Case Studies | News & Reports | Global Risk | About Us | Contact Us | Home

News & Reports Archives

May 8, 2008

THE STATE OF COMPUTER SECURITY
Internal Threat Rises to the Top

Two recently released computer and information security surveys provide data on the subject:

	1.	The 2007 Global State of Information Security survey by CIO and CSO magazines in conjunction with PricewaterhouseCoopers
	2.	The 2007 CSI Computer Crime and Security Survey by the Computer Security Institute, with input from the FBI

Some key points from the surveys:

Losses are Greater in Size
The average size of the loss suffered due to a breach is up, after declining for several years.  However, average size remains low relative to very high levels in 2001 and 2002 before companies had widely adopted security measures.

More Attacks are Targeted Attacks
This may account for the new increase in loss size as perpetrators go after specific targets rather than random hacking. 

The Insider Threat Continues to Rage
It has been common wisdom for several years that insiders (employees and former employees) constitute the greatest threat. This has been confirmed in surveys over the years, and it striking in its clarity in these two 2007 surveys.  Insiders are a far greater risk than hackers from outside, due to their access to systems and information, and in the case of disgruntled ex-employees , due to motive.

In fact it is now becoming clear that the $7 billion trading loss suffered by French company Societe Generale in 2007 was enabled by a security breach, in that the employee had access to areas of the network he should not have had.

More Companies are Getting Serious About Security
57% of respondents to the CIO survey reported having an overall security strategy, as opposed to only 37% in 2004.

We will address the state of the insurance market for computer and data security in a follow-up bulletin.

                                                                       
For more information, or to attend, contact Debora Wu, at DWu@LicataRisk.com

News & Reports Archives

More News

May 8, 2008 THE STATE OF COMPUTER SECURITY

February 1, 2008 TERRORISM PROGRAM RENEWED

November 27, 2007 GLOBAL WARMING PANEL IN BOSTON RAISES KEY ISSUES

October 19, 2007 GLOBAL WARMING SYMPOSIUM

August 29, 2007 HURRICANE DEAN AN OMEN?

April 25, 2007 WHO'S LIABLE FOR PET FOOD CONTAMINATION-THE RISK OF PRODUCT LIABILITY

Reports

Fall 2005 INTERNATIONAL RISK MANAGEMENT
 
Spring 2004 EMPLOYMENT LAW MORPHS INTO A MONSTER

Fall 2004 INSURANCE BROKER SUED BY NEW YORK ATTORNEY GENERAL

Summer 2004 UNDERSTANDING THE DYNAMICS OF THE INSURANCE MARKET

Winter 2004 WORLD TRADE CASE UNVEILS INNER WORKINGS OF INSURANCE BROKER

 Fall 2003 A RISK MANAGEMENT APPROACH CFOs (AND THEIR ACCOUNTANTS) CAN LOVE

Summer 2003 PRESERVING COVERAGE FOR INNOCENT INSUREDS

Spring 2003 LEAVING TERRORISM COVERAGE ON THE TABLE

Winter 2003 COMPUTER SECURITY IS NOT A BLACK HOLE

Fall 2002 "LET'S BE CAREFUL OUT THERE

Spring/Summer 2002 WHAT WARREN BUFFET KNOWS ABOUT INSURANCE COMPANY FINANCIALS

Spring 2002 OPPORTUNITIES ABOUND IN DEVELOPMENT OF CONTAMINATED PROPERTIES

Winter 2001 "YOU CAN'T PAY US THIS MONTH? WHAT DO YOU MEAN 'NEW DEVELOPMENTS?"

Fall 2001 WORLD TRADE TERRORISM -- REPERCUSSIONS FOR INSURANCE MARKET

Summer 2001 ENERGY AVAILABILITY: CURRENT REALITY OR FOND MEMORY?

Spring 2001 "HOLD THAT BALLOT UP TO THE LIGHT"