DOJ/DHS National Computer Security Survey
Measuring the impact of cybercrime on U.S. businesses.
The DOJ/DHS National Computer Security Survey (NCSS), the first national survey of this type, was fielded in 2006 and sent to thousands of businesses across 37 industry sectors, including critical infrastructure. The NCSS collected data on:
- The nature and extent of computer security incidents;
- Monetary costs and other consequences of these incidents;
- Incident details such as types of offenders and reporting to authorities; and
- Computer security measures used by companies.
The goal of the NCSS was to produce reliable national and industry-level estimates of the prevalence of computer security incidents (such as denial of service attacks, fraud, or theft of information) against businesses and the resulting losses incurred by businesses. Because of its breadth and sample size, NCSS data are representative at both the national and industry levels. Data from the NCSS enable DOJ, DHS, and industry as whole to make informed decisions and develop policies that effectively target resources in the area of cyber security. Participating businesses were offered information to allow them to benchmark themselves against the rest of their industry sector.
Survey Completion and Final Reports
The survey has been completed. Many thanks to survey respondents for their participation.
The BJS final report Cybercrime Against Businesses, 2005 can be found at: http://www.ojp.usdoj.gov/bjs/abstract/cb05.htm
The RAND report NCSS Final Methodology can be found at: http://www.rand.org/pubs/technical_reports/TR544/
If you have any questions about the NCSS, please contact Lois Davis, RAND Project Leader, or Ramonta Rantala, DOJ/BJS Program Manager. Lois Davis can be contacted at firstname.lastname@example.org or by phone: 310-393-0411 x7330; Ramonta Rantala can be reached at email@example.com or by phone: 202-307-6170. (Please include "NCSS" in the subject line of your email.)
About the Survey's Sponsors
The NCSS was sponsored by the U.S. Department of Justice, Bureau of Justice Statistics and the U.S. Department of Homeland Security, National Cyber Security Division. This data collection effort was part of the President's National Strategy to Secure Cyberspace (2003). One of the recommendations made in that report was to develop better data about victims of cybercrime and intrusions so that policymakers can understand the scope of the problem and can track changes over time. The U.S. Department of Justice (DOJ) is charged with collecting statistics on cybercrime and the costs of such crime; the Bureau of Justice Statistics (BJS), the statistics arm of the DOJ and part of the Office of Justice Programs, implemented the survey. The National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security (DHS) is charged with coordinating the implementation of the President's National Strategy to Secure Cyberspace; identifying, analyzing, and reducing cyber threats and vulnerabilities; disseminating threat warning information; coordinating incident response; and providing technical assistance in continuity of operations and recovery planning.
The RAND Corporation, a private nonprofit research institution established in 1948 to conduct independent, objective research and analysis to advance public policy, was the data collection agent for this study. The NCSS was conducted within the Safety and Justice Program of RAND Infrastructure, Safety, and Environment (ISE), one of several business units within RAND. The ISE's mission is to improve the development, operation, use, and protection of society's essential built and natural assets and to enhance the related social aspects of safety and security of individuals in transit and in their workplaces and communities. The ISE research portfolio encompasses research and analysis on a broad range of policy areas, including homeland security. For more information about the RAND Corporation, visit www.rand.org.