8 June 2009 – Embargoed until Tuesday 9 June 2009.
Media Release
Australian businesses exposed to computer security breaches
Computer security breaches affected 14 percent of Australian businesses in 2007 at a cost
of more than $600 million, according to the latest report from the Australian Institute of
Criminology (AIC).
The Australian Business Assessment of Computer User Security (ABACUS) report was
released today (Tuesday) to coincide with the Australian Federal Police’s High Tech Crime
Conference in Sydney.
AIC Principal Criminologist Dr Russell Smith said the report was based on a national survey
of 4,000 small, medium and large businesses conducted by the Institute to determine their
experience of computer security incidents.
“The cost of computer security incidents for Australian businesses in 2007 was estimated at
between $595 million and $649 million, while businesses spent as much as $1.95 billion on
computer security measures,” Dr Smith said.
Eight-five percent of businesses reported using one or more computer security tools, usually
a type of anti-virus software.
The survey showed 13 percent of small businesses, 20 percent of medium businesses and
30 percent of large businesses were affected by a computer security breach.
The average loss due to computer security incidents during 2006-07 was $360 for small
businesses, $2,757 for medium businesses and $17,578 for large businesses.
The most commonly reported type of computer security incident involved viruses and
malicious code attacks (64%). Of those businesses affected, 40 percent reported corruption
of hardware or software. The majority of businesses dealt with these incidents internally, with
only eight percent reporting them to police.
Businesses reported that their computer security breaches were generally opportunistic
rather than targeted. The report also highlighted the need to minimise the incidence of
personal data being stolen for use in other offences.
AIC media contact: Scott Kelleher. Telephone: 02 6260 9244; Mobile: 0418 159 525.
NEWS 
