Computer Security Incidents against Australian Businesses: Predictors of Victimisation

By Richards, Kelly; Davis, Brent et al. | Trends & Issues in Crime and Criminal Justice, September 2010 | Go to article overview

Computer Security Incidents against Australian Businesses: Predictors of Victimisation


Richards, Kelly, Davis, Brent, Tomison, Adam, Trends & Issues in Crime and Criminal Justice


Foreword | Drawing on data from the Australian Business Assessment of Computer User Security (ABACUS) survey, this paper examines a range of factors that may influence businesses' likelihood of being victimised by a computer security incident. It has been suggested that factors including business size, industry sector, level of outsourcing, expenditure on computer security functions and types of computer security tools and/or policies used may influence the probability of particular businesses experiencing such incidents. This paper uses probability modelling to test whether this is the case for the 4,000 businesses that responded to the ABACUS survey. It was found that the industry sector that a business belonged to, and business expenditure on computer security, were not related to businesses' likelihood of detecting computer security incidents. Instead, the number of employees that a business has and whether computer security functions were outsourced were found to be key indicators of businesses' likelihood of detecting incidents. Some of the implications of these findings are considered in this paper.

The Australian Institute of Criminology (AIC) recently commissioned a nationwide survey of businesses called the Australian Business Assessment of Computer User Security (ABACUS) survey (see Richards 2009). This study aimed to identify the prevalence, nature, costs and impacts of computer security incidents against Australian businesses during 2006-07. Computer security incidents were defined in the survey as any unauthorised use, damage, monitoring attack or theft of business information technology. Common computer security incidents include viruses and other malicious code, spyware, phishing, sabotage of network or data and denial of service attacks.

The ABACUS survey used a random, weighted sample of Australian businesses, stratified by industry sector and business size, to enable generalisations to be made about the entire population of Australian businesses. In total, 4,000 ABACUS questionnaires were completed by Australian businesses, representing a response rate of 29 percent (for a detailed discussion of the methodology of the ABACUS study see Challice (2009)).

The ABACUS study found that a majority of businesses (80%; n=2,881) that used information technology reported experiencing no computer security incidents during the 12 month period ending 30 June 2007. In the study, 'experiencing a computer security incident' meant that a business detected an incident. By definition, the survey was not able to capture incidents that businesses did not detect; the survey only capturing detected or identified computer security incidents. As a proportion of the overall sample, 12 percent (n=435) of businesses experienced one to five computer security incidents, one percent experienced six to 10 incidents (n=44) and one percent experienced more than 10 incidents (n=48). Six percent (n=21 2) of respondents were unable to quantify the number of computer security incidents their business had experienced.

Research has shown that businesses are concerned about the risks associated with computer security incidents and believe that victimisation is widespread (Nykodym, Taylor SViIeIa 2005; Smith, Grabosky & Urbas 2004). A survey commissioned by IBM (Ho 2006) found that about half of Australian businesses perceive computer security incidents as a greater threat and more costly to their organisation than physical crime.

The literature on computer security incidents posits a range of factors as potential predictors of whether businesses experience computer security incidents. Industry sector, for example, is widely held to be a key determinant, with financial organisations deemed most likely to be targeted (IBM Global Technology Services 2008). Business size is also commonly proposed as a factor that may determine businesses' likelihood of experiencing computer security incidents. For example, the Department of Trade and Industry (2006) found that in the United Kingdom, a higher proportion of large businesses reported experiencing malicious computer security incidents than businesses overall. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Computer Security Incidents against Australian Businesses: Predictors of Victimisation
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.