Industry Sector and the Prevalence of Computer Security Incidents Against Australian Businesses

A recent research study by the Australian Institute of Criminology asked businesses from each industry sector to estimate how many computer security incidents they had experienced during the 2006-07 financial year. The Australian Business Assessment of Computer User Security (ABACUS) survey defined a computer security incident as any unauthorised use, damage, monitoring attack or theft of your business information technology. Incidents such as viruses or worms were counted as one incident, not once perinfected machine. This information sheet details the results of the survey for businesses from different sectors that experienced computer security incidents during 2006/07. A majority of businesses from all industry sectors reported experiencing no incidents and the proportion of businesses from each sector that experienced incidents did not vary greatly. The proportion of businesses that experienced one or more computer security incidents ranged from eight percent of businesses from 'other services'to 21% of businesses from the 'administration and support services' sector.