Companies fear the public relations and share-value impact of disclosing a security breach. Perversely, revealing even an unsuccessful attack can be a public relations disaster. And once an organization announces that it has been attacked, it may suffer further attacks as a result of the news coverage.
For other crimes, we can use police statistics or insurance claims data to measure the change in risk over time. Currently, however, there isn't much of a market for cyberinsurance, so insurance data isn't available. Police data isn't much better because companies are hesitant to report computer crimes. Some distrust the police, believing them to have a low level of awareness of computer security issues. Laws like the Freedom of Information Act and the low rate of successful prosecutions add to this distrust.
But companies can't hide everything. The highest-profile attacks in the current environment are Web site defacements. A useful resource in this area is......
Join Now or Login to view the rest of this paper.
Approximate Word Count: 862
Approximate Pages: 4 (260 words per double-spaced page) |