NZ security breaches down, but reporting still low - survey

Reasons incidents not reported: too small, too embarrassing or not considered of interest to police

An Otago University survey of computer crime and security shows a noticeable drop in intrusions and other compromises of New Zealand computer systems in 2009, compared to the survey done in 2007.

Virus contamination affected 37 percent of organisations surveyed, down 12 percent on the previous survey. Unauthorised use of workplace computers dropped from 31 percent to 28 percent. Even theft of laptops and mobile devices – now the most widely experienced security breach - has dropped 8 percent since the 2007 survey

However, there is still a low rate of reporting of potential criminal incidents to authorities. The percentage of organisations that reported an incident to the police has halved since 2007 and is now only 7.5 percent.

Otago University researcher K J Spike Quinn asked respondents why they failed to report incidents.

“Half the respondents (49 percent) thought their incidents ‘too small to report’ and 44 percent thought “law enforcement would not be able to help,” the survey records. “Thirty-one percent were ‘unaware of law enforcement interest’, with 36 percent ticking ‘negative publicity might damage the organisation’s reputation’, and 18 percent ‘concerned that competitors would use it to their advantage’.”

“Civil remedy” was preferred by 20.5 percent of respondents. Others [no figure cited] adopted internal disciplinary procedures and some said they had a policy not to report incidents to authorities unless this was legally required.

Overall, however, the proportion of incidents not reported at all outside the organisation fell from 56 percent to 27.5 percent.

Quinn records that a rise in reported incidents between the 2006 and 2007 reports, which in some categories were “massive”, was partly “due to the addition of some previously non-respondent telecoms organisations.”

So could the improvement this year be an artificial product of another change in the mix of organisations deigning to reply? Quinn says some of the telecoms sector did drop out again in the latest report, but not enough to create the whole of the drop in incidents artificially. He ascribes the positive trend largely to an improvement in security software and technologies and possibly to increased competence of staff handling security.

The survey is supported by InternetNZ, the Police and the Computer Security Institute and can be read in full here.

Join the newsletter!

Error: Please check your email address.

Tags Otago University survey

Show Comments
[]