• PC World
• » Networking & Wireless

The risk of the typical U.S. company suffering at least one major cyberattack within the next year is strong, and not enough businesses are taking appropriate steps to defend themselves, according to the results of a survey released Wednesday by the Business Software Alliance.

U.S. Representative Billy Tauzin (R-Louisiana), chairman of the U.S. House of Representatives Committee on Energy and Commerce, joined the BSA in unveiling the results at a press conference in Washington, calling for businesses to "wake up" to the possibility of attacks, and back the proposed legislation to create the Department of Homeland Security.

The survey polled 602 IT professionals. Of those professionals responsible for security issues, 60 percent feel it is likely companies will get hit with at least one major cyberattack within the next year. While more than half of all IT professionals surveyed felt U.S. businesses have improved their security defenses since the September 11 terrorist attacks, 45 percent said companies are still not prepared for a major cyberattack.

What Makes It Major?

The survey did not specifically define what constitutes a "major" cyberattack; respondents were left to decide on a definition for themselves, the BSA said. The survey asked respondents to gauge the likelihood of at least one major attack against a typical U.S. company, not necessarily against the employer of each respondent, according to the BSA.

"This report is a wake-up call for the private sector; they have as much to be concerned about as the public sector," said Tauzin. "The strength of the American economy depends on making our infrastructure safe," he said.

Tauzin's committee has sponsored legislation to create a separate department within the proposed Department of Homeland Security devoted to cybersecurity. Included in that legislation is a proposal to create a temporary exemption to the Freedom of Information Act to allow businesses hit by cyberattacks to report the events to the cybersecurity department without worrying that the information will wind up in the hands of competitors, said Robert Holleyman, president and chief executive officer of the BSA.

"Most attacks are never reported, and we need to examine the attacks and look for patterns" that will allow authorities to locate the attackers, Holleyman said.

"We need to create incentives for companies to report vulnerabilities and incursions to their networks without the fear of that information being released to competitors," he said.

Examining the Issues

The Energy and Commerce committee's subcommittee on Telecommunications and the Internet intends to hold hearings after Congress's August break to further examine the cybersecurity issue, said Representative Fred Upton (R-Michigan), chairman of the subcommittee.

U.S. businesses are devoting fewer resources toward defending themselves against cyberattacks than they did attempting to solve the Y2K problem, according to 47 percent of IT professionals surveyed. Seventy-one percent feel that businesses should concentrate more on cyberdefense.

On the positive side, nearly every IT professional surveyed, 94 percent, said every computer at their company had antivirus software, and 92 percent said their company uses a firewall to protect against network threats. And while they are wary of the next attack, 70 percent of those surveyed said the benefits and convenience of the Internet outweigh their security concerns.

The survey was conducted by Ipsos Public Affairs, a division of Ipsos-Reid, and Business 2.0, an industry publication. Sixty percent of those surveyed work at a company with 500 or more employees.

Cara Garretson of the IDG News Service contributed to this report.

• See more like this:
• cyberattack,
• defend,
• company,
• BSA,
• Business Software Alliance,
• terrorist,
• Tauzin