The Computer Security Institute (CSI) today released its 2007 report with news that the average annual loss reported by U.S. companies in the 2007 CSI Computer Crime and Security Survey more than doubled, from $168,000 in last year's report to $350,424 in this year's survey. This ends a five-year run of lower reported losses.

Financial fraud overtook virus attacks as the source of the greatest financial loss. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. Another significant cause of loss was system penetration by outsiders.

Additional key findings include:

-- Almost one-fifth of those respondents who suffered one or more kinds of security incident said they'd suffered a "targeted attack," i.e. a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.

-- Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59% and 52% of respondents reporting each respectively.

-- When asked generally whether they'd suffered a security incident, 46% of respondents said yes, down from 53% last year and 56% the year before.

"At a period when experts throughout the industry have been discussing with concern the growing sophistication and stealth of cyber attacks, here we have a couple hundred respondents saying they lost significantly more money last year," states Robert Richardson, CSI director and author of the survey. "There's a strong suggestion in this year's results that mounting threats are beginning to materialize as mounting losses."

The complete 2007 CSI/FBI Computer Crime and Security Survey is available for free download on the CSI Web site at GoCSI.com.