Computer Economics, in a January summary of its "2005 Malware Report: The Impact of Malicious Code Attacks," said that, for the first time since 2002, the financial impact of virus attacks dropped from the previous year. Losses totaled an estimated $14.2 billion in 2005, compared to $17.5 billion the prior year.
The firm said the decline was attributable to companies better securing their networks and anti-virus vendors producing more advanced software. In addition, the firm said, losses were kept down because malware authors are focusing their attacks on specific organizations rather than broader online targets.
"The economic impact of malware is dropping – unless you are an organization or industry sector that is specifically being targeted," the firm said.
The figures took into account the cost of labor and tools required to respond to the attacks, employee productivity lost due to infected systems and revenue lost due to online services being slowed or inaccessible to clients and customers.
The study agreed with an industry-wide trend that attacks are more financially motivated than ever before.
The firm admitted, though, that its final tally might be misleading.
"As the nature of malware attacks changes to covert attacks for financial gain, organizations that are specifically targeted are becoming less willing to disclose such incidents," the firm said. "This may be leading to an under-reporting of the category "loss of business revenue."
The firm said that practice could lead to more cybercrime incidents.
"The key to minimizing new malware-related threats will likely depend on a change in corporate philosophy regarding the disclosure of information surrounding targeted attacks," the firm said. "Failure to involve law enforcement only encourages cybercriminals in their efforts and leaves them free to operate against other businesses."