A recent research study by the Australian Institute of Criminology asked businesses to estimate how many computer security incidents they had experienced during the 2007 financial year (Richards 2009). The Australian Business Assessment of Computer User Security (ABACUS) survey defined a computer security incident as any unauthorised use, damage, monitoring attack or theft of your business information technology. A single computer security incident that affected multiple machines was counted as one incident. Business size was found to be associated with the number of computer security incidents experienced. A majority of small businesses (those with 0–19 employees), medium businesses (20–199 employees) and large businesses (more than 200 employees) reported experiencing no computer security incidents. A greater proportion of large businesses experienced one to five, six to 10 and more than 10 incidents than did medium businesses. In turn, a greater proportion of medium businesses than small businesses experienced one to five, six to 10 and more than 10 computer security incidents.
Number of computer security incidents experienced, by business size (percent)
Source: Australian Institute of Criminology, ABACUS 2008 [computer file, weighted data]
- Richards K 2009. The Australian business assessment of computer user security: a national survey. Research and public policy series no. 102. Canberra: Australian Institute of Criminology. http://www.aic.gov.au/publications/rpp/102/index.html