents.

KEY FINDINGS:

* There are a variety of computer security technologies that organizations are increasingly investing

in to combat the relentless, evolving, sophisticated threats, both internal and external. Despite

these efforts, well over 5,000 computer security incidents were reported with 87% of respondents

experiencing some type of incident.

* In many of the responding organizations, a common theme of frustration existed with the nonstop

barrage of viruses, Trojans, worms, and spyware.

* Although the usage of antivirus, antispyware, firewalls, and antispam software is almost

universal among the survey respondents, many computer security threats came from within the

organizations.

* Of the intrusion attempts that appeared to have come from outside the organizations, the most

common countries of origin appeared to be United States, China, Nigeria, Korea, Germany,

Russia, and Romania.

* An overwhelming 91% of organizations that reported computer security incidents to law

enforcement were satisfied with the response of law enforcement.

* Almost 90% of respondents were not familiar with the InfraGard (www.infragard.net) organization

that is a joint effort by the FBI and industry to educate and share information related to threats to

U.S. infrastructure.

* The survey respondents were very interested in being better informed on how to prevent computer

crimes. Over 75% of respondents voiced a desire to attend an informational session hosted by

their local FBI office.

DETAILED FINDINGS:

About the Questions:

The 2005 FBI Computer Crime Survey is unique in that the questions were compiled based on input

from a large number and variety of organizations. Input for the questions was provided by both a large

number of Special Agent computer intrusion investigators, supervisors, and Investigative Analysts

within the FBI, as well as a variety of computer security professionals within the computer security

and digital forensics communities. For the purposes of this survey, Computer Security Incident is

defined as: Any real or suspected adverse event in relation to the security of computer systems or

computer networks.

About the Recipients/Respondents:

Approximately 24,000 organizations received the 2005 FBI Computer Crime Survey. These recipients

were from 430 different cities (with populations ranging from less than 1,000 to New York City, with a

population of more than 8 million) from four states: Iowa, Nebraska, New York and Texas.

About The Methodology:

...