Of the 4,000 Australian businesses that responded to the Australian Business Assessment of Computer User Security (ABACUS) survey (29-percent response rate), 14 percent of businesses with information technology experienced 1 or more computer security incidents during the 12-month period between July 1, 2006 and June 30, 2007. Twelve percent experienced 1 to 5 incidents; 1 percent had 6 to 10 incidents; and 1 percent experienced more than 10 incidents. The number of security incidents experienced was related to the size of the business, with large businesses reporting the most incidents. Businesses with a high annual turnover had a greater proportion of incidents compared with businesses having a low annual turnover of personnel. Across business sectors, the proportion of computer security incidents was similar. Regarding the nature of the computer security incidents experienced, the highest proportion involved a virus or other malicious code, with 64 percent of victimized businesses having this type of incident. Eleven percent of the businesses experienced one or more computer security incidents that originated from within the organization. Similar proportions of businesses in each type of sector experienced each type of security incident. The most common effect of computer security incidents was the corruption of hardware or software, with 40 percent of victimized businesses having this type of adverse effect. The most common response for dealing with the most significant computer security breach was to address it internally. Only 8 percent of the victimized businesses reported an incident to the police. Eighty-five percent of businesses that reported using information technology had one or more computer security tools, with the most common being antivirus software. 43 tables, 31 figures, 62 references, and appended description of the survey methodology