Similar in many ways to a biological virus, a computer virus is a piece of software that is able to self replicate, spread from one computer to another via removable media or over a network, and are typically malicious. Viruses are usually designed to damage or extract data, and frequently the computer's performance will be adversely affected. A computer worm is also self replicating, but is typically able to spread itself across a network on its own without any user intervention. Different still is a Trojan horse which does not replicate itself, but hides itself in what appears to be a useful piece of software but is actually malicious and is attempting to steal data or otherwise harm the system. No matter the specific threat any of these can have a significant impact on an organization.

The impact of a computer virus can be very far reaching, depending how much damage it is able to do. Systems may simply perform slower, as a virus runs in the background, resulting in less productive workers or slower processes. Certain systems may have to be temporarily suspended, for example an employee clicks on a link in an e-mail and a virus starts spreading through a Microsoft Exchange server, sending e-mail to everyone at the corporation. In this case the entire e-mail server may have to be pulled off line making communication more difficult for employees and potentially effecting business. A survey by ICSA Labs in 2002 found that for companies with more than 500 computers, on average it took 23 person days to recover from a virus. The same survey found that around 86% of infections were spread via e-mail, the remainder were related to web browsing and downloads.

There are a few primary losses an organization may sustain. There is clearly a cost related to protection and removal of viruses. It is estimated that in 2003 alone approximately $55 Billion in damages were sustained to businesses by computer viruses. Specifc costs include the time and labor associated with analyzing system impact and repairing infected systems and the software and hardware tools that may need to be purchased in order to get the network back up and running. Loss of productivity will likely occur if a virus takes down the network and employees no longer have access to critical applications or data to perform their jobs. Data theft and loss is another concerns as many viruses steal or destroy data completely. Depending how long the virus has been in the system, it's possible it may have even infected data backups, causing even larger problems for the company in the future. All of these losses compound as revenue and general income may be lost during the network downtime, increasing total losses.

It is important for companies to take proper steps to protect themselves. Companies need to ensure antivirus software is installed on every computer, that the software is maintained and always up to date. Regular data backups are another critical step to limiting losses from a computer virus. Staggaring backups may reduce the risk of a virus infecting the data backup. Anti-spyware or malware software should also be used to reduce the risk of potentially malicious software infecting computers from simple web browsing. Most imporantly, companies need to educate their employees so the risks are understood and reduce the potential for someone to click on a link in an e-mail or visit a malicious web site.