Cisco Blogs

2009 Cisco Annual Security Report

December 8, 2009 - 1 Comment

Today we are releasing the 2009 Cisco Annual Security Report, which pulls together a full year’s worth of cyber security-focused collaboration from across the entire Cisco Security Intelligence Operations team. The 2009 Cisco Annual Security Report is a comprehensive look back at the year’s highlights with an eye towards what we can expect to see going forward.

Throughout 2009 we saw a host of new threat developments, gripping front line skirmishes, inspirational cases of the White Hats locking arms to combat evil, and alarming new levels of cybercrime audacity and sophistication.

With this report the Cisco Security team is introducing new tools to help customers better assess the evolving threat landscape. To address IT security professionals’ demands for better insights on the threat pipeline, we are introducing The Cisco Cybercrime Return on Investment Matrix (CROI), which is a framework for quickly assessing techniques and business models criminals will be investing and divesting from. Uniquely, the CROI Matrix is built from the perspective of the cybercriminal and how they rate their portfolio of scams and techniques from an investment perspective. We believe this approach is fundamental to understanding how the threat landscape will look in the coming year.


Another new tool introduced in this Annual Security Report is the Cisco Global Adversary Resource Market Share (ARMS) Race Index. The goal is to address an industry void in reporting the extent to which our global computing resources are under hostile control (via Trojans, bots and other such malicious software). Over time, we will use the Index to track how the tide is shifting for or against us, just like we might track other key statistics such as the Dow Industrial Average or global carbon emissions.

This report also includes our First Annual Cybercrime Showcase Awards…check it out and see if you agree with the results. I know some of the candidates I voted for won, but others were snubbed by the Academy this year. 🙂

To see the report in its entirety, please visit

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. I wonder how the world will look like in 2-3 years (2012...) when the the ARMS race gauge will be RED (8-9)? No Online Banking and No Public Cloud Data Storage ?