BJS: Bureau of Justice Statistics
| Home | About Us | Contact Us | Help | A-Z Topic List |
Stay Connected
Interested in statistics?
Subscribe to JUSTSTATS
Get email notices of new crime and justice statistical materials as they become available from BJS, the FBI, and OJJDP.
Once you subscribe, you will receive an email notification from JUSTSTATS when updated or new information becomes available.
Cybercrime
| On This Page |  |
| About this Topic |  |
The National Computer Security Survey (NCSS) documents the nature, prevalence, and impact of cyber intrusions against businesses in the United States. It examines three general types of cybercrime:
- Cyber attacks are crimes in which the computer system is the target. Cyber attacks consist of computer viruses (including worms and Trojan horses), denial of service attacks, and electronic vandalism or sabotage.
- Cyber theft comprises crimes in which a computer is used to steal money or other things of value. Cyber theft includes embezzlement, fraud, theft of intellectual property, and theft of personal or financial data.
- Other computer security incidents encompass spyware, adware, hacking, phishing, spoofing, pinging, port scanning, and theft of other information, regardless of whether the breach was successful
Summary Findings
In 2005, among 7,818 businesses –
- 67% detected at least one cybercrime.
- Nearly 60% detected one or more types of cyber attack.
- 11% detected cyber theft.
- 24% detected other computer security incidents.
- Most businesses did not report cyber attacks to law enforcement authorities.
- The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year.
- Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more. By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000.
- System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.
| Data Collections & Surveys | |
| Publications & Products | |
- Publications
Data Tables
Press Releases
| Terms & Definitions | |
| Business | A company, service or membership organization consisting of one or more establishments under common ownership or control. For this survey, major subsidiaries were treated as separate businesses. |
| CERT C.C. | An organization that works with the U.S. Computer Emergency Readiness Team (CERT) and the private sector. CERT C.C. studies computer and network security in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer information to help improve computer and network security. |
| Computer virus | A hidden fragment of computer code which propagates by inserting itself into or modifying other programs. Includes viruses, worms, and Trojan horses. Excludes spyware, adware, and other malware. |
| Denial of service | The disruption, degradation, or exhaustion of an Internet connection or e-mail service that results in an interruption of the normal flow of information. Denial of service is usually caused by ping attacks, port scanning probes, or excessive amounts of incoming data. |
| Electronic vandalism or sabotage | The deliberate or malicious damage, defacement, destruction or other alteration of electronic files, data, web pages, or programs. |
| Related Links | |