This paper presents the main results of a survey held by de Vrije Univ
ersiteit and KPMG EDP Auditors, concerning Internet-related security i
ncidents. The survey was held within Dutch organizations that are curr
ently using the Internet. The first aim of the project was to determin
e the actual security risks of using the Internet. This requires insig
ht in the percentage of companies experiencing Internet-related securi
ty incidents, the damage caused by the incidents, the way the affected
companies deal with the incidents and a profile of the perpetrators.
The second aim of the project was to determine the effectiveness of se
curity measures. This was done by (1) analyzing the security incidents
to find out in which way they could have been prevented and (2) deter
mining possible correlations between security measures and (the absenc
e of) security incidents.