Thanks to better security practices, businesses are losing less money. Some 251 organizations lost nearly $202 million last year due to security incidents. That's a lot of money, but its down 56% from the $456 million lost in 2001. Those are the key findings of the eighth annual CSI/FBI Computer Crime and Security Survey released Thursday by the Computer Security Institute and the Federal Bureau of Investigation.

The number of significant security incidents last year was about the same as the year before, says Robert Richardson, editorial director for the institute. The reduction in losses probably came about because businesses are paying more attention to security in the wake of the terrorist attacks of Sept. 11 and security professionals are getting better at spotting and stopping attacks, he says. Plus, stiffer legal penalties against hackers may be scaring would-be hackers into pursuing other things. "If I were a young kid with an interest in hacking, I wouldn't be hacking into the Rand Corporation right now," says Richardson.

But the drop in losses attributed to security problems could be more related to companies "re-examining their real intellectual-property risk and reflecting more realistic losses in those areas" than a reduction in security threats, says Eric Ogren, senior analyst at the Yankee Group.

[ Read more ]