The latest AusCERT computer crime and security survey says "Only 35% of respondent organisations experienced electronic attacks that harmed the confidentiality, integrity or availability of network data or systems (compared to 49% in 2004 and 42% in 2003)." ONLY 35%! Am I the only person who finds it perverse to regard a situation in which MORE THAN A THIRD of those surveyed suffered business impacts as a success? 3.5% maybe but not 35. This is an outrageous indictment of the state of information security.