CSI/FBI 2007, 2009, 2010/11Key findings

2009

2009

2010/2011 Key Findings

As was the case last year, this year’s survey covered a midyear-to-midyear period, from July 2009 through June 2010. Malware infection continued to be the most commonly seen attack, with 67.1 percent of respondents reporting it.

Respondents reported markedly fewer financial fraud incidents than in previous years, with only 8.7 percent saying they’d seen this type of incident during the covered period.

Of the approximately half of respondents who experienced at least one security incident last year, fully 45.6 percent of them reported they’d been the subject of at least one targeted attack.

Fewer respondents than ever are willing to share specific information about dollar losses they incurred. Given this result, the report this year does not share specific dollar figures concerning average losses per respondent. It would appear, however, that average losses are very likely down from prior years.

Respondents said that regulatory compliance efforts have had a positive effect on their security programs.

By and large, respondents did not believe that the activities of malicious insiders accounted for much of their losses due to cybercrime. 59.1 percent believe that no such losses were due to malicious insiders. Only 39.5 percent could say that none of their losses were due to non-malicious insider actions.

Slightly over half (51.1 percent) of the group said that their organizations do not use cloud computing. Ten percent, however, say their organizations not only use cloud computing, but have deployed cloud-specific security tools.

Key Findings