A British financial services firm discovered that a fake Web site bearing its name had been set up, presumably to "phish" for customer passwords and account information. Unfortunately, it took ten days before the firm could find out a way to have the site taken down. (They ultimately went to the U.S. Secret Service for help in getting the American Internet service provider to take down the site.) This anecdote is just one of many from a report released by the U.K.-based Financial Services Authority, a government body described as having "a statutory objective to reduce financial crime." Researchers questioned IT professionals from 18 financial services organizations, as well as representatives from other financial services associations and high-tech crime groups. The report discovered that more than three-quarters of responding firms had experienced virus outbreaks, and 20 percent were targeted in denial-of-service attacks. System downtime was the biggest contributor to costs per incident, which ranged from £10,000 (nearly $19,000) at small companies to £120,000 (about $229,000) for bigger firms. Findings were supplied for nine areas, from phishing and identity theft to outsourcing. Anecdotes are peppered throughout the 40-page report, illustrating in simple terms the dangers of being victimized or of merely being unprepared. For example, the report notes that one company downloaded a patch but did not test it before deploying it. Once deployed, "the application failed, resulting in business downtime with no customer service possible until the patch could be removed." The report provides information on protective measures as well, and it explains the roles of various industry and law enforcement agencies. A final section provides references and useful links to a variety of IT security organizations, government agencies, and law enforcement groups. @ Countering Financial Crime Risks in Information Security: Financial Crime Sector Report is available through www.securitymanagement.com.