Lack of information security gives rise to cyber crimes. Let us refer to the amended Indian Information Technology Act (ITA) 2000 in the context of cybercrime. From an Indian perspective, the new version of the Act (referred to as ITA 2008 ) provides a new focus on "Information Security in India." "Cyber security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access,use, disclosure, disruption, modification or destruction. The term incorporates both the physical security of devices as well as the information stored therein. It covers protection from unauthorized access, use, disclosure, disruption, modification and destruction.

Where financial losses to the organization due to insider crimes are concerned (e.g. leaking customer data), often some difficulty is faced in estimating the losses because the financial impacts may not be detected by the victimized organization and no direct costs may be associated with the data theft. The 2008 CSI Survey on computer crime and security supports this. Cyber crimes occupy an important space in information security domain because of their impact. For anyone trying to compile data on business impact of cybercrime, there are number of challenges. One of them comes from the fact that organizations do not explicitly incorporate rate the cost of the vast majority of computer security incidents into their accounting as opposed to, say accounting for the "shrinkage" of goods from retail stores.

The other challenge comes from the difficulty in attaching a quantifiable monetary value to the corporate data and yet corporate data get stolen/ lost. Because of these reasons reporting of financial losses often remains approximate. In an attempt to avoid negative publicity, most organizations abstain from revealing facts and figures about "security incidents" including cybercrime. In general, organizations perception about "insider attacks" seems to be different that made out by security solution vendor. However, this perception of an organization does not seem to be true as revealed by the 2008 CSI Survey. Awareness about "data privacy" too tends to be low in most organizations. When we speak of financial losses to the organization and significant insider crimes, such as leaking customer data, such "crimes" may not be detected by the victimized organization and no direct costs may be associated with the theft.

Figure 1 shows several categories of incidences - viruses, insider abuse, laptop theft and unauthorized access to systems.Typical network misuses are for Internet radio/streaming audio, streaming video, file sharing, instant messaging and online gaming (such as online poker, online casinos, online betting, etc.).Online gambling is illegal in some countries - for example, in India. However, India has yet to pass laws that specifically deal with the issue, leaving a sort of legal loophole in the meantime.