Australian companies lost $595-$649 million in the 2006-07 financial year because of computer security incidents, according to research undertaken by the Australian Institute of Criminology (AIC).
The research was outlined in a report titled, Australian Businesses Assessment of Computer User Security (ABACUS), which surveyed small, medium and large businesses from a range of industry sectors and from all Australian states and territories during February to April in 2008.
It showed for organisations that suffered one security incident the mean loss was $4469; the small business mean loss was $2431, medium business was $12,405, while large business was $49,246.
Over 85 per cent of companies reported using security tools with antivirus software being the most common.
The estimated spend on security tools for all Australian businesses was between $1.37 billion and $1.95 billion. The mean security spend was $992 for small businesses, $7614 for medium businesses, and $38,474 for large businesses.
Nineteen per cent outsourced one or more computer security functions to a third party.
However, only 14 per cent of businesses with an IT infrastructure were hit with one per cent indicating they suffered more than 10 incidents. Large businesses were more likely to be hit than smaller ones and malicious code was the main form of attack.
Notably, only eight per cent of victim businesses reported their security breaches to the police.
The full report can be downloaded here.