Key
findings of the 2004 BSI Computer Theft Survey:
Almost half (47.1%) of the survey respondents have been
the victim of computer theft in the last 12 months.
61% of computer theft occurred while respondent was
mobile (moving about), rendering cables, locks and
enclosures virtually useless.
Over three quarters (76.3%) of respondent companies
had between 1 and 9 computers stolen in the last 12 months;
more than 1 in 10 (11.3%) respondent companies had more than 25 computers stolen in the last 12 months.
Laptops comprised nearly half (61%) of those devices
reported stolen, followed by desktop computers (20.5%) and
PDAs (18.5%).
98.5% of survey respondents that experienced computer
theft report the thief was never caught.
83.4% of respondents report the estimated value of
proprietary data on their stolen computing device at $25,000
or less; 14.6% estimated the value at $1,000.000 or more and
2% estimated the value at more than $10,000,000.
51.1% of respondents report other items were stolen at
the time of the computer theft, with removable media
(including spare disks, stored files on CDs, removable media
and spare hard drives) accounting for 31.5 % of the
additional stolen items.
71.3% of respondents use only a log-on password to
protect their computer; 42% recorded and stored the make,
model and serial number of the computer in case of theft;
and almost one quarter (25%) used no security precautions
to safeguard their computing device from theft.
62% of all respondents report they only back-up data
weekly, monthly, rarely or never - making the theft of a
computing device a serious event that results in the
permanent loss of data.
89% of respondents did not encrypt the proprietary data
on their stolen computing device.
52.9% of respondents that experienced computer theft
had multiple incidences of theft in the last 12 months.
Nearly two-thirds (64.2%) of computer thefts occurred
outside traditional business hours.
Average total replacement cost of stolen computing
devices was $34,408.21 per device.
74.4% of respondents reported downtime due to computer
theft ranging from several days to more than one month.
81.1% of respondent organizations do not have written
guidelines on how to safeguard computers from theft.
50.5% of respondent organizations do not provide security
guidelines.
88% of respondent organizations do not have written
guidelines on how to respond to the theft of a computer.
89% of respondent organizations do not provide
employees with the name and contact information of a
specific point of contact when a computing device goes
missing.
91% of respondent organizations do not conduct
periodic security awareness programs on computer theft.
82% of respondent organizations do not have a written
policy making employees financially responsible for computer
theft if security guidelines are not followed.
93% of respondent organizations do not have written guidelines on
protecting proprietary information on computing devices while traveling.
93% of respondent organizations do not have written
guidelines mandating encryption of proprietary information.
78% of respondent organizations reported that PCs accounted for the bulk of the stolen machines and Macs accounted for 22.6% of all stolen machines.
