CSI, FBI Report On Virus Attacks And Financial Losses

* Companies resist reporting computer crimes. The percentage of organizations reporting computer intrusions to law enforcement has reversed its multi-year decline, standing at 25 percent as compared with 20 percent in the previous two years.

* Government mandates and compliance issues continue to be a hot topic within the IT department. The impact of the Sarbanes-Oxley Act on information security remains substantial. In fact, in open-ended comments, respondents noted that regulatory compliance related to information security is among the most critical security issues they face.

* Security outsourcing is not as prevalent within U.S. companies. Despite talk of increasing outsourcing, the survey results related to outsourcing are similar to those reported for the last two years and indicate very little outsourcing of information security activities. Sixty-three percent of the respondents indicated that their organizations do not outsource any computer security functions. Among those organizations that do outsource some computer security activities, the percentage of security activities outsourced is rather low.

* IT groups want to educate and train internally to mitigate security risks. Once again, the vast majority of the organizations view security awareness training as important. In fact, there is a substantial increase in the respondents' perception of the importance of security awareness training. On average, respondents from most sectors do not believe their organization invests enough in this area.