Approaches to Cyber Intrusion Response: A 'Legal Foundations' Study: Report 12 of 12: Report to the President's Commission on Critical Infrastructure Protection [open pdf - 108KB]
"Although figures vary, only a small percentage of successful computer intrusions are detected. Only a small percentage of those detected are reported to law enforcement. According to the 1997 Computer Crime and Security Study (CSI Spring 1997), only 17.87 percent of surveyed companies that experienced computer intrusions over the last 12 months reported those incidents to law enforcement. This figure is essentially unchanged from 1996 (16 percent). Among the reasons cited for not reporting intrusions to law enforcement are a fear of negative publicity, restoring advantage to competitors, or preference for a civil remedy. Whether in the interest of maintaining the confidence of their customer base or retaining control of their systems, personnel and resources, the private sector has, by and large, opted to incur the costs of intrusion incidents rather than respond through currently available law enforcement avenues."
Government Printing Office: http://www.gpoaccess.gov/