There is of cause two different themes to hacking, distributing viruses and accessing private data. The former is pure vandalism, giving twisted pleasure but no gain to the offender. The latter is far more serious in the long term. There are two reasons to hack into private data, either to steal or to disrupt. In the current climate the fear of disruptive intervention by terrorists is a real threat, but theft has always been a human frailty and it will continue to be so.
I have no access to quantifiable figures to determine just how much theft takes place over the Internet. I suspect that there is quite a large body of evidence available in some sources, but there is a lot of secrecy surrounding it all. Financial institutions don't want any problems of security publically exposed. In fact the Internet is only one place where theft through IT systems takes place. There has always been illegal access to data from employees of companies, which in fact is a lot more difficult to police than external Internet access. There is a strong possibility that companies are spending money on Internet security and under appreciating the problems of intranet security.
Credit card related theft over the Internet gained the biggest exposure in the early days, but this was probably far lower than theft related to telephone or other uses of cards, it was just that the Internet had such a concentrated exposure. In any case some good came of this in that secure transaction services were quickly developed and implemented, so that today the Internet is just as secure as a telephone transaction, possibly more so.
Recently however I have for the first time been exposed to software theft and the frightening scale of it. In the past, and when we eventually return to centralised systems, it was and will be easier to monitor and check the validity of licences for the use of software. I am sure that there is a big business in pirating mainframe software for installation in countries where they have the skills to implement it, but no official monitoring. But it is the PC that causes the most obvious problems. PC software is licenced to users (not sold to them), generally on a one fee per user basis. This software can be installed on servers in a corporate environment, where it can easier be monitored. But there is a vast number of individual PCs in use, the software for which is installed directly to the integral hard disc. Typically today this is distributed on a CD ROM. These are supplied either in an "OEM" form for distribution with a PC, or they are available individually packaged as a "retail" version. Normally only the packaging (and price) varies, not the actual software. The same CD can be used to instal the software on multiple PCs, but that is theft, because the licence is for use per PC, not per CD! This I am afraid to say is a very common practice among friends and a not uncommon one in business. It is policed by organisations such as BSA, but there is a limit to what they can achieve outside large and medium sized organisations. There are telephone hotline services provided to encourage responsible people to report any misuse they may notice, but human nature limits the success of these services.
The worst example however that I have recently encountered is the mass production of counterfeit CDs. These look like the real Microsoft product, including the printed material such as jewel case inserts. They are good enough copies to fool anyone except an expert in CD manufacture. To produce CDs of this quality requires a professional mastering and stamping facility, an investment on $100,000 or more, which must be sited somewhere in the world as to be difficult to trace. It is organised crime. Remember that it is illegal to use illegal products, so users should be careful about sourcing software, and in particular be very suspicious of cut-price offerings!