Computer Economics recently conducted a survey of IT security professionals and managers on the frequency and economic impact of malware attacks on their organizations in the previous 12 months. Analysis of the survey results has been completed and is available in our special publication, the 2007 Malware Report: The Economic Impact of Viruses, Spyware, Adware, Botnets, and Other Malicious Code. The full report provides estimates of malware damages worldwide, at the organizational level, and at the level of individual malware events.
Worldwide Economic Impact of Malware
The study found that for the second year in a row, malware cost damages declined worldwide, as shown in Figure 1. In 2006, direct damages fell to $13.3 billion, from $14.2 billion in 2005, and $17.5 billion in 2004.
In this study, direct costs are defined as labor costs to analyze, repair and cleanse infected systems, loss of user productivity, loss of revenue due to loss or degraded performance of system, and other costs directly incurred as the result of a malware attack. Direct costs do not include preventive costs of antivirus hardware or software, ongoing personnel costs for IT security staff, secondary costs of subsequent attacks enabled by the original malware attack, insurance costs, damage to the organization’s brand, or loss of market value.
The two-year decline in direct cost damages is primarily the result of two trends:
The second factor, above, implies that although direct damages of malware may be declining, the indirect or secondary damages are likely increasing. For example, a spyware attack may cost a few thousand dollars in damages, mostly in terms of the labor cost required to remove it from desktop machines. But if the spyware allows the hacker to sniff a user's password, which he then uses to infiltrate the organization's network, the secondary damages resulting form the unauthorized access could be devastating.
The increase in indirect and secondary damages may explain why, in spite of the slight decline in direct damages, our survey respondents indicate that the malware threat has grown worse over the past year.
Other Major Findings
The full report includes 36 graphs and tables providing detailed statistics on the frequency and economic impact of malicious code. Major findings include the following:
June 2007
This Research Byte is a small excerpt from our recent study, the 2007 Malware Report: The Economic Impact of Viruses, Spyware, Adware, Botnets, and Other Malicious Code, which is widely referenced in the business press as a source of information regarding the worldwide economic impact of malware on business. Business and IT executives will find this study a valuable source of economic statistics for justifying new IT security investments and anti-malware initiatives.
For more details on the 2007 Malware Report, please refer to the extended report description for a full table of contents and list of figures.
The 2007 Malware Report is available for purchase on our website at https://www.computereconomics.com/article.cfm?id=1224 (click for pricing).
New Home for Business Analysts
The Ebb and Flow of Help Desk Staffing
Formulating Your Strategy for Digital Real Estate
Factors Affecting DBA Staffing Ratios
IT Spending as a Percentage of Revenue by Industry
IT Spending in the Insurance Industry
IT Spending in the Retail Industry