"The 2004 E-Crime Watch survey (pdf, 20 pages) conducted among security and law enforcement executives by CSO magazine in cooperation with the United States Secret Service and the Carnegie Mellon University Software Engineering Institute's CERT Coordination Center, shows a significant number of organizations reporting an increase in electronic crimes (e-crimes) and network, system or data intrusions... Respondents say that e-crime cost their organizations approximately $666 million in 2003. However, 30% of respondents report their organization experienced no e-crime or intrusions in the same period."
Indeed, the survey - which seems to be limited to the US - shows intrusions and attacks as very unevenly distributed: government offices, ICT firms, banks and other financial institutions are the most frequent targets, and 28.6% of e-crimes were apparently committed by "insiders." Here is a summary of the specific types of crime reported:
- Virus or other malicious attack: 77.2%
- Denial of service attack: 43.6 %
- Illegal generation of SPAM email: 38.3%
- Unauthorized access by an insider: 35.7%
- Phishing: 31.0%
- Unauthorized access by an outsider: 27.2%
- Fraud: 21.9%
- Theft of intellectual property: 20.5%
- Theft of other proprietary info: 16.4%
- Employee identity theft: 12.0%
- Sabotage by an insider: 10.8%
- Sabotage by an outsider: 10.8%
- Extortion by an outsider: 3.2%
- Extortion by an insider: 2.6%
- Other: 11.1%