Malware and Downtime Survey

I usually don’t give much credence to those that publish tech surveys about hacking and malware. Invariably such surveys are published by the marketing departments of various tech firms, who wildly inflate statistics in order to push a product. But it seems like the Infonetics Research survey has data that seems plausible and in line with what I have seen in organizations as well.

From their survey highlighted here at VNUnet:

Large US organizations are losing an average of 2.2 per cent of their annual revenue, or more than $30m, to security attacks, research published today has revealed.

Analyst firm Infonetics Research found in a study on network downtime caused by security attacks that small and medium-sized organizations lose about half a per cent of annual revenue to security attacks, which can run into the hundreds of thousands of dollars.

The research found that medium-sized organizations are most vexed by client malware, while large organizations are plagued more by denial of service attacks and server malware.

Small and medium-sized organisations have “major problems” with spyware, which represents a staggering 40 per cent of all security downtime costs with these companies.

Its nice to see a survey that doesn’t pitch a solution. And its a little surprising to me that so much downtime among small businesses is due to spyware, but it makes sense. Smaller companies don’t have large IT staffs and high-end solutions to block malware at the gateways. Also small companies often choose to shortcut even the cheapest AV and spyware solutions and they don’t patch regularly. It will be interesting to see how much this changes once organizations begin to adopt Vista. Vista has greater inherent armor against common malware.

I expect that in the future, fraud from phishing will replace malware as a loss leader in the business world.