Business
A company, service or membership organization consisting of one or more establishments under common ownership or control. For this survey, major subsidiaries were treated as separate businesses.

CERT C.C.
An organization that works with the U.S. Computer Emergency Readiness Team (CERT) and the private sector. CERT C.C. studies computer and network security in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer information to help improve computer and network security.

Computer virus
A hidden fragment of computer code which propagates by inserting itself into or modifying other programs. Includes viruses, worms, and Trojan horses. Excludes spyware, adware, and other malware.

Denial of service
The disruption, degradation, or exhaustion of an Internet connection or e-mail service that results in an interruption of the normal flow of information. Denial of service is usually caused by ping attacks, port scanning probes, or excessive amounts of incoming data.

Electronic vandalism or sabotage
The deliberate or malicious damage, defacement, destruction or other alteration of electronic files, data, web pages, or programs.

Embezzlement
The unlawful misappropriation of money or other things of value, by the person to whom the property was entrusted (typically an employee), for his or her own purpose. Includes instances in which a computer was used to wrongfully transfer, counterfeit, forge or gain access to money, property, financial documents, insurance policies, deeds, use of rental cars, or various services by the person to whom they were entrusted.

Fraud
The intentional misrepresentation of information or identity to deceive others, the unlawful use of a credit or debit card or ATM, or the use of electronic means to transmit deceptive information, in order to obtain money or other things of value. Fraud may be committed by someone inside or outside the business. Includes instances in which a computer was used to defraud the business of money, property, financial documents, insurance policies, deeds, use of rental cars, or various services by forgery, misrepresented identity, credit card or wire fraud. Excludes incidents of embezzlement.

Information Sharing and Analysis Centers (ISACs)
Organizations that work with the U.S. Government, law enforcement agencies, technology providers, and security associations such as U.S. CERT. ISACs maintain secure databases, analytic tools and information gathering and distribution facilities designed to allow authorized individuals to submit reports about information security threats, vulnerabilities, incidents and solutions.

InfraGard
An information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector.

Other computer security incidents
Incidents that do not fit within the definitions of the specific types of cyber attacks and cyber theft. Encompasses spyware, adware, hacking, phishing, spoofing, pinging, port scanning, sniffing, and theft of other information, regardless of whether damage or losses were sustained as a result.

Subsidiary
A company in which another business has more than 50% ownership or the power to direct or cause the direction of management and policies.

Theft of intellectual property
The illegal obtaining of copyrighted or patented material, trade secrets, or trademarks (including designs, plans, blueprints, codes, computer programs, software, formulas, recipes, graphics) usually by electronic copying. Excludes theft of personal or financial data such as credit card or social security numbers, names and dates of birth, financial account information, or any other type of information.

Theft of personal or financial data
The illegal obtaining of information that potentially allows someone to use or create accounts under another name (individual, business, or some other entity). Personal information includes names, dates of birth, social security numbers, or other personal information. Financial information includes credit, debit, or ATM card account or PIN numbers. Excludes theft of intellectual property such as copyrights, patents, trade secrets, and trademarks. Excludes theft of any other type of information.

U.S. CERT
The United States Computer Emergency Readiness Team is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, U.S. CERT coordinates defense against and responses to cyber attacks across the nation.