Security Focus is running an article about businesses hit by cyber crime in 05. Their big point is that 2/3 of businesses reported some incident. Included in the “other incident” category though are phishing/DoS/Adware/etc. My concern is more about the 33% of businesses that DIDN’T see that.
I currently have a customer that, officially, has never had a computer security incident. A pen test and log analysis proved that isn’t true but my thought now is that the above suggests 33% of businesses have that same delusion.