The advancement of technology in business services, combined with the explosive growth in social media and data connectivity, has permanently altered — and in many ways, brought together — the business and consumer landscapes.
Unfortunately, connectivity and access also have a dark side — one which empowers motivated, sophisticated criminals who are able to operate below the radar. And because cybercrime operates largely unseen, organisations may never even realise they are being targeted until long after the damage is done. This fact alone makes the many varieties of electronic fraud one of the most threatening types of economic crime. Many entities may not have clear insight into whether their networks and the data contained therein have been breached, and they don’t know what has been lost — or its value.
This year’s survey confirms the significant, continuing impact of this crime on business, with now one in four of respondents reporting they have experienced a cybercrime — and over 11% of these suffering financial losses of more than US$1 million.
In a sign that organisations are taking this threat more seriously, our survey indicates that the perception of the risk of cybercrime is increasing at a faster pace than that of reported actual occurrences. This year, 48% of our respondents said their perception of cybercrime risk at their organisation increased, up from 39% in 2011.
Reinforcing this, an identical percentage (48%) of CEOs in our latest Global CEO Survey said they were concerned about cyber-threats, including a lack of data security.
Even when organisations are generally aware of the types of cyber-threats they face, many do not truly understand the capabilities of cybercriminals, what they might target, and what the value of those targets might be. Yet companies continue to make their critical data available to management, employees, vendors, and clients on a multitude of platforms — including high-risk platforms such as mobile devices and the cloud — because the economic and competitive benefits appear so compelling.
Ultimately, cybercrime is not strictly speaking a technology problem. It is a strategy problem, a human problem and a process problem. After all, organisations are not being attacked by computers, but by people attempting to exploit human frailty as much as technical vulnerability.