Cybercrime has risen up the ranks over the last year to become the second most commonly reported economic crime affecting companies in the financial services (FS) sector after asset misappropriation (which remains the traditional and most popular way of defrauding an organisation), according to the latest findings from PwC’s global economic crime survey. Fighting Economic Crime in the Financial Services Sector can be downloaded from www.pwc.com/crimesurvey/fs.
Cybercrime accounted for 38 per cent of economic crime incidents compared to 16pc for other industries in the survey which in total analysed 3,877 responses spanning 78 countries, with 23pc of those ( 878 respondents) coming from the FS sector.
While FS organisations have historically taken significant steps to control and safeguard their customers’ data, the survey shows they are nevertheless concerned about the growing threat. Half of FS respondents perceive the risk of cyber-crime to have increased in the last 12 months, compared with 36pc for other industries. Some of the developing technologies such as using ‘apps’ to access banking services and mobile phones to make payments are likely to increase, rather than decrease these risks.
Some 45pc of FS respondents suffered frauds in the last 12 months, a much higher figure than the 30pc reported by other industries. This is an indicator that the sector remains very attractive to criminals due to the significant amount of cash, assets and sensitive client data that is available to them as well as the nature of the industry.
Andrew Clark, forensic services partner, PwC, said: “The rise in cybercrime is not so surprising given the sector holds large volumes of the type of data cybercriminals are interested in and there is an established underground economy servicing the needs of the market for stolen and compromised data. However, our survey shows cybercrime accounts for a much greater proportion of economic crime in the FS sector than in other industries.
“Cybercrime puts the FS sector’s customers, brand and reputation at significant risk. Regulators are increasingly viewing cybercrime as a key area of focus and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat. ”
Asked what aspects of cyber-crime they were most concerned about, FS respondents had greater concern around all of the categories of collateral damage listed when compared to other industries. More than half said their greatest concern was around reputational damage.
When a cybercrime incident occurs, the first few hours are crucial. It is particularly important to react quickly and decisively, as the consequences of not doing so can be severe in terms of both financial and non-financial damage.
Andrew Clark, forensic services partner, PwC said: “We expected most organisations to have cybercrime incident response mechanisms in place. To our surprise, only 18pc of FS respondents said they had in place all five measures specified in our survey. It appears that some FS organisations are complacent about the risks that cyber-crime poses, in spite of serious concerns about potential damage arising from cyber threats.
“Overall responsibility for managing cyber-crime risks rests with senior management. It is therefore essential that senior management understand the potential risks and opportunities the cyber world can present and ensure that there is clear accountability and responsibility within the organisation for dealing with these risks and opportunities.”
In addition to the growth in cyber-crime, asset misappropriation and accounting fraud were the other two types of economic crime that increased over the last year, according to survey respondents. The rise in accounting fraud from 19pc in 2009 to 26pc in 2011 differs from other industries where it fell significantly from 38pc in 2009 to 22pc in 2011.
Andrew Clark, forensic services partner, PwC, said: “The FS sector’s increase in accounting fraud may be partly due to greater incentives for staff to hit targets, together with other factors such as personal pride in being seen as a success and meeting a myriad of stakeholders’ expectations.”
The survey also showed there has been a 50pc increase in senior management fraud in FS organisations in the last two years. And Andrew Clark, forensic services partner, PwC, said: “This suggests that the ’tone at the top’ and overall senior management attitude to fighting fraud is worsening, and presents an increasing challenge for non-executive board members.”
Methodology
The Global Economic Crime Survey received 3,877 responses from 78 countries. The FS sector represented 23% of the overall survey population with 878 respondents from 56 countries. Respondents were asked a number of ‘core’ questions on economic crime in general, as well as questions specifically relating to cyber-crime.
For the purposes of the survey, the following definition of cybercrime was used:
“An economic crime committed using computers and the internet. It includes distributing viruses, illegally downloading files, phishing and pharming, and stealing personal information like bank details. It’s only a cybercrime if a computer, or computers, and the internet play a central role in the crime, and not an incidental one.”
