The Australian Institute of Criminology has recently published a paper entitled Computer security incidents against Australian businesses: predictors of victimisation. A number of variables within internal business landscapes were examined with a view to identifying risk factors of computer security incidents including viruses and other malicious code, spyware, phishing, sabotage of network or data and denial of service attacks.
The authors note that the data revealed somewhat unclear relationships between the number of computer security incidents experienced and:
- expenditure on computer security;
- respondents’ knowledge of information technology; and
- whether businesses outsourced any computer security functions.
The authors’ conclusions were instead that key indicators of the likelihood of businesses detecting incidents included the number of employees that a business has and whether computer security functions were outsourced.
The paper can be downloaded from the AIC website.