This is the first report to provide data on monetary loss and system downtime resulting from cyber incidents. It examines details on types of offenders, reporting of incidents to law enforcement, reasons for not reporting incidents, types of systems affected, and the most common security vulnerabilities. The report also compares in-house security to outsourced security in terms of prevalence of cyber attacks. Appendix tables include industry-level findings. Highlights include the following: computer virus infections were the most prevalent cybercrime among businesses in 2005; the 3,247 businesses that incurred monetary loss from cyber crime lost a total of $867 million; and most businesses did not report cyber attacks to law enforcement authorities.