PwC’s latest global economic crime survey states that cybercrime accounted for 38% of all economic crime incidents across the last 12 months compared to 16% for other industries.
In total, the survey* analysed 3,877 responses spanning 78 countries, with 23% of those (878 respondents) coming from the financial services sector.
While organisations in that space have historically taken significant steps to control and safeguard their customers’ data, the PwC survey shows they are nevertheless concerned about the growing threat. Half of all financial services sector respondents perceive the risk of cybercrime to have increased in the last 12 months compared with 36% for other industries.
Some of the developing technologies – such as using apps to access banking services and mobile phones to make payments – are likely to increase rather than decrease these risks.
45% of financial services sector respondents suffered frauds in the last 12 months, a much higher figure than the 30% reported by other industries. This is an indicator that the sector remains very attractive to criminals due to the significant amount of cash, assets and sensitive client data available to them as well as the nature of the industry.
Results are not surprising
Commenting on the new report, Andrew Clark – forensic services partner with PwC – said: “The rise in cybercrime is not so surprising given the fact that the sector holds large volumes of the type of data cybercriminals are interested in. There’s also an established underground economy servicing the needs of the market for stolen and compromised data.”
With the survey showing that cybercrime accounts for a much greater proportion of economic crime in the financial services world than in other verticals, Clark added: “Cybercrime puts the financial services sector’s customers, brand and reputation at significant risk. Regulators are increasingly viewing cybercrime as a key area of focus and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat.”
Asked what aspects of cybercrime they were most concerned about, financial services respondents hold greater concern around all of the categories of collateral damage listed when compared to other industries. More than half said their greatest concern was around reputational damage.
When a cybercrime incident occurs it’s fair to say that the first few hours are crucial. It’s particularly important to react quickly and decisively as the consequences of not doing so may well be severe in terms of both financial and non-financial damage.
Lack of incident response mechanisms
“We expected most organisations to have cybercrime incident response mechanisms in place,” stated Clark. “To our surprise, only 18% of financial services sector respondents said they had in place all five measures specified in our survey. It appears that some financial organisations are complacent about the risks that cybercrime poses in spite of serious concerns about potential damage arising from cyber threats.”
As far as Clark’s concerned, overall responsibility for managing cybercrime risks rests with senior management. It’s therefore essential that senior management understands the potential risks and opportunities the cyber world can present and ensures that there is clear accountability and responsibility within the organisation for dealing with these risks and opportunities.
In addition to the growth in cybercrime, asset misappropriation and accounting fraud were the other two types of economic crime that increased over the last year. The rise in accounting fraud from 19% in 2009 to 26% in 2011 differs from other industries where it fell significantly from 38% in 2009 to 22% last year.
“The financial services sector’s increase in accounting fraud may be partly due to greater incentives for staff to hit targets,” suggested Clark, “together with other factors such as personal pride in being seen as a success and meeting a myriad of stakeholders’ expectations.”
The survey also showed there has been a 50% increase in senior management fraud in financial services organisations in the last two years. Clark commented: “This suggests that the ‘tone at the top’ and the overall senior management attitude towards fighting fraud is worsening. It also presents an increasing challenge for non-executive Board members.”
Core questions on economic crime
*For the purposes of the PwC survey, respondents were asked a number of ‘core’ questions on economic crime in general, as well as questions specifically relating to cybercrime.
The following definition of cybercrime was used:”An economic crime committed using computers and the Internet. It includes distributing viruses, illegally downloading files, phishing and pharming as well as stealing personal information such as bank details. It’s only a cybercrime if a computer, or computers, and the Internet play a central role in the crime and not an incidental one.”
Copies of ‘Fighting Economic Crime in the Financial Services Sector’ can be downloaded here
Key statistics to note
