Australia has outpaced the US in the volume of computer crime, and computer crime has more than doubled since 1999, according to a survey of Australia's top 300 companies.
Despite 70 per cent of Australian organisations increasing IT security expenditure over the last 12 months, the 2002 Australian Computer Crime and Security Survey shows that 67 per cent of respondents recorded security incidents this year compared to 35 per cent in the US.
Compiled jointly by Deloitte Touche Tohmatsu, the NSW Police and AusCert (Australian Computer Emergency Response Team), the survey covered 500 organisations 300 of which were among Australia's largest companies.
Deloitte's head of IT security consulting Dean Kingsley said the results prove the bad guys are winning as the volume of threats grows faster than the preventative measures being put in place.
"We're losing the battle because of a growing apathy in executive management; the boardroom still claims the computer crime threat is a beat up, but [the contention] is wrong," Kingsley said.
For the first time in Australia, the growing threat of external attack has now surpassed the threat of in-house attack, with 89 per cent of organisations suffering an external attack compared to 65 per cent being attacked internally.
Alarmingly, 98 per cent of respondents experienced some form of broader computer crime, such as laptop theft, data or network sabotage, virus and Trojan infection, and computer fraud, the survey reported.
Respondents found it difficult to quantify denial of service attacks and excessive network resource consumption through external scanning, but listed them as serious problems.
In fact, the degradation reported as a result of scanning led to 13 per cent of organisations experiencing financial losses, with 9 per cent reporting losses of more than $160,000.
A secondary impact comes from malicious code and powerful hacker scanning tools that are saturating Internet bandwidth and degrading legitimate traffic, the survey found.
Kingsley said that organisations usually must pay for the extra traffic generated by this activity, further compounding the losses.
The survey also found 43 per cent of Australian organisations are willing to knowingly hire ex-hackers, three times more than the US.
When companies were asked to list the biggest barriers to improving security, Kingsley said the survey showed that changing user attitudes was number one, followed by managing software upgrades and bug patches in a complex IT infrastructure, and keeping up to date with fast-changing security threats.
The number of organisations reporting security incidents to law enforcement has doubled to 31 per cent since 1999, but is still very low. The main reason respondents cited was pessimism regarding the apprehension of attackers; however, both the NSW Police and Australian Federal Police have increased their computer crime capabilities and have also increased funding.