Report Says One Third of Global Firms Now Hit by Cybercrime
Economic crime is on the rise, with cybercrime affecting almost a third of global businesses, according to a survey by PwC.
The PwC Global Economic Crime Survey 2016 said that while the marginal decline in economic crime reported overall, the financial cost of each fraud is on the rise. 1It reported that 4% of respondents experienced losses of more than $1 million in the last two years.
•Overall rates: The overall rate of economic crime reported has fallen for the first year since the financial crisis, but only marginally – to 36% from 37% in 2014. Regionally, lower levels of economic crime are reported in North America (37% vs 41%), Eastern Europe (33% vs 39%), Asia Pacific (30% vs 32%) and Latin America (28% vs 35%). It rose in Africa (57% vs 50%), Western Europe (40% vs 35%) and the Middle East (25% vs 21%).
•Most common economic crimes: Asset misappropriation (64%), cybercrime (32%), and bribery and corruption (24%).
•Highest increases: 68% of French and 55% of UK respondents reported economic crimes in the past 24 months, up 25% when compared to 2014. 61% of Zambian respondents reported economic crime, up 31% over 2014.
•Industry sector impacts: Financial Services reported the most economic crimes over the two year period, followed by government and state owned enterprises, and retail and consumer industries. Aerospace & Defense was the biggest riser in the period at 9%. Specific crimes are affecting different industries, with Transportation & Logistics experiencing a 16% increase in Bribery & Corruption.
•Cybercrime: Incidents reported were up 8% to 32% and over half (53%) of respondents perceived an increased risk of cyber threats over the last 24 months. 34% believe it is likely that their organizations will experience cybercrime in the next 24 months. Despite big financial losses reported linked to cybercrime, respondents reported the greatest impact to their organizations coming from damage to their reputation and legal, investment and enforcement costs.
•Response to cybercrime: Only 37% of respondents reported having a fully operational incident response plan in place. Almost a third have no plan at all, with 14% of respondents not even intending to implement one. 45% of respondents do not believe that their local law enforcement agencies have the required skills and resources to combat cybercrime.
•Risk & finance: More than a quarter of financial services firms have not conducted risk assessments for anti-money laundering or the combatting of the financing of terrorism (AML/CFT). A third of respondents cited data quality in relation to client information as being a significant challenge in relation to their AML/CFT systems. One in five financial services organisations have experienced enforcement actions by a regulator.
•Bribery: Over half (54%) of respondents say that top management would rather allow a business transaction to fail than have to use bribery. 13% had been asked to pay a bribe in the last two years and another 15% believe they lost an opportunity to a competitor that may have paid a bribe.
•The fraudster profile: Nearly half the serious incidents of economic crimes were carried out by perpetrators employed by the affected organization. Internal fraudsters are most likely to be male graduates, with three-five years of service, aged between 31 and40 years old, and serving a middle/senior management function.
•Drivers of crime: Seven out of ten organizations believe that opportunity is the main driver of economic crime committed by internal parties.
•What’s next? 20% of respondents believe their organizations are likely to experience the leading economic crimes - asset misappropriation, cybercrime or bribery and corruption in within 24 months. Within two years, six of the G20 (UK, USA, Italy, France, Canada and Australia) expect cybercrime to be the largest economic crime threat to their organization.
Overall, the report finds that business detection and response plans are not keeping pace with the level and range of threats now facing organizations, with a potential trend in fraud detection of too much being left to chance. It warns that a "passive approach to detecting and preventing economic crime is a recipe for disaster."
Data quality, skills, resources, and board level engagement, were among the recurring issues respondents cited, which combined, are leaving many organization’s detection and control programs unable to adequately protect an organization.
The report also highlights significant gaps between organizations with a code of conduct in place (86%) and those with regular training or advice in place (64%). It warns that such perception gaps can create potential vacuums “within which unethical activities can spring.”