2009 CCH. All Rights Reserved.
Cybercrime Loss Valuations
There are several important reasons to quantify the loss from a cybercrime. One reason is to report the crime
to law enforcement. Another reason for loss determination is for insurance purposes. Also, the victim may want a
loss determination for internal purposes and at the same time, the victim may not want to report the crime to law
enforcement or to
le an insurance claim. Each case raises different issues the forensic investigator needs to consider
in developing loss estimates.
Attacks on Tangibles and Intangibles
Extent of the Problem
The Computer Crime and Security Survey prepared by the Australian Computer Emergency Response Team
(AusCERT) reports on losses and abuse sustained by respondents to its annual survey (
). The respondents represent a wide range of industry sectors including education, mining, and
nancial organizations. The 2004 survey found:
On average the losses were estimated at $98,685 for the sample.
Infections from viruses, worms, and trojans were the most common form of attack and responsible for
most of the losses. The highest reported loss in 2004 from these attacks for one respondent was $2,000,000.
Most companies recovered from such attacks after seven days.
Heavy scanning of the network and consequential degrading of services was also a factor for 41 percent
of the respondents.
76 percent of the respondents were aware of at least one to
ve attacks during the 2004 period.
As would be expected, the source point for these attacks is the company’s point of Internet access.
An increasing percent of the attacks in 2004 were believed to be conducted to use system resources for
launching further attacks with anonymity. The respondents believed another major reason for these attacks
was just to cause malicious damage.
88 percent of the attacks originated from outside the organization.
49 percent of respondents reported that losses arose from attacks on the con
dentiality, integrity, or
availability of information.
Unpatched systems and inadequate staff training were reported as the major reasons for these problems.
Beyond theft of proprietary information and
nancial fraud, the survey collected loss information about those
cybercrimes such as sabotaging data, telecom eavesdropping, outsider system penetration, insider abuse of net access,
denial of service attacks, spoo
ng, virus attacks, unauthorized insider access, telecom fraud, wiretapping, and laptop
theft. All such criminal activities create losses and damages for business organizations. Experts and legislators have
attempted to identify losses from such activities in various state and federal laws. These legal guidelines provide
a starting point for the forensic accountant in determining a dollar value for losses due to cyber attacks. However,
losses recognized for statutory purpose are likely to differ from values
led under insurance claims. Therefore, each
is considered in this chapter.