Skip to main content

CSI : Computer Crime & Security Survey 2011

May 30, 2012

Every year the Computer Security Institute furnishes the Computer Crime & Security Survey.The purpose of this survey is to gain insight into the challenges survey respondents face throughout the year.This year there were over 350 respondents from the most common verticals, (Financial, Government, Education, Medical, and Hospitality).While we have only outlined what we feel are the relevant findings from this survey that apply to Hospitality, we encourage all of our clients to read the entire survey as it contains a wealth of beneficial information.

This year, for the first time, the Data Breach Investigations Report (DBIR) also incorporates a case database obtained from the U.S. Secret Service, which is listed as a co-sponsor of the report. Perhaps the most salient feature of the demographics here is that the entire sample comes from organizations that have suffered major data breaches. Given that banks are where the money is, it’s not surprising to learn that the case load heavily tilts toward financial institutions, with 33 percent of cases, followed by 23 percent in the hospitality industry. That over half of the cases come from just two industries, though, may well seem problematic if one is trying to get a sense of the general level and nature of threat to enterprise network.

Last year, 43.2 percent of respondents stated that at least some of their losses were attributable to malicious insiders, but non-malicious insiders were clearly the bigger problem, with 16.1 percent of respondents estimating that nearly all their losses were due to non-malicious actors. More broadly, non-malicious insiders were clearly responsible for more loss than malicious ones, but even more to the point, there was clearly a great deal of loss that was not due to insiders at all.

This year’s data is consistent with last year’s. In keeping with the notion that more than half of losses are not due to malicious insiders, the percentage of respondents reporting no losses due to malicious insiders edged up to 59.1 percent. 87.1 percent of respondents said that 20 percent or less of their losses should be attributed to malicious insiders. 66.1 percent of respondents said that 20 percent or less of their losses were attributed to non-malicious insiders.

64% of respondents feel that compliance requirements have improved their Security Program.  Also, 45% deployed new technology because of compliance and 32% responded that over security budget increased.

*Please note, all findings have been taken from 2011 CSI Computer Crime & Security Survey

Related Blogs

November 16, 2010

Is Cloud Computing a Security Concern | Optiv

Before cloud computing had even gotten off the ground, people were talking about the security implications of computing in the cloud. When you step do...

See Details

November 13, 2012

Owning Computers Without Shell Access

Consultants often upload and execute a binary payload to a remote system during penetration tests for the purpose of footprinting the target, gatherin...

See Details

July 24, 2014

ISCSI: What is Internet Small Computer System Interface?

As greater numbers of large and midsized enterprises are faced with accessing/transmitting ever larger data streams over greater distances/multiple po...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.