By Research Area Children, Families, and Communities Cyber and Data Sciences Education and Literacy Energy and Environment Health, Health Care, and Aging Homeland Security and Public Safety Infrastructure and Transportation International Affairs Law and Business National Security and Terrorism Science and Technology Workers and the Workplace

       FOR RELEASE

       Tuesday

       May 2, 2006

       On behalf of the U.S. Departments of Justice and Homeland Security, the RAND Corporation is fielding the first national survey to measure the impact of cybercrime on American businesses. The DOJ/DHS National Computer Security Survey (NCSS), announced by the U.S. Department of Justice (see www.ojp.usdoj.gov/bjs/pub/press/ncsspr.htm), is scheduled for completion by the end of 2006.

       The survey will produce industry-level statistics on the number and consequences of cyber attacks, frauds and thefts of information among the 5.3 million businesses in the United States.

       RAND will collect information from businesses across 36 industry sectors – including critical infrastructure – about the nature and extent of computer security incidents; the monetary costs and other consequences of these occurrences; incident details, such as types of offenders and reporting to authorities; and computer security measures that various firms use.

       Participation in the survey is voluntary, and data will be combined on the industry level so that no firms can be identified. Participating businesses will be offered information that will allow them to benchmark themselves against the rest of their industry sector.

       More detailed information about the National Computer Security Survey can be found at ncss.rand.org and at www.ojp.usdoj.gov/bjs/survey/ncss/ncss.htm.

       The survey has been endorsed by a wide range of groups including: Business Executives for National Security, the Business Software Alliance, the Cert Coordination Center, the Cyber Security Industry Alliance, the Food and Agriculture Information Sharing and Analysis Center, the Information Technology – Information Sharing and Analysis Center, InfraGard, the Manufacturers Alliance, the National Alliance for Health Information Technology, the National Association of Manufacturers, the National Federation of Independent Businesses, the National Telecommunications and Information Administration, the President's Council of Advisors on Science and Technology, the Real Estate Round Table, the Risk and Insurance Management Society, the Small Business Group and Entrepreneurship Council, and the U.S. Chamber of Commerce.

       Currently no national baseline measure exists on the extent of cybercrime. The survey results will enable the Departments of Justice and Homeland Security, along with private industry, to make more informed decisions and develop policies that identify vulnerabilities and effectively target cyber security resources.

       Cyber threats are a national issue that can be adequately addressed only through cooperation among private firms and government agencies at all levels. The President's National Strategy for Securing Cyberspace calls for the Department of Justice to collect more information about victims of cybercrime, track changes over time, and help businesses counter this critical threat.

       Nearly 75 percent of businesses responding to a Department of Justice pilot survey said they had been victimized by cybercrime during 2001. Computer virus infections were the most common form of attack (64 percent), followed by denial of service incidents (25 percent) and vandalism or sabotage (19 percent). Among the companies that detected a computer virus, less than 6 percent said they notified a law enforcement agency.

       The RAND research team is led by Lois Davis and Robert Anderson. The survey is being conducted by the Safety and Justice Program within RAND's Infrastructure, Safety and Environment (ISE) Division.

       The mission of ISE, a division of the RAND Corporation, is to improve development, operation, use and protection of society's essential built and natural assets; and to enhance the related social assets of safety and security of individuals in transit and in their workplaces and communities. The Safety and Justice Program research addresses many aspects of public safety – including violence, policing, corrections, substance abuse and public integrity.

       Share on Facebook Share on Twitter Share on LinkedIn

       About the RAND Corporation

       The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous.

       Connect Contact Us

       Contact Us Locations

       I am interested in Jobs at RAND Media Resources Congressional Resources Doing Business with RAND Supporting RAND Educational Opportunities Alumni Association Follow RAND Corporation on Facebook RAND Corporation on Twitter RAND Corporation on LinkedIn RAND Corporation on YouTube RAND Corporation RSS Feeds RAND Corporation mobile applications

       Stay Informed

       Subscribe to the weekly Policy Currents newsletter to receive updates on the issues that matter most.

       Subscribe View all email newsletters

       Resources Multimedia Latest Reports Browse by Author RAND Classics Databases and Tools Site Information Site Map PRIVACY POLICY Support Policy Feedback Help