Fraud, Cybercrime Up in 2011 Global Economic Crime Survey

Forty five percent of U.S. respondents reported that their organization had suffered fraud in the previous 12 months, compared to 35 percent in 2009, says the 2011 Global Economic Crime Survey.

The cost of frauds over $100,000 has increased substantially, from 44 percent to 54 percent over the two year period, with 10 percent reporting that fraud had cost their organization more than $5 million, the survey says. Cybercrime has increased considerably in recent years - 40 percent of respondents have been affected by it, making it the second most common fraud reported after asset misappropriation.

The report, by PwC, notes that certain emerging markets surprisingly reported low levels of fraud (below 25 percent) - namely Indonesia, India, Romania and Greece. This might be because their fraud detection methods are ineffective and/or their respondents are reluctant to report fraud. Territories that reported high levels of fraud (40 percent or more) include Kenya, South Africa and the UK. Survey findings show that no industry sector is immune to economic crime, but the communication and insurance sectors top the table of reported frauds (both at 48 percent), and fraud in the government sector has increased by 9 percent, now making it one of the top five targets for economic crime.

"The costs associated with economic crime pose a serious threat to an organization's bottom line," said Chris Barbee, leader of PwC's global forensic services practice. "Companies must consider the potential damage to reputation and brand, along with the very real possibility that corrupt activity perpetrated by their employees or by affiliates, third parties, intermediaries, and joint venture partners could trigger stiff penalties. Not surprisingly, this topic is getting significant airtime in corporate boardrooms around the globe."

Accounting fraud, at 16 percent, is down from 24 percent in 2009 according to the survey, possibly due to tighter controls, more regulation, and stricter enforcement in the wake of the financial crisis. Asset misappropriation remains the most common fraud globally and in the U.S., with 93 percent of respondents citing it as one of the crimes experienced.

"Asset misappropriation is largely a crime of opportunity and one of the hardest frauds to prevent - it can be compared to a leaky faucet: what seems like a trickle of water amounts to gallons over time," said Didier Lavion, principal in PwC's forensic services practice. "Consider that every dollar lost in fraud is a dollar in profit that requires multiples in revenue to recoup: a 5 million dollar fraud may require 25 million dollars of replacement revenue if one assumes a 20 percent profit margin."

According to PwC, the number of Foreign Corrupt Practices Act (FCPA) enforcement actions has been rising steadily in recent years, and increased dramatically in 2010 - by approximately 85 percent. Global respondents were three times more likely than U.S. respondents to experience bribery and corruption in 2011, with 24 percent of global respondents reporting incidents of bribery and corruption.

Economic pressures, incentives, and opportunities are a significant motivator for economic crime. PwC found that the typical fraudster is between 31 and 40 years old, has been employed between three and five years and has a college degree. The survey found that in the U.S, forty percent of internal perpetrators are women, as compared to only 19 percent around the world.

Sixty-one percent of respondents based in the U.S. indicated that their perceived risk of cybercrime increased over the last 12 months. PwC notes that nation states with deep pockets, sophisticated training, and cutting edge technological capabilities are targeting corporations through a practice known as advanced persistent threats. Highly talented hacktivists are trying to crack organizational defenses and release sensitive data. Cybercrime groups with refined techniques are seeking economic gain, and have developed to the level that they can often hide evidence of attacks, going undetected for months or even years.

However, 15 percent of respondents said the C-suite/senior executives reviewed cybercrime risks only once a year and 33 percent said the C-suite/senior executives never reviewed the risks or reviewed them only on an ad-hoc basis, suggesting that the risks are reviewed only after an event has already occurred.

"Clearly, many executives have yet to seize upon the serious nature of the cybercrime threat," added Mr. Lavion. "Cybercrime has emerged as a formidable threat, thanks to deeply determined, highly skilled, and well-organized cybercriminals, from nation states to hacktivists, from criminal gangs to lone-wolf perpetrators. Organizations need to be aware and adjust to this changing landscape."

Other findings include a corruption gap between the U.S. and the rest of the world. For U.S. respondents, incidents of bribery and corruption reported within the U.S. marketplace dropped by more than half, from 16 percent in 2009 to 7 percent in 2011, perhaps pointing to a vigilance in the U.S. that is likely due to the continued and growing focus on bribery by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC), making the U.S. one of the leaders in anti-bribery enforcement.

PwC also found there is still a distinctive gap in respondents that either do not perform fraud risk assessments or are not aware of whether they are performed. Of the 70 percent of U.S. organizations that perform fraud risk assessments, almost two thirds do so only once a year. Global respondents are even less likely to perform fraud risk assessments; 41 percent of respondents did not perform one, or do not know if they performed one, in the past year.

"Fraud remains an often unmeasured and unseen siphon on organizational resources," said Erik Skramstad, PwC's U.S. forensic services practice leader. "Without the proper controls to prevent, detect, and investigate it, fraud - and the losses it incurs - will persist."

For more information visit www.pwc.com/crimesurvey or http://usfraudforum.pwc.com.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.