Key findings of the 8th Annual 2010 BSI Computer Theft Survey of appoximately 20,000 Education and Corporate sector IT professionals: |
More than half (58.7%) of the survey respondents have been the victim of computer theft in the last 12 months. | |
10% of all new laptops are stolen within the first year. | |
70% of all laptop theft is internal (an employee or acquaintance of the victim). | |
97% of survey respondents that experienced computer theft report the thief was never caught. None of the respondents in this category used a “Computer Theft Tracking & Recovery” software product. | |
67% of computer theft occurred while respondent was mobile (moving about), rendering cables, locks and enclosures virtually useless. | |
Over three quarters (78.2%) of respondent companies had between 1 and 9 computers stolen in the last 12 months; more than 1 in 10 (17.6%) respondent companies had more than 25 computers stolen in the last 12 months. | |
Laptops comprised more than two thirds (68%) of those devices reported stolen, followed by desktop computers (10%) and PDAs, iPods, iPhones, etc. (22%). | |
46% of respondents report the estimated value of proprietary data on their stolen computing device at $25,000 or less; 46.5 % estimated the value at between @25,000 and $1,000,000. ; 6.5% estimated the value at $1,000.000 or more and 1% estimated the value at more than $10,000,000. | |
59.2% of respondents report other items were stolen at the time of the computer theft, with removable media (including spare disks, stored files on CDs, removable media and spare hard drives) accounting for 36.5 % of the additional stolen items. | |
21.3% of respondents use only a log-on password to protect their computer; 29% recorded and stored the make, model and serial number of the computer in case of theft; and almost three quarters (70%) used no security precautions to safeguard their computing device from theft. | |
44% of all respondents report they only back-up data weekly, monthly, rarely or never – making the theft of a computing device a serious event that results in the permanent loss of data. | |
91% of respondents did not encrypt the proprietary data on their stolen computing device. | |
53.4% of respondents that experienced computer theft had multiple incidences of theft in the last 12 months. | |
More than two-thirds (68.9%) of computer thefts occurred outside traditional business hours. | |
Average total replacement cost of stolen computing devices was $43,264.66 per device. | |
71.2% of respondents reported downtime due to computer theft ranging from several days to more than one month. | |
83.3% of respondent organizations do not have written guidelines on how to safeguard computers from theft. | |
48.6% of respondent organizations do not provide security guidelines. | |
91% of respondent organizations do not have written guidelines on how to respond to the theft of a computer. | |
83% of respondent organizations do not provide employees with the name and contact information of a specific point of contact when a computing device goes missing. | |
79% of respondent organizations do not conduct periodic security awareness programs on computer theft. | |
88% of respondent organizations do not have a written policy making employees financially responsible for computer theft if security guidelines are not followed. | |
90% of respondent organizations do not have written guidelines on protecting proprietary information on computing devices while traveling. | |
94% of respondent organizations do not have written guidelines mandating encryption of proprietary information. | |
64% of respondent organizations reported that PCs accounted for the bulk of the stolen machines and Macs accounted for 36% of all stolen machines. |