Cybercrime is fastest growing economic crime according to a PwC report. More than half of UK organizations say they expect to be the victim of Cybercrime in the next two years. It will become the UK’s largest economic crime. UK businesses are battling a huge rise in cybercrime capable of bringing down entire companies, according to analysis by accountancy company PwC. In a report that singled out the UK as a hotbed of economic crime, PwC said the threat of cyber offences was now a “board-level issue”, but warned that not enough companies were taking it seriously enough.
PwC also warned of a surge in the number of “silver fraudsters” – older staff who turn against their employer. Approximately 55% of UK firms have fallen victim to economic crime in the past two years, according to the PwC global economic crime survey, compared with a global rate of 36%.
Cybercrime is up 20 percent since 2014 and is the fastest growing economic crime. Catastrophe patterns over the past decade have changed dramatically. 10 years ago elements such as civil war and oil prices were the top global risks to take into account. At present we see water crisis and extreme weather events taking control of keeping us up at night.
The economic crime rate has remained largely static at 36 percent, according to the survey of more than 6,000 respondents in 115 countries. The survey found that 60 percent of economic crime in the UK was committed by external perpetrators, up from 56 percent in 2014. There was a decline in economic crime perpetrated by employees (31 percent); there was an 11 percent increase in fraud committed by senior management to 18 percent.
The prevalence of traditional fraud such as asset misappropriation has fallen since 2014. There has been a huge rise in organizations reporting Cybercrime, with technology driving almost every other area of economic crime.
Companies need to minimize the opportunities for economic crime through rigorous fraud risk assessment, supported by a culture based on shared corporate values, robust policies and compliance programs.
Some 44 percent of UK organizations that experienced economic crime in the past two years were affected by cyber incidents.
There was a jump of 20 percent from 2014 and 12 percent greater than the global response of 32 percent.
The rise of Cybercrime, the report said, is in stark contrast with some of the traditional forms of economic crime, including asset misappropriation and procurement fraud, which have declined.
Over half of UK organizations say they expect to be the victim of Cybercrime in the next two years, suggesting it will become the UK’s largest economic crime.
Only 12 percent of UK respondents believe that law enforcement authorities have the necessary skills and resources to investigate it, compared with 23 percent globally. Almost a third of UK organizations say they have no cyber incident response plan.
The deputy head of the Metropolitan Police’s Fraud And Linked Crime Online (Falcon) unit Andrew Gould told the European Information Security Summit 2016 in London that police Cybercrime fighting capability struggled to keep pace with the rate traditional crime, such as fraud, is moving online.
Gould admitted there is still much to be done to improve police capabilities to deal with Cybercrime, but described the operation as “a good first effort”.
Since it was established in August 2014, Gould said Falcon has recorded more than 1,000 arrests with a 25 percent charge and conviction rate, which he said is a “positive outcome”.
On a national basis, rapidly ramping up law enforcement engagement with business on Cybercrime is a top priority for the National Crime Agency’s (NCU) Cybercrime unit.
The NCA’s National Cybercrime Unit (NCCU) is allocating more resources. This means training more people to engage with businesses to share information, best practice and expertise in combating Cybercrime, the NCCU’s deputy director Sarah Goodall told Computer Weekly.
The growing prevalence of the internet of things (IoT) are some of the reasons for the year’s steep increases in cybercrime in the UK, the report said, leaving anything connected to the office network vulnerable to hackers.
Global corporate intelligence leader at PwC Mark Anderson said cyber attackers are now more ambitions than ever. “Their aim goes beyond targeting financial information to include a company’s ‘crown jewels’ – customer data and intellectual property information, the loss of which can bring down an entire business,” he said. “The threat of cybercrime is now a board-level risk issue, but not enough UK companies treat it that way.”
UK respondents say the greatest concern about a cyber attack is the potential disruption to services, with 31 percent saying it would have a medium to high impact.
Almost half say that Cybercrime would have no effect on their reputation, and almost 60 percent are not concerned about the potential for theft of intellectual property.
The strong shift towards more senior and experienced employees carrying out corporate fraud in the UK should be of particular concern, the report said.
The senior management fraud is often more difficult to detect and prevent, and usually has a much greater effect on an organization.
Those in middle management remained the most responsible for economic crime (36 percent).
Half the instances committed by staff in the UK involved employees over the age of 40, and the number carried out by staff over the age of 50 tripled.
The survey found that 45 percent of internal fraudsters had worked for more than five years in the organization they defrauded and 21 percent had more than a decade of service.
In contrast, the number of junior staff carrying out economic crime has fallen since 2014 from 45 percent to 28 percent.
The majority (86 percent) of UK organizations has formal business ethics and compliance programs in place. Far fewer (63 percent) back up these rules with regular training and communication.
Financial services companies are set to be the biggest spenders on compliance in the UK in the next two years, while compliance budgets for other industries are under pressure as they face demands to do more with less, according to the survey.
Tracey Groves, the head of ethics and compliance in PwC’s UK forensics practice said economic crime is a question of culture, not just compliance. “Even the best compliance programmes will fail if a company’s culture accepts wrong-doing as a norm.”
It is encouraging that so many UK organizations understand the value of having a code of conduct, it’s crucial to back it up through regular training and engagement with employees. Unfortunately, the survey shows this just isn’t happening enough.
The survey also found that 20 percent of UK organizations say they have never performed a fraud risk assessment, while 44 percent do so annually.
Some 5 percent of respondents say they have been asked to pay a bribe in the past 24 months, while 7 percent feel they lost a business opportunity to a competitor who was willing to pay it.
More than a fifth of frauds were detected through suspicious transaction monitoring, 14 percent through fraud risk management, 8 percent through data analytics, 8 percent through internal audit and 8 percent through accidental discovery.