“What has gotten much worse?” First of all, the presenters were the ones who couched their proposals in an alarmist story about how things have gotten much worse. I’m a bit more skeptical, but there are indeed signs that we need to take seriously. First of all, in a technical sense, the number and sophistication of attacks has increased. That doesn’t tell you much about impacts, but it still is an indicator. See for example the Symantec Internet Threat Report vol. XIII One of the key threats is the rise of botnets over the last few years. While attackers have seemingly moved away from huge botnets to smaller and smarter ones, probably to attract less attention and to make it harder to fight them, this does not mean that the threat has subsided. It is unclear as to how many infected machines there currently are connected to the Internet, but the numbers are significant. Some estimates that I have encountered range from 5-20% of all connected machines. The reliability of these figures is unclear, however. Different statistics come from the Microsoft Security Intelligence Report, which reports on the number of infections encountered by their Malicious Software Removal Tool: http://www.microsoft.com/security/portal/sir.aspx Some more information on botnets here: http://www.secureworks.com/research/threats/topbotnets/?threat=topbotnets http://voices.washingtonpost.com/securityfix/2008/09/number_of_bot-infected_pcs_sky.html Then there are indicators that the amount of online fraud is going up. http://voices.washingtonpost.com/securityfix/2008/02/banks_losses_from_computer_int.html There is more, but this gives you an idea. That said, none of this is straightforward. The yearly CSI survey, one of the best available surveys, though still suffering from major shortcomings, has reported that the damage to companies and other organizations has fallen since 2001, with only a modest upswing last year. http://www.gocsi.com/forms/csi_survey.jhtml The BERR survey also found decreasing losses: http://www.pwc.co.uk/pdf/BERR_ISBS_2008(sml).pdf Another example: phishing. APACS, the UK payments associations, publishes numbers based on actual banking data, not estimates based on samples and extrapolation. Over the past years the number of phishing attacks has increased significantly: from 2 369 attacks in 2006 Q1 to 10 235 in 2008 Q1. As one would expect, direct losses from phishing fraud in the United Kingdom have risen, though with a recent fall: from GBP 12.2 million in 2004 to GBP 33.5 million in 2006 to GBP 22.6 million in 2007 (APACS 2008). The broader fraud category of card-not-present-fraud – which includes phone, Internet and mail order fraud – has risen from GBP 150.8 million in 2004 to GBP 290.5 million in 2007. Obviously there is a lot more where this came from, but I hope you found this information useful.