Crime Report

“The 2005 FBI Computer Crime Survey should serve as a wake up call to every company in America.”

Frank Abagnale • Author and subject of ‘Catch Me if You Can’ • Abagnale and Associates

“This computer security survey eclipses any other that I have ever seen. After reading it, everyone

should realize the importance of establishing a proactive information security program.”

Kevin Mitnick • Author, Public Speaker, Consultant, and Former Computer Hacker • Mitnick Security Consulting

2005 FBI

Computer Crime Survey

www.fbi.gov/publications/ccs2005.pdf

Introduction 1

Key Findings 1

About the Questions 2

About the Recipients/Respondent . 2

About the Methodology 2

Survey Results . 3-15

About the Analysis . 16

Using the Survey Statistics/Content . . . . . . . . . . . . . . . 16

About the Contributors . 17

Contact Information 17

Table of Contents

2005 FBI Computer Crime Survey

The 2005 FBI Computer Crime Survey addresses one of the highest priorities in the

Federal Bureau of Investigation. These survey results are based on the responses of

2066 organizations. The purpose of this survey is to gain an accurate understanding

of what computer security incidents are being experienced by the full spectrum of

sizes and types of organizations within the United States. The 23-question survey

addressed a wide variety of issues including: computer security technologies used,

security incident types, and actions taken, as well as emerging technologies and trends

such as wireless and biometrics. The survey was conducted in four states including

Iowa, Nebraska, New York, and Texas and was performed by the corresponding FBI

offices in those areas. The survey was conducted in such a way that recipients could

respond anonymously.

This survey is not to be confused with the CSI/FBI Computer Crime and Security

Survey, which has been conducted for several years, and has a somewhat different

focus, method, and restricted number of respondents.

KEY FINDINGS:

• There are a variety of computer security technologies that organizations are increasingly investing

in to combat the relentless, evolving, sophisticated threats, both internal and external. Despite

these efforts, well over 5,000 computer security incidents were reported with 87% of respondents

experiencing some type of incident.

• In many of the responding organizations, a common theme of frustration existed with the nonstop

barrage of viruses, Trojans, worms, and spyware.

• Although the usage of antivirus, antispyware, firewalls, and antispam software is almost

universal among the survey respondents, many computer security threats came from within the

organizations.

• Of the intrusion attempts that appeared to have come from outside the organizations, the most

common countries of origin appeared to be United States, China, Nigeria, Korea, Germany,

Russia, and Romania.

• An overwhelming 91% of organizations that reported computer security incidents to law

enforcement were satisfied with the response of law enforcement.

• Almost 90% of respondents were not familiar with the InfraGard (www.infragard.net) organization

that