Economic Crime on the Rise
More than a third of businesses and other organisations around the world were victims of economic crime in the last 12 months, according to respondents to PwC’s 2011 Global Economic Crime Survey released today.
Nearly a quarter of victims said they were subject to cybercrime – the use of technology as the main element in the economic crime.
Overall, 34 percent of respondents said their organisations fell prey to economic crime, a 13 percent rise since 2009.
Theft or asset misappropriation (cited by 72 percent) was the most common type of economic crime reported, followed by accounting fraud and bribery and corruption (24 percent each) and cybercrime (23 percent).
Overall, 11 percent of respondents, nearly half of them C-suite executives, said they did not know if their organisation had suffered a fraud.
Though the direct cost of economic crime to an organisation can be difficult to gauge, nearly 10 percent of victims reported losses of more than US$5 million.
Among those who were victims of bribery and corruption, 20 percent said that they lost more than US$5 million on average. Victims of economic crime also reported significant collateral damage due to fraud. This includes damage to employee morale, cited by 28 percent, as well as to brand and reputation, and to business relationships, both 19 percent.
Suspicious transaction monitoring has emerged as the most effective fraud detection method, noted by 15 percent of respondents, up from 5 percent in 2009.
The survey of 3,877 respondents from 78 countries found that economic crime remains pervasive among organisations of all sizes, in all countries and all industries. The communications and insurance sectors reported the highest incidence of fraud. Fraud against governments or state owned enterprises rose by 24 percent since 2009, moving it ahead of the hospitality and leisure and financial services sectors as a target for crime.
Cybercrime now ranks as one of the top four economic crimes. The perception of cybercrime as a predominantly external threat is changing, and organisations are now recognising the risk of cybercrime coming from inside as well.
Respondents said the Information Technology Department was the most likely source of cybercrime internally. IT was cited by 53 percent of respondents, followed by Operations, 39 percent, Sales and Marketing, 34 percent, and Finance, 33 percent.
While half of all respondents noted an increased awareness to the threat of cybercrime, the majority of respondents said they do not have a cybercrime crisis response plan in place, or are not aware of having one. And 60 percent said their organization doesn’t monitor social media sites.
The survey found that the typical profile of an internal cybercrime fraudster was a junior employee or middle manager (cited by 85 percent), under the age of 40 (65 percent), and employed by the organisation for less than five years (50 percent).
Those who said cybercrime was more likely to originate from sources outside their home country listed Hong Kong and China, India, Nigeria, Russia and the U.S. as the countries perceived as the top cybercrime threats.
Other Survey Findings
Economic crime is most prevalent at large organisations. Fifty-four percent of respondents from organisations with more than 1,000 employees reported incidents in the last 12 months, compared with 29 percent among those with less than 1,000, and 17 percent among those with less than 200.
Fraud strikes all types of organisations. Forty-five percent of victims were government or state owned, 40 percent were listed on a stock exchange, and 12 percent were in the private sector.
Accounting fraud has declined steeply since 2009. The percentage of respondents reporting this type of fraud declined by 37 percent from 2009 and returned to 2005 levels.
Most economic crime of all types – 56 percent – is committed by internal fraudsters. 40 percent of respondents reported fraud by an outsider.
The effectiveness of economic crime detection has been declining since 2007. Internal audit, risk management systems, and whistle-blowing systems all declined as means of discovering fraud. The only detection method to show increased effectiveness was suspicious transaction monitoring.
Those that seek out economic crime find it. Organisations that have performed fraud risk assessments have detected and reported more frauds.