PwC: Losses rise as Cybercrime exposes organisations’ ‘passive approach’ to economic crime
March 2016 by PwC
The PwC Global Economic Crime Survey 2016 interviewed over 6000 participants in 115 countries. Despite the marginal decline in economic crime reported overall, the financial cost of each fraud is on the rise. 14% of respondents experienced losses of more than $1m in the last two years.
• Overall rates: The overall rate of economic crime reported has fallen for the first year since the financial crisis, but only marginally – to 36% from 37% in 2014. Regionally, lower levels of economic crime are reported in North America (37% vs 41%), Eastern Europe (33% vs 39%), Asia Pacific (30% vs 32%) and Latin America (28% vs 35%). It rose in Africa (57% vs 50%), Western Europe (40% vs 35%) and the Middle East (25% vs 21%).
• Most common economic crimes: Asset misappropriation (64%), cybercrime (32%), and bribery and corruption (24%).
• Highest increases: 68% of French and 55% of UK respondents reported economic crimes in the past 24 months, up 25% when compared to 2014. 61% of Zambian respondents reported economic crime, up 31% over 2014.
• Industry sector impacts: Financial Services reported the most economic crimes over the two year period, followed by government and state owned enterprises, and retail and consumer industries. Aerospace & Defence was the biggest riser in the period at 9%. Specific crimes are affecting different industries, with Transportation & Logistics for example experiencing a 16% increase in Bribery & Corruption.
• Cybercrime: Incidents reported were up 8% to 32% and over half (53%) of respondents perceived an increased risk of cyber threats over the last 24 months. 34% believe it is likely that their organisations will experience cybercrime in the next 24 months. Despite big financial losses reported linked to cybercrime, respondents reported the greatest impact to their organisations coming from damage to their reputation and legal, investment and enforcement costs.
• Response to cybercrime: Only 37% of respondents reported having a fully operational incident response plan in place. Almost a third have no plan at all, with 14% of respondents not even intending to implement one. 45% of respondents do not believe that their local law enforcement agencies have the required skills and resources to combat cybercrime.
• Risk & finance: More than a quarter of financial services firms have not conducted risk assessments for anti-money laundering or the combatting of the financing of terrorism (AML/CFT). A third of respondents cited data quality in relation to client information as being a significant challenge in relation to their AML/CFT systems. One in five financial services organisations have experienced enforcement actions by a regulator.
• Bribery: Over half (54%) of respondents say that top management would rather allow a business transaction to fail than have to use bribery. 13% had been asked to pay a bribe in the last two years and another 15% believe they lost an opportunity to a competitor that may have paid a bribe.
• The fraudster profile: Nearly half the serious incidents of economic crimes were carried out by perpetrators employed by the affected organisation. Internal fraudsters are most likely to be male graduates, with three-five years of service, aged between 31 and40 years old, and serving a middle/senior management function.
• Drivers of crime: Seven out of ten organisations believe that opportunity is the main driver of economic crime committed by internal parties.
• What’s next? 20% of respondents believe their organisations are likely to experience the leading economic crimes - asset misappropriation, cybercrime or bribery and corruption in within 24 months. Within two years, six of the G20 (UK, USA, Italy, France, Canada and Australia) expect cybercrime to be the largest economic crime threat to their organisation.
Andrew Gordon, global leader, Forensic Services, PwC, comments:
“Don’t be fooled by a modest drop in some of our crime metrics. These mask an increasingly complex economic crime environment driven by cyber threats and regulatory pressure, while the cost of the crimes are rising. Too few companies are adapting their risk assessments and control frameworks fast enough. Action on economic crime is not the responsibility of one person or team, it must be embedded within an organisations’ culture.”
Overall, the report finds that business detection and response plans are not keeping pace with the level and range of threats now facing organisations, with a potential trend in fraud detection of too much being left to chance. It warns that a ‘passive approach to detecting and preventing economic crime is a recipe for disaster’.
Data quality, skills, resources, and board level engagement, were amongst the recurring issues respondents cited, which combined, are leaving many organisation’s detection and control programmes unable to adequately protect an organisation.
The report also highlights significant gaps between organisations with a code of conduct in place (86%) and those with regular training or advice in place (64%). It warns that such perception gaps can create potential vacuums “within which unethical activities can spring.”
Trevor White, partner, Forensic Services and Survey Leader, PwC comments:
“Often the response to a threat is taking more control. But our report shows that corporate control environments are 7% less effective in detecting and preventing economic crime than they were two years ago. Tackling economic crime means a strong culture and ethics focus as well as effective monitoring and compliance programs. The difference between 90% of CEOs saying their organisations values are clear and understood and only 84% of managers thinking the same shows how gaps can open up between what leaders think and their organisations perceive day to day.”
Notes
1. About the survey. PwC’s Global Economic Crime Survey was conducted through an online survey of 6337 respondents in 115 countries. 45% of the respondents are board level, 30% are heads of department/business units. 59% of all respondents were from multinational organisations, 37% from publically listed companies. Respondents came from all sectors – including financial services (24%), consumer (14%), technology (7%), industrial (35%) and professional services (6%). The survey was conducted between July 2015 and February 2016.
2. Largest sector rises: Aerospace and defence (+9%), Transport and logistics (+8%), and energy, utilities and mining (+6%) experienced the largest individual sector rises in economic crime in the last two years.
3. Cybercrime: Financial Services reported the highest level of cybercrime (52%, up 7% on 2014). The sectors most effected were Communications (44%; up 14% on 2014); Chemicals (34%, up 12% on 2014); Pharmaceuticals (31%, up 21% on 2014); Insurance (29%: up 13% on 2014) and Government and State Owned entities (29%; up 17% on 2014)
4. Cybercrime response: Only four in ten companies have fully trained personnel to act as first responders to a cyber security incident.
5. Ethics & Compliance: One in five respondents were not aware of the existence of a formal ethics and compliance programme.
6. A survey and report on the German market is separately undertaken by PwC Germany and the Martin Luther University of Halle-Wittenberg. Contact dagmar.schadbach@de.pwc.com for details.
7. In PwC’s 19th Annual CEO Survey (release January 2016), of the top threats facing organisations, bribery and corruption had the biggest increase from 51% to 56%.