NCJ Number
204978
Date Published
2003
Length
27 pages
Annotation
This document discusses a survey on computer theft highlighting the vulnerabilities of computers.
Abstract
Brigadoon Software, Inc., conducted the 2003 BSI Computer Theft Survey, based on the response of 676 participants throughout the world. The findings indicated that almost half of the survey respondents had been the victim of computer theft in the last 12 months. Over half of computer theft occurred while the respondent was mobile (moving about), rendering cables, locks and enclosures virtually useless. Nearly three-quarters of respondent companies had between 1 and 9 computers stolen in the last 12 months; nearly 1 in 10 respondent companies had more than 25 computers stolen in the last 12 months. Laptops comprised nearly half of those devices reported stolen, followed by desktop computers and PDAs. Ninety-nine percent of survey respondents that experienced computer theft reported the thief was never caught. Over 67 percent reported the estimated value of proprietary data on their stolen computing device at $25,000 or less; 9.2 percent estimated the value at $1,000 or more; and 2.3 percent estimated the value at more than $10,000. Over 92 percent used only a log-on password to protect their computer; 70 percent recorded and stored the make, model, and serial number of the computer in case of theft; and almost one-quarter used no security precautions to safeguard their computer device from theft. About 68 percent report they only backed up data weekly, monthly, rarely, or never -- making theft of a computing device a serious event that results in the permanent loss of data. Over 46 percent that experienced computer theft had multiple incidences of theft in the last 12 months. Nearly two-thirds of computer thefts occurred outside traditional business hours. Over 60 percent of respondent organizations do not have written guidelines on how to safeguard computers from theft, or do not provide security guidelines. Over 81 percent do not conduct periodic security awareness programs on computer theft. Ninety-five percent do not have written guidelines mandating encryption of proprietary information.