Big UK businesses lost more than £2.4bn to hi-tech crime in 2004, the UK's top technology police force says.
Organised criminals are increasingly using hi-tech methods
According to a survey for the National Hi-Tech Crime Unit (NHTCU), almost nine out of 10 firms suffered some kind of IT-based crime last year.
Many were attacks by viruses or worms, but other problems included fraud and information theft.
A major risk was action taken by disgruntled employees, often working with crooks on the outside.
The survey was carried out for the NHTCU by NOP, which talked to 200 companies with more than 1,000 employees about their security experiences and fears.
It found that one in three firms had no crisis management plans in place for when things went wrong - and a similar number had never carried out an audit of how big the risk to their businesses was.
The survey's other findings included:
- UK companies suffered seven virus attacks a day in 2004. HSBC estimated that on the worst day of the year, its operations across 77 countries suffered some 100,000 attacks in a single 24-hour period.
- 80% of firms are expecting to spend more on IT security. This figure rises to 95% for the financial sector.
- Although only 16% of firms suffered fraud caused by hi-tech methods, these cases cost £622m - more than a quarter of the total cost of hi-tech crime.
A growth area in computer crime, the NHTCU said, was the insertion of software on PCs, either through external access or via insiders.
This opens up a backdoor for sending information and even transferring money to crooks "on an industrial scale".
Two key trends identified were the use of new techniques to carry out long-established crimes such as theft and fraud, and the growing role played by organised crime in addition to individual crooks, hackers and disaffected staff.
Total estimated cost: £2.4bn
Denial of service: £555m
Dealing with viruses etc: £676m
Equipment theft: £383m
"Organised crime has really professionalised itself," said Detective Superintendent Mick Deats, deputy head of the NHTCU.
Their involvement in hi-tech crime "is a very real threat".
Disgruntled staff pose a risk, although he said there was little evidence that people were deliberately getting themselves hired in order to cause mischief.
A particular problem was the theft of data rather than money or goods, he said.
"There's a grey area in the law about data theft," he said, making prosecution difficult unless the theft is linked to fraud or blackmail.
The NHTCU noted that its own ability to deal with hi-tech crime was sometimes limited by some firms' reluctance to report problems.
Two-thirds of the firms surveyed said they feared that business would be disrupted, not only by the crime but also by the investigation.