PwC’s Economic Crime Survey Focuses on Cybercrime

Wednesday, November 30, 2011



PricewaterhouseCoopers (PwC) has released their 2011 Global Economic Crime Survey, this time with a focus on cybercrime related events.

The survey included 3,877 respondents from 72 countries, with sixty percent of of those identifying themselves as senior-level directors or executives.

According to the report, "Cybercrime has increased considerably in recent years - 40 percent of respondents have been affected by it, making it the second most common fraud reported after asset misappropriation."

Sixty-one percent of the respondents from the U.S. indicated that their perceived risk to the enterprise from cyber crime had increased over the previous twelve months.

In contrast, the survey indicates that only fifteen percent of C-level executives review risks presented by cybercrime once per year, and as many as one-third do not review cybercrime risks or only do so after a breach event has been reported.

“Clearly, many executives have yet to seize upon the serious nature of the cybercrime threat. Cybercrime has emerged as a formidable threat, thanks to deeply determined, highly skilled, and well-organized cybercriminals, from nation states to hacktivists, from criminal gangs to lone-wolf perpetrators. Organizations need to be aware and adjust to this changing landscape," said Didier Lavion, principal in PwC’s forensic services practice.

The report also found that of the seventy percent of U.S. organizations that reported they perform fraud risk assessments, nearly two-thirds only do so once per year. Worldwide, less than sixty percent of organizations regularly perform fraud risk assessments.

“Fraud remains an often unmeasured and unseen siphon on organizational resources. Without the proper controls to prevent, detect, and investigate it, fraud – and the losses it incurs – will persist,” said Erik Skramstad, PwC’s U.S. forensic services practice leader.

The report reveals some interesting characteristics of the average insider threat, stating that "the typical fraudster is between 31 and 40 years old, has been employed between three and five years and has a college degree. The survey found that in the U.S, forty percent of internal perpetrators are women, as compared to only 19 percent around the world."

Other highlights of the survey include:

  • 45 percent of U.S. respondents reported that their organization had suffered fraud in the previous 12 months, compared to 35 percent in 2009
  • Cost of frauds over $100,000 has increased substantially, from 44 percent to 54 percent over the two year period
  • 10 percent of those surveyed reported that fraud had cost their organization more than $5 million
  • Territories that reported high levels of fraud (40 percent or more) include Kenya, South Africa and the UK
  • Communication and insurance sectors top the table of reported frauds (both at 48 percent)
  • Fraud in the government sector has increased by 9 percent, now making it one of the top five targets for economic crime
  • Accounting fraud, at 16 percent, is down from 24 percent in 2009

“The costs associated with economic crime pose a serious threat to an organization’s bottom line. Companies must consider the potential damage to reputation and brand, along with the very real possibility that corrupt activity perpetrated by their employees or by affiliates, third parties, intermediaries, and joint venture partners could trigger stiff penalties. Not surprisingly, this topic is getting significant airtime in corporate boardrooms around the globe," said Chris Barbee, leader of PwC's global forensic services practice.


Possibly Related Articles:
Enterprise Security
fraud Insider Threats Risk Assessments Cyber Crime report Hacktivist Executives survey PricewaterhouseCoopers
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.