The Australian Institute of Criminology (AIC) has launched a new study into the effects of cybercrime on Australian commerce by commissioning a survey of more than 10,000 businesses across the country, seeking information about their experiences with online transgressions and what is being done to prevent them.
In a statement released yesterday, AIC director Dr Toni Makkai said the Australian Business Assessment of Computer User Security (ABACUS) project would "fill in a crucial piece of the puzzle in helping businesses and law enforcement to fight cybercrime".
"If business and law enforcement are to develop effective strategies against cybercrime, they need to be fully informed about its current extent and impact. This study, if well supported by business, will help build this body of essential knowledge," she said.
According to its principal criminologist, Dr Russell Smith, the AIC has been examining the effects of cybercrime for 10 years, but this is the first time a study of this scale has been attempted.
"The aim is to do a national prevalence survey, so we attained a representative sample from the Australian Bureau of Statistics of 10,000 businesses of varying sizes, from the big banks to fish and chip shops," he said.
Smith told ZDNet.com.au today that the Australian Computer Emergency Response Team (AusCERT) has run similar surveys in years past, but never at this scale: "They took a small sample and got a small number of responses ... only in the hundreds as opposed to the tens of thousands."
Respondents will be asked to provide answers on an extensive range of security concerns as part of the 38 question survey, including specifics on estimated losses incurred from breaches, how much each business spends on security and whether or not the shift away from desktop computing to wireless has created a less secure environment.
"A lot of the questions deal with the changing nature of the risks that are out there," said Smith. "One of the main things we want to do is to corroborate the anecdotal evidence by way of hard figures, to see if it's really what people are experiencing in business."
The criminologist said he was particularly interested in how small businesses respond to the survey, given the lack of IT and security resources at their disposal relative to large organisations with an in-house IT operation.
"A lot of people have to fix problems themselves if they have some expertise or they have to hand the responsibility over to others if they don't," he said.
James Turner, security expert at research firm IBRS believes this will be one of the more interesting aspects of the study as well, but does not share Smith's optimism that many small businesses are able to deal with security breaches adequately.
"In my experience a lot of businesses just don't know when they've been hacked," said Turner.
"Unless you're an IT security forensics expert you're often not going to know if someone's been playing around with your system," he said.
The analyst went on to say that he would also be interested in whether or not the survey asks any questions relating to privacy issues, as the results would be pertinent ahead of the upcoming review of Australian privacy law currently being undertaken by the Australian Law Reform Commission.
The Australian Chamber of Commerce and Industry (ACCI) has expressed its support for the initiative, with acting chief executive Peter Anderson saying: "Australian businesses, of all sizes and in all industries, are certainly vulnerable in the 'new world' of emerging technologies."
"The ACCI fully supports any efforts to increase our collective understanding of the threat, and especially welcomes the AIC's focus on using the ABACUS study to identify concrete tools and methods for better securing our businesses against cybercrime into the future," he said in a statement.
"A survey like this is a good indicator, but that's all we can use it for, as an indicator," said IBRS's Turner.
"Hopefully one of its outcomes will be that users end up reading the results and it helps them realise they're not alone, and clear the air when it comes to talking about security issues a bit," he said.