The Computer Security Institute has released its annual Computer Crime and Security Survey. The survey indicates that insider threats do not cause as much damage in a security breach as previously thought.

The report indicates that insider attacks are now the #1 most common cause of security incidents - 60% of respondents have experienced insider-related issues in the past year. Viruses previously topped the list of security incidents.

Company losses due to cybercrime have doubled over the past year, so the cost of poor security is increasing. However, despite the predominance of insider-related issues, they only account for 20% of losses.

In 16% of cases, cybercrime costs exceeded 60% of losses; in 5%, cybercrime costs exceeded 80% of losses. There is a good deal of variability in the costs of cybercrime. Most likely, this is due to the fact that data breaches vary widely.

The biggest red flag in the survey was in regard to compliance:

Some 30 percent of respondents stated that, despite new laws concerning breach disclosure, they experienced at least one incident that was never reported outside the organization. Only 29 percent reported incidents to law enforcement agencies.

The fact that breach notification is being overlooked, despite compliance laws designed to prevent it, is quite disconcerting.

Twenty-six percent said they did not report their incidents to law enforcement because of fears of negative publicity. Twenty-two percent said they believed law enforcement would be unable to help them, and 14 percent said they feared their competitors would use the breach reports to their advantage.

Via Dark Reading Tags: it security, business security, data breach, compliance, security compliance, data breach notification