A new survey shows the difficulty of measuring the extent of computer break-ins, apparently because companies are reluctant to disclose whether they have been victimized.
The survey being released today had been sent to members of the Computer Security Institution, a San Francisco-based association of information security professionals. Only 428 responses were received out of 4,971 questionnaires sent out.
The low response rate means results are not statistically meaningful, said Ann Kalinowski, a statistician with Failure Analysis Associated in Menlo Park, Calif.
More than a third of those who did answer said their computer system had experienced some form of intrusion or unauthorized use within the last 12 months; half the attacks were inside jobs.
However, those figures would not reflect intrusions that are not detected or not reported - or the possibility that those who did not respond to the survey have higher or lower rates of computer break-ins.
Few respondents said they would report to law enforcement agencies if they thought they had been victimized; most cited fear of negative publicity.
“If that’s accurate, it causes considerable concern,” said FBI spokesman George Grotz. That tells us we’ve got to do a better job of educating the public as to our responsibilities. It’s a wake-up call.”
The FBI’s International Computer Crime Squad’s San Francisco office helped write the survey, which Grotz defended as a “first step” despite its imprecision.
“A lot of computer crime and fraud goes undetected or unreported,” said Fred J. Rica of Price Waterhouse LLP’s information system risk management group in Morristown, N.J. “Companies are very hesitant to publish figures saying, ‘Yeah, we’ve been hit for X number of dollars.”’
A separate survey also being released for publication today makes another attempt to estimate the number of U.S. adults who use the Internet.
The Harris Survey said its nationwide poll in late April indicated 33 million adults use an on-line service, 41 million use electronic mail and 29 million use the Internet. But some researchers believe such polls measure too liberally by allowing the respondent to define what “using a computer” entails.