Science

Computer hacks jump in '09: study

Canadian companies faced more computer attacks in the past 12 months, which cost firms almost twice as much to fight, according to a study released Tuesday.

Canadian companies faced more computer attacks in the past 12 months, which cost companies almost twice as much to fight, according to a study released Tuesday.

A survey of 600 information technology professionals compiled by Telus Corp. and the Rotman School of Management at the University of Toronto showed that the number of attacks jumped to 11.3 per organization in the past year, up from three in 2008.

In addition, the cost per organization to fight these attacks has also almost doubled, to $834,000 in the latest survey, up from $423,000 in 2008.

"The significant increase in reported breaches is sobering," said Walid Hejazi, professor of business economics at the management school, one of the study's authors.

Insider theft

Stealing by company insiders is one big reason for the increase, said Hejazi and Alan Lefort, managing director of security labs at Telus, the report's other author.

The number of attacks by employees breaking into their own firms' computers doubled in the past 12 months, amounting to 36 per cent of all security breaches.

In some cases, workers are trying to get information they were not authorized to read. In other situations, employers are trying to steal proprietary company secrets, the report noted.

Governments and private corporations — firms that are not traded on various stock markets — saw the cost of dealing with inside and outside attacks zoom. Federal, municipal and provincial authorities forked out about $1 million to battle hackers in 2009, up from $321,000 in the previous 12 months.

Privately held firms saw their cost for security soar to slightly more than $800,000, up from $294,000 in 2008.

By contrast, public corporations experienced a cost increase of only six per cent for each company in 2009 compared with 2008.

Better detection

Some of the increase in the number of incidents and their cost can be attributed to improved technology and compliance procedures among corporations and various levels of government, the report's authors said.

"The result is that organizations are now detecting more security threats than ever before and consequently need to allocate more budget to address them appropriately," Hejazi said.

By discovering more attacks, the companies also discovered they needed to spend more cash on system improvements to deal with computer breaches, he said.

Corrections

  • The cost figures included in the story are what each organization paid on average in 2009 to deal with internet security. A previous version incorrectly reported the figures as per security incident.
    Sep 29, 2009 11:35 AM ET

now