Australian Institute of Criminology

Skip to content

Australian businesses exposed to computer security breaches

Media Release

09 June 2009

Computer security breaches affected 14 percent of Australian businesses in 2007 at a cost of more than $600 million, according to the latest report from the Australian Institute of Criminology (AIC).

The Australian Business Assessment of Computer User Security (ABACUS) report was released today to coincide with the Australian Federal Police's High Tech Crime Conference in Sydney.

AIC Principal Criminologist Dr Russell Smith said the report was based on a national survey of 4,000 small, medium and large businesses conducted by the Institute to determine their experience of computer security incidents.

"The cost of computer security incidents for Australian businesses in 2007 was estimated at between $595 million and $649 million, while businesses spent as much as $1.95 billion on computer security measures," Dr Smith said.

Eight-five percent of businesses reported using one or more computer security tools, usually a type of anti-virus software.

The survey showed 13 percent of small businesses, 20 percent of medium businesses and 30 percent of large businesses were affected by a computer security breach.

The average loss due to computer security incidents during 2006-07 was $360 for small businesses, $2,757 for medium businesses and $17,578 for large businesses.

The most commonly reported type of computer security incident involved viruses and malicious code attacks (64%). Of those businesses affected, 40 percent reported corruption of hardware or software. The majority of businesses dealt with these incidents internally, with only eight percent reporting them to police.

Businesses reported that their computer security breaches were generally opportunistic rather than targeted. The report also highlighted the need to minimise the incidence of personal data being stolen for use in other offences.

AIC media contact: Scott Kelleher, Tel: 02.6260 9244; m: 0418 159525.