The study found that the majority of businesses (80 percent) that used information technology reported experiencing no computer security incidents for the 12 months from July 1, 2006, through June 30, 2007. In addition, 12 percent of the overall sample experiences 1 to 5 computer security incidents, 1 percent experienced 6 to 10 incidents, and 1 percent experienced more than 10 incidents during the 12-month period. Data for this study were obtained from the Australian Business Assessment of Computer User Security (ABACUS) survey conducted by the Australian Institute of Criminology. The purpose of the survey was to identify the prevalence, nature, costs, and impact of computer security incidents on Australian businesses. Computer security incidents include viruses and other malicious codes, spyware, phishing, sabotage of networks or data, and denial of service attacks. The survey was sent to Australian businesses in 19 different industry sectors; 4,000 completed questionnaires were returned for a response rate of 29 percent. The study examined the effect of the following factors on businesses' likelihood of being victimized by a computer security incident: the industry sector; the size of the business, based on number of employees; the businesses' knowledge of information technology; the computer security tools used by the business; whether computer security was outsourced by the company; the businesses' computer security policies; and expenditures on computer security. Tables and references