The CSI/FBI Computer Crime and Security Survey is now published and some of the results are enlightening to say the least.
Since this is not a research paper, we can't publish the statistics of our main interest in the survey. Please see Table 1 on Page 14 for the next comment to have any relevance regarding the percent of respondents who "Don't Know" how many incidents they have encountered.
If one quarter don't know the number of security incidents, then that is around 175 companies who are flying blind or don't care about measuring the frequency, nature or cost of breaches. This is why we don't buy the general trend in Figure 14 that attacks or misuse detected are declining over the past 12 months.