U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Australian Business Assessment of Computer User Security: A National Survey

NCJ Number
227650
Author(s)
Kelly Richards
Date Published
2009
Length
119 pages
Annotation
This report presents the main findings from the first large-scale survey of businesses in Australia in order to determine the prevalence and nature of their computer security incidents.
Abstract
Of the 4,000 Australian businesses that responded to the Australian Business Assessment of Computer User Security (ABACUS) survey (29-percent response rate), 14 percent of businesses with information technology experienced 1 or more computer security incidents during the 12-month period between July 1, 2006 and June 30, 2007. Twelve percent experienced 1 to 5 incidents; 1 percent had 6 to 10 incidents; and 1 percent experienced more than 10 incidents. The number of security incidents experienced was related to the size of the business, with large businesses reporting the most incidents. Businesses with a high annual turnover had a greater proportion of incidents compared with businesses having a low annual turnover of personnel. Across business sectors, the proportion of computer security incidents was similar. Regarding the nature of the computer security incidents experienced, the highest proportion involved a virus or other malicious code, with 64 percent of victimized businesses having this type of incident. Eleven percent of the businesses experienced one or more computer security incidents that originated from within the organization. Similar proportions of businesses in each type of sector experienced each type of security incident. The most common effect of computer security incidents was the corruption of hardware or software, with 40 percent of victimized businesses having this type of adverse effect. The most common response for dealing with the most significant computer security breach was to address it internally. Only 8 percent of the victimized businesses reported an incident to the police. Eighty-five percent of businesses that reported using information technology had one or more computer security tools, with the most common being antivirus software. 43 tables, 31 figures, 62 references, and appended description of the survey methodology