Monday, December 5th, 2005
Internet security breaches cost business est. $140-$240 m. annually
Business Internet Security Survey 2005
The business cost of internet security breaches is estimated at between $140 and $240 million a year, according to an
Internet Security Survey conducted by the Employers & Manufacturers Association Northern in November.
The range was conservatively estimated from the lowest to the median costs of the disruptions reported by 356 businesses
which responded on the costs question in the survey and extrapolated across New Zealand's 123,000 businesses employing
more than one person.
About half the sample's respondents said the cost in the last 12 months was between $500 to $10,000, including rework,
lost work, repairs and lost business.
Despite these levels of cost businesses appear to be lagging in their installations of systems to protect their internet
security. The observation applies especially to larger businesses. Implementing protective internet systems typically
cost about 10 per cent of the reported losses.
The investment in IT security is not matching the heightened risks evident in the survey, and the arrival of new
internet security threats over the last 21 months when a similar survey was conducted, said EMA Communications Manager
"For instance, 91 per cent of companies employing 20 people or less have antivirus software installed compared to 84 per
cent of companies employing more than 20 people. 55 per cent of smaller companies have deployed anti-spyware compared to
49 per cent of larger firms," Mr Peterson said.
Investment in IT remained static from 2004 to 2005; 51.2 per cent of respondents spent less than $19,000 this year and
51.8 per cent in the last survey in March 2004.
Likewise the percentage of IT budget spent on security has remained the same - 55.8 per cent invested five per cent or
less in 2005; 55.7% spent five per cent or less in 2004.
"It's disturbing that the number automatically updating their internet security systems has dropped; 90.3 per cent in
2004 down to 75.2 per cent in 2005," Mr Peterson said.
"If these systems products are not regularly updated there is little point in having them.
"Though more businesses are allowing staff access to the internet at work - now up to 65 per cent - staff internet
policies have not kept pace, while training on safe internet practices has dropped from 67.2 per cent in 2004 to 55.9
per cent in 2005.
"Nonetheless the survey shows the great majority of businesses are using security software at some level. Overall 88
percent of respondents have installed antivirus software; 77 percent have in place firewall software or appliance; and
overall 63 percent have spam filtering. However, only 26 percent use intrusion prevention software and 24 percent URL
"This year's survey attracted a far higher response rate than last time, over double with 530 respondents in all
compared to 230 previously keeping pace with the growth of internet threats.
"The range of internet security breaches has become broader and more complex. Twenty one months ago, the top security
concerns were limited to viruses, hackers and spam. Now the list includes Trojans, worms, spyware and email scams such
as phishing, and others," said Mr Peterson.
51 percent of total respondents have been the target of a phishing* expedition.
Businesses are being hit with an average of 98 spam emails per day, though spam is not the issue it was 21 months ago.
Spam filtering is proving effective as five percent of the survey sample report getting 51-100 spam emails a day
compared with 12 per cent reporting the same volume in the last survey.
Only 9.1 per cent of businesses are still on a dial up internet with 34 per cent on high speed broadband connections
though many are dissatisfied with its reliability, speed and cost - 10.8 per cent cited this as one of their top two IT
The uptake of hand held and converged devices appears slow for a nation of people who like to consider themselves early
adopters. In 2004 just 12 per cent had a hand held device in their business, now 49 per cent have them with 51.8 per
cent using one or more converged devices.