Organisations that want to survive in the coming years need to develop a comprehensive approach to information security

Patrice Rapalus, Computer Security Institute

As in previous years, the most serious financial losses occurred through theft of proprietary information.

"Theft of trade secrets takes place despite the presence of encryption," said Patrice Rapalus, director of the Computer Security Institute.

Virtually all the organisations had been attacked by computer viruses last year.

But one of the most common forms of attack was one of the least damaging.

Some 90% of organisations said they had been victims of website defacements in 2001, a rise from 64% in the previous year.

Another common breach was employees abusing their internet privileges, such as downloading pornography or pirated software.

"Net abuse flourishes despite corporate edicts against it," said Patrice Rapalus.

Fighting cybercrime

2001 computer crime survey

85% detected security breaches 36% reported intrusions to the police 94% detected viruses 38% detected denial of service attacks

He urged companies and the government to take a more aggressive and coordinated approach to fighting computer crime.

"Organisations that want to survive in the coming years need to develop a comprehensive approach to information security, embracing both the human and technical dimensions," he said.

"They also need to properly fund, train, staff and empower those tasked with enterprise-wide information security."

The US Department of Justice is working with Congress to toughen existing cybercrime legislation.

In response to the growing threat from cybercriminals, the FBI has set up the National Infrastructure Protection Center and regional Computer Intrusion Squads have been created in several offices throughout the US.