ARMONK, NY - 14 Mar 2006: Nearly 60 percent of U.S. businesses believe that cybercrime is more costly to them than physical crime, reports a recent IBM survey of companies in the healthcare, financial, retail and manufacturing industries. The costs resulting from cybercrime, these businesses report, are primarily from lost revenue, loss of current and prospective customers and loss of employee productivity.
Surveying 600 CIOs or other individuals qualified to answer questions about their company's IT practices, the IBM survey reveals that 84 percent of IT executives of U.S. businesses believe that organized criminal groups possessing technical sophistication are replacing lone hackers in the world of cybercrime. The threat from unprotected systems in developing countries is a growing challenge, according to almost three-quarters of respondents. And, alarmingly, almost three-quarters (74%) perceive that threats to corporate security are now coming from inside the organization.
These views come as a majority of respondents (61%) believe it is the joint responsibility of both the Federal and local law enforcement agencies to help combat organized cybercrime. These responses by businesses are in stark contrast to consumer beliefs. A recent IBM survey of consumers showed that 53 percent of Americans hold themselves most responsible for protecting themselves from cybercrime, while 11 percent felt it was the job of federal law enforcement agencies, and only four percent hold local law enforcement agencies responsible.
"U.S. IT executives are making it very clear how seriously they take cybercrime threat, both from internal and external sources," said Stuart McIrvine, director of IBM's security strategy. "Paralleling their growing awareness of the impact of cybercrime on their business is the view that this is not a battle they can fight wholly on their own. The nature of crime is changing, and businesses, technology providers and law enforcement must work together to ensure the right safeguards are being put in place to securely operate in today's environment."
In light of the growing threat of cybercrime, many companies have increased their security measures to guard against cybercrime. According to the IBM survey, 83 percent of U.S. organizations believe they have safeguarded themselves against organized cybercrime, and they are responding to the increased/changing threat of cybercrime in a number of ways:
When asked which two initiatives were the most important to undertake over the course of the next year, IT business executives in the U.S. indicated upgrading their virus software (39%) and upgrading their firewall (32%) were of highest priority.
How the Industries Differ
IT executives in the Finance industry tend to be more concerned than their counterparts in other industries about the threat of cybercrime versus physical crime (50% cite it as a bigger threat versus 38% of the total surveyed). Respondents in Finance also perceive a greater cost impact from cybercrime than IT executives in other industries (71% versus 57%). The Healthcare and Manufacturing industries also find cybercrime to be more costly to their organization than physical crime, while the Retail industry still sees physical crime as having the greatest cost impact.
Retail respondents cite loss of revenue as having the greatest cost impact associated with cybercrime. Healthcare and Finance executives believe loss of prospective customers has a greater impact than do their counterparts in Retail and Manufacturing. Manufacturing respondents view damage to brand/reputation as far more of a concern (52%) than in the Healthcare (40%), Financial (35%), and Retail (32%) segments.
IBM conducted the same survey in 16 additional countries to better gauge the attitudes regarding cybercrimes and their impact on international businesses. Both cybercrime and physical crime are viewed as considerable threats to U.S. and international organizations. And, when it comes to cost impact, both groups agree that cybercrime (57% of U.S. and 58% of international businesses) is more costly to their organizations than physical crime (43% and 42%, respectively).
However, while 83 percent of U.S. businesses boast that they have adequate safeguards in place to combat organized cybercrime, their international counterparts are not so confident, with just over half (53%) indicating they are prepared.
In combating cybercrime, there are some slight differences between U.S. and international IT business executives regarding their priority initiatives. The top two initiatives for U.S. businesses are upgrading their virus software (39% versus 24% of international businesses) and upgrading their firewall (32%). For international businesses, implementing intrusion detection/prevention technologies (33% versus 20% of U.S. businesses) and upgrading their firewall (27%) were the highest priorities. Just seven percent of U.S. businesses thought increasing the encryption of their files was a high priority while almost one-fifth (18%) of the international community thought this to be a higher priority.
The U.S. and international business community share the same concerns when it comes to the key costs associated with cybercrime. Both groups indicated that loss of revenue (63% U.S. versus 74% international) and loss of current customers (56% U.S. versus 70% international) would have the highest cost impact should their organization fall victim to a cybercrime. Damage to their brand/reputation is of much higher concern to international businesses than those in the U.S. Over two-thirds (69%) of international businesses cited this to be a key cost associated with cyber-crime, compared to only 40 percent of U.S. businesses. Conversely, legal fees are considered to be a key cost in the U.S. (33%) while of less concern internationally (19%). U.S. businesses are equally concerned about the loss of their current and prospective customers (56% for each) compared to the international community which is more concerned with losing current customers (70%) and less concerned about losing prospective customers (33%).
Methodology: Braun Research, Inc. conducted the survey on behalf of IBM. A total of 601 telephone interviews were conducted with U.S. businesses in the healthcare, financial, retail and manufacturing industry sectors during the period of December 2005 to January 2006, and 2,401 international businesses in sixteen countries (China, UK, India, Russia, Poland, Czech Republic, Germany, Spain, Italy, France, Argentina, Brazil, Australia, Mexico, Japan, and Canada) during January 2006. Eligible respondents were at the CIO level, a VP or higher reporting directly into a CIO, or other individuals who were well-versed and qualified to answer questions about their company's IT practices. The survey was fielded at the 95 percent confidence level with a margin of error of +/-2 percent for the global results and +/-8% for the U.S. results.
Chemistry, computer science, electrical engineering, materials and mathematical sciences, physics and services science