Motivações

Total annual losses from security intrusions reported in the 2003 survey were about $202 million, down 56 percent from the $455 million reported last year. That's the first year-to-year decline in financial losses since 1999.

Motivating Factors click to enlarge

The most common causes of financial loss are theft of proprietary information and denial of service (DoS) attacks. With a DoS attack, the cost is primarily the loss of business during an outage, plus the costs of recovery and preventing similar attacks.

The CSI-FBI report cautions that the risk of security attacks continues to be high. In addition, the percentage of security incidents reported to law enforcement agencies remains low, at 30 percent. The InformationWeek survey found that 56 percent of organizations notify any agencies or organizations after a security incident, up only slightly from 53 percent in last year's survey and down from 60 percent in 2001.

Whether to report an incident often depends on the severity of the breach, Willis' Tomlinson says. Companies mostly report major incidents involving theft or destruction of data, or other monetary losses, he says. Many companies are reluctant to report security breaches because of the negative publicity it could generate, Tomlinson says, and because the company is ultimately responsible for its own security.

"You don't want to hang a sign out saying you messed up," he says.