Double-digit rise in crime against UK corporates as cyber becomes the fastest growing menace

Globally, the economic crime rate has remained largely static at 36 per cent.

The findings are contained in the biennial PwC Global Economic Crime Survey 2016, published today, which polled more than 6,000 participants in 115 countries, including the United Kingdom.

According to Colin Slater, cyber leader at PwC in Scotland, the Scottish experience mirrors that of the overall results with specific instances of Cybercrime including targeted phishing attacks and social engineering resulting in attributable financial losses, theft of IP and business disruption also featuring heavily.

The key change is the multi-headed threats that have appeared and the crossover between ‘traditional’ fraud and the use of technology to accelerate, obsfucate and amplify the breadth and penetration of attacks. One area of focus is around response, the when not if, with 30 per cent of respondents reporting no plan, recent breaches have shown the value in managing legal, personal, business and reputational risk in the first hour of an incident, this will be even more impacting with the introduction of the General Data Protection Regulation in 2018.

Mr Slater said: “While the prevalence of traditional fraud, such as asset misappropriation, has fallen since 2014, there has been a huge rise in organisations reporting cybercrime. Technology is driving almost every other area of economic crime as well.

“Attackers are now more ambitious than ever and are equally internal and external. Their aim goes beyond targeting financial information to include a company’s ‘crown jewels’ – customer data and intellectual property information, the loss of which, can bring down an entire business.

“Across our key industry areas such as Financial Services and Oil and Gas, the threat of cybercrime is now truly a board level risk issue, UK companies are beginning to treat it at that level but this is a journey of maturity for most. Business needs to minimise the opportunities for economic crime through rigorous fraud risk assessment, supported by a culture based on shared corporate values and robust policies and compliance programmes.”

PwC’s Global Economic Crime Survey reveals that 60 per cent of economic crime in the UK was committed by external perpetrators, up from 56 per cent in 2014. While there was a decline in the number of organisations reporting economic crime perpetrated by employees (31 per cent), there was a large increase in frauds committed by senior management - the so-called ‘silver fraudster’ - which more than doubled from 7 per cent to 18 per cent.

Cybercrime has experienced the fastest growth of all economic crime. Some 44 per cent of UK organisations that had experienced economic crime in the last 24 months were affected by cyber incidents, a jump of 20 percentage points from 2014 - and substantially higher than the global response of 32 per cent.

The rise of cybercrime is in stark contrast with some of the traditional forms of economic crime, including bribery, asset misappropriation and procurement fraud, which have declined.

Just over half (51 per cent) of UK organisations say they expect to be the victim of cybercrime in the next two years, suggesting it will become the UK’s largest economic crime. Almost a third of UK entities have no cyber response plan in place.

The Economic Crime Survey found that 45 per cent of internal fraudsters had worked for more than five years within the organisation they defrauded and 21 per cent had more than a decade of service. In contrast, the number of junior staff carrying out economic crime has fallen since 2014 from 45% to 28 per cent.

While the vast majority (86 per cent) of UK organisations have formal business ethics and compliance programmes in place, far fewer (63 per cent) back up these rules with regular training and communication. Moreover, frauds that staff typically commit, such as accounting and HR fraud, have risen in number in the last two years.

Colin Slater, cyber leader at PwC in Scotland, added: “We’re continuing to see growth in state sponsored cyber-terrorism and espionage as well as lower level attacks from insiders in all industries, including Oil & Gas, Utilities, Financial Services and Manufacturing industries.. These are all vital cogs in the wheel of our growing Scottish economy and are not impervious to threats that might seem unlikely, for bigger fish or simply not relevant.

“Against a backdrop of rapid social and technological change. it’s important to recognise that economic crime is not just a question of compliance, but increasingly one of culture.

“Even the best compliance programmes will fail if a company’s culture accepts wrong-doing as a norm. While it is encouraging that so many organisations in Scotland and across the UK understand the value of having a code of conduct, it’s crucial to back it up through regular training and engagement with employees. Unfortunately our survey shows this just isn’t happening enough.”