U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

US Cybercrime: Rising Risks, Reduced Readiness Key Findings from the 2014 US State of Cybercrime Survey

NCJ Number
247521
Date Published
June 2014
Length
21 pages
Annotation
Based on a survey of approximately 500 executives of U.S. businesses, law enforcement services, and government agencies, this study assesses current cyber-security measures against current and evolving adversaries, threats, and known attacks across the "digital ecosystems" of private and public organizations.
Abstract
The conclusion from the survey is that most U.S. organizations' cyber-security systems and programs are not sufficient to withstand the persistence, tactical skills, and technological knowledge of the adversaries determined to invade and exploit the data systems of U.S. public and private cyber systems and operations for their own ends. Nation-states and other criminals are continually and rapidly updating their tactics in order to combat advances in security safeguards implemented by businesses and government agencies. Survey findings indicate that U.S. organizations have done little to invest strategically in cyber-security in relation to the overall business or agency strategy. Cyber-security spending will be most productive when the allocation of resources is based on specific business risks. Only 38 percent of survey respondents reported they have a methodology to prioritize security investments based on greatest risk and impact on the organization's business strategy. Cyber-security programs should also be designed with flexibility that enables an organization to address cyber threats quickly as they multiply and evolve. The survey found that many organizations fail to invest in the personnel and process capabilities that enable a rapid identification and response to prevent and mitigate threats. Funding for cyber-security must focus on data analytics that enable cyber-security personnel to identify patterns in anomalous network behavior and to have the resources of knowledge and funding to act quickly and effectively. This report outlines the best practices and standards for cyber-security of the National Institute of Standards and Technology (NIST).