2010 New Zealand computer crime and security survey

Abstract

The New Zealand Computer Crime and Security Survey is conducted by the Security Research Group (SRG) of the University of Otago, in partnership with the NZ Internet Task Force (NZITF), New Zealand Police, and the Computer Security Institute (CSI). This 2010 survey is the fourth annual New Zealand (NZ) survey. It is based on the US CSI Computer Crime and Security Survey, the longest running continuous survey in the information security field and commonly known as a leading source of statistics related to computer crime and security.

The 2010 survey results are based on the responses of 176 computer security practitioners in NZ utility, manufacturing / production, financial, telecommunications, transport, high technology, medical, wholesale, retail, tertiary education, legal, national and local government agencies, entertainment/media, construction, commercial/trade services providers regarding the 2009 calendar year. All monetary figures are in NZ$, roughly equivalent to US$0.75 at time of publication.

Considerations in this survey are: - Budgeting: percentage of IT budget spent on security, outsourcing of security function, incident insurance, security investment, cost-benefit metrics in security planning - Frequency, Nature and Cost of Cyber Security Breaches - Incidents and the Law - Security Audits and Security Awareness - Security Technologies - IT Standards, Policies and Procedures - Information Security Training, Qualifications and Certification - Perceived Importance of Threats - Mobile device deployment prevalence, security incident incidence and protection measures - Conficker incidence, handling and cost - USB Protection

NB References to US figures refer to those from CSI surveys. In referring to monetary costs, ‘k’ is substituted for ‘thousand’ for brevity.