Cybercrime a Growing Threat to the Financial Services Sector – PwC Report
Cybercrime has risen up the ranks over the last year to become the second most commonly reported economic crime affecting companies in the financial services (FS) sector after asset misappropriation (which remains the traditional and most popular way of defrauding an organisation), according to the latest findings from PwC’s global economic crime survey.
Cybercrime accounted for 38% of economic crime incidents compared to 16% for other industries in the survey which in total analysed 3,877 responses spanning 78 countries, with 23% of those ( 878 respondents) coming from the FS sector. While FS organisations have historically taken significant steps to control and safeguard their customers’ data, the survey shows they are nevertheless concerned about the growing threat. Half of FS respondents perceive the risk of cybercrime to have increased in the last 12 months, compared with 36% for other industries.
Some of the developing technologies such as using ‘apps’ to access banking services and mobile phones to make payments are likely to increase, rather than decrease these risks.
Some 45% of FS respondents suffered frauds in the last 12 months, a much higher figure than the 30% reported by other industries. This is an indicator that the sector remains very attractive to criminals due to the significant amount of cash, assets and sensitive client data that is available to them as well as the nature of the industry.
Andrew Clark, forensic services partner, PwC, said: “The rise in cybercrime is not so surprising given the sector holds large volumes of the type of data cybercriminals are interested in and there is an established underground economy servicing the needs of the market for stolen and compromised data. However, our survey shows cybercrime accounts for a much greater proportion of economic crime in the FS sector than in other industries.
”Cybercrime puts the FS sector’s customers, brand and reputation at significant risk. Regulators are increasingly viewing cybercrime as a key area of focus and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat. ”
Asked what aspects of cybercrime they were most concerned about, FS respondents had greater concern around all of the categories of collateral damage listed when compared to other industries. More than half said their greatest concern was around reputational damage.
When a cybercrime incident occurs, the first few hours are crucial. It is particularly important to react quickly and decisively, as the consequences of not doing so can be severe in terms of both financial and non-financial damage.
Andrew Clark, forensic services partner, PwC commented: “We expected most organisations to have cybercrime incident response mechanisms in place. To our surprise, only 18% of FS respondents said they had in place all five measures specified in our survey. It appears that some FS organisations are complacent about the risks that cybercrime poses, in spite of serious concerns about potential damage arising from cyber threats.
“Overall responsibility for managing cybercrime risks rests with senior management. It is therefore essential that senior management understand the potential risks and opportunities the cyber world can present and ensure that there is clear accountability and responsibility within the organisation for dealing with these risks and opportunities.”
In addition to the growth in cybercrime, asset misappropriation and accounting fraud were the other two types of economic crime that increased over the last year, according to survey respondents. The rise in accounting fraud from 19% in 2009 to 26% in 2011 differs from other industries where it fell significantly from 38% in 2009 to 22% in 2011.
Andrew Clark, forensic services partner, PwC, said: “The FS sector’s increase in accounting fraud may be partly due to greater incentives for staff to hit targets, together with other factors such as personal pride in being seen as a success and meeting a myriad of stakeholders’ expectations.”
The survey also showed there has been a 50% increase in senior management fraud in FS organisations in the last two years.
Andrew Clark, forensic services partner, PwC, commented: “This suggests that the ‘tone at the top’ and overall senior management attitude to fighting fraud is worsening, and presents an increasing challenge for non-executive board members.”