Back in 2010, the Obama administrations initiated a top-to-bottom assessment of federal cyber security policies. The results, which were published in a report titled, “Cyberspace Policy Review,” sparked the creation of a federal cybersecurity office.
Initiation of new federal cyber security policies are being directed by a series of documents, also created as a result of the Cyberspace Policy Review. Among those is the National Initiative for Cybersecurity Education (NICE). Apart from directing how federal resources will be coordinated and tactical operation plans will be supported, NICE reflects the Whitehouse’s larger agenda for across-the-board cybersecurity education. NICE describes cybersecurity as “much more than technological solutions to technical problems; it is also highly dependent on educated users who are aware of and routinely employ sound practices when dealing with cyberspace.”
Now four years later, a few questions remain. Have White House cybersecurity education initiatives become widespread, standardized, and effective enough to have negated, or at least dulled imminent threats of cyber crime? That is perhaps too thorny and complex a question to fully address here. But the statistics on cybercrime tell a tale that is well … whatever the white-collar word is for grim.
In 2005 the U.S. Bureau of Justice released its first ever report on cybercrime attacks against businesses. Of the 7,818 business that participated in the study, 67 percent detected at least one incident of cybercrime that year. Greater than 80 percent of victimized businesses detected multiple incidents. Half of victimized businesses detected 10 or more incidents. Nearly 70 percent of cyber theft victims sustained losses of $10,000 or more, and cyber theft is just one cybercrime category. One third of victims of other types of cybercrime also suffer losses greater than $10,000 (now rivaling more traditional crime, soon to surpass).
In total, cybercrimes cost those businesses that participated in the study $867 million in 2005. And according to the U.S. Department of Justice, the majority of businesses did not report cybercrime attacks to law enforcement.
Compare those statistics to what is being reported from 2013. A recent study of 60 companies conducted by Ponemon Institute concluded that the average number of successful attacks experienced by those 60 companies averaged two per week, which would exceed 100 attacks annually. And the average annualized cost of cybercrime for those 60 businesses was $11.6 million. The range on that averages was pretty broad, but one interesting point was that smaller businesses tend to experience far greater per capita losses.