Malware (malicious software), including spyware, was the type of computer security incident experienced by the highest proportion of each industry sector. This type of cyber threat is particularly common in the financial services industries. Another cyber threat mentioned frequently by respondents is called "phishing," which consists of online scams that often use unsolicited messages purporting to originate from legitimate organizations, particularly financial and insurance services, in order to deceive victims into revealing their financial and/or personal identity information (PII) for the purpose of committing other crimes (fraud identity theft, and the theft of sensitive information). A third cyber threat mentioned frequently by respondents was the theft or loss of proprietary or confidential information or hardware. A fourth cyber threat reported by a significant number of respondents was insider abuse of access to a business's computer network in order to conduct malicious activities. Countermeasures against these cyber threats are categorized as technical measures and awareness and education/training. Regarding technical measures, although no single technology can completely counter cyber security risks, a significant proportion of existing cyber security vulnerabilities can be minimized with good security practices. The Defense Signals Directorate (DSD) has recommended "patching" of the operating system, applications, and third party applications; minimizing administrative privileges; and using application "whitelisting" to help prevent unapproved applications from running. Ongoing education and training of employees about new cyber threats and how to counter them are also important. 3 tables and 26 references