Law enforcement, security experts, and industry executives agree that large organizations must be prepared for increasingly clever and targeted attacks against their security infrastructure in 2006. These same officials appear to disagree on other matters concerning hacker attacks, however, from the best way to assess damages to whether security breaches should be reported to the federal government. Many attacks are coming from Eastern Europe and are difficult to detect, according to Bruce Helman of the Federal Bureau of Investigation's Counterintelligence Division. More and more often, these attacks are done for money. Hackers have become increasingly savvy in regard to finances, becoming experts at blackmail and negotiating with companies to extort cash. In the past, such groups would ask for relatively small amounts of money to return stolen data or to stop automated attacks. Now these hackers commonly ask for between $10,000 to $50,000, and many companies are happy to pay them in order to keep the security breach quiet. While companies have good reasons for wanting to keep news of security breach from becoming public, this approach may soon become impossible because organizations, particularly those in the health care and financial sectors must operate under strict regulations that require the reporting of such attacks as soon as possible. Most companies do not really have a good way to assess damages from a hacker attack, but those that have made an effort reported losses that average about $203,606 in 2005.