BJS: Bureau of Justice Statistics

Home  |  About Us  |  Contact Us  |  Help  |  A-Z Topic List
Bureau of Justice Statistics (BJS)
Home | Crime Type | Property Crime | Cybercrime - Electronic crime
Cybercrime - Electronic crime
On This Page
About this Topic

The National Computer Security Survey (NCSS) documents the nature, prevalence, and impact of cyber intrusions against businesses in the United States. It examines three general types of cybercrime:

  • Cyber attacks are crimes in which the computer system is the target. Cyber attacks consist of computer viruses (including worms and Trojan horses), denial of service attacks, and electronic vandalism or sabotage.
  • Cyber theft comprises crimes in which a computer is used to steal money or other things of value. Cyber theft includes embezzlement, fraud, theft of intellectual property, and theft of personal or financial data.
  • Other computer security incidents encompass spyware, adware, hacking, phishing, spoofing, pinging, port scanning, and theft of other information, regardless of whether the breach was successful

Summary Findings

In 2005, among 7,818 businesses –

  • 67% detected at least one cybercrime.
  • Nearly 60% detected one or more types of cyber attack.
  • 11% detected cyber theft.
  • 24% detected other computer security incidents.
  • Most businesses did not report cyber attacks to law enforcement authorities.
  • The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year.
  • Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more. By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000.
  • System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.

Data Collections & Surveys

Publications & Products

Part of the Cybercrime against Businesses Series

Part of the Cybercrime against Businesses Series

Cybercrime against Businesses, 2005 Presents the nature and prevalence of computer security incidents among 7,818 businesses in 2005. This is the first report to provide data on monetary loss and system downtime resulting from cyber incidents.
National Computer Security Survey "National Computer Security Survey announced"
  Press Release

Cybercrime against Businesses: Pilot Test Results, 2001 Computer Security Survey Describes the history, development, and implementation of the pilot Computer Security Survey conducted during the last half of 2002.
Terms & Definitions

Business A company, service or membership organization consisting of one or more establishments under common ownership or control. For this survey, major subsidiaries were treated as separate businesses.
CERT C.C. An organization that works with the U.S. Computer Emergency Readiness Team (CERT) and the private sector. CERT C.C. studies computer and network security in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer information to help improve computer and network security.
Computer virus A hidden fragment of computer code which propagates by inserting itself into or modifying other programs. Includes viruses, worms, and Trojan horses. Excludes spyware, adware, and other malware.
Denial of service The disruption, degradation, or exhaustion of an Internet connection or e-mail service that results in an interruption of the normal flow of information. Denial of service is usually caused by ping attacks, port scanning probes, or excessive amounts of incoming data.
Electronic vandalism or sabotage The deliberate or malicious damage, defacement, destruction or other alteration of electronic files, data, web pages, or programs.
Related Links