SINGAPORE (November 29, 2011) – More than a third of businesses and other organisations around the world were victims of economic crime in the last 12 months, according to respondents to PwC's 2011 Global Economic Crime Survey released today. And nearly a quarter of victims said they were subject to cybercrime -- the use of technology as the main element in the economic crime.
Overall, 34 percent of respondents said their organisations were victims of economic crime, a 13 percent increase since 2009. Theft or asset misappropriation (cited by 72 percent) was the most common type of economic crime reported, followed by accounting fraud and bribery and corruption (24 percent each) and cybercrime (23 percent). Overall, 11 percent of respondents, nearly half of them C-suite executives, said they did not know if their organisation had suffered a fraud.
Though the direct cost of economic crime to an organisation can be difficult to gauge, nearly 10 percent of victims reported losses of more than US$5 million. Among those who were victims of bribery and corruption, 20 percent said that they lost more than US$5 million on average. Victims of economic crime also reported significant collateral damage due to fraud. This includes damage to employee morale, cited by 28 percent, as well as to brand and reputation, and to business relationships, both 19 percent. Suspicious transaction monitoring has emerged as the most effective fraud detection method, noted by 15 percent of respondents, up from 5 percent in 2009.
The survey of 3,877 respondents from 78 countries is a comprehensive study of economic crime in the business world. It found that economic crime remains pervasive among organisations of all sizes, in all countries and industries. The communications and insurance sectors reported the highest incidence of fraud. Fraud against governments or state owned enterprises rose by 24 percent since 2009, moving it ahead of the hospitality and leisure and financial services sectors as a target for crime.
"Economic crime continues to be pervasive, affecting both large and small organisations worldwide without discrimination. No industry or company in any country is immune from the impact of fraud," said Tony Parton, partner in PwC's forensics practice in London.
"In a world where most enterprises rely on technology, they increasingly open themselves to the risk of criminal activity from virtually anywhere on the planet where there is a computer, a smart phone or any other device able to access the Internet," Mr. Parton said "Rising incidents of data loss and theft, computer viruses and hacking and other forms of electronic crime demonstrate the need for a more cyber-savvy approach to fraud prevention."
Cybercrime now ranks as one of the top four economic crimes. The perception of cybercrime as a predominantly external threat is changing, and organisations are now recognising the risk of cybercrime coming from inside as well. Respondents said the Information Technology Department was the most likely source of cybercrime internally. IT was cited by 53 percent of respondents, followed by Operations, 39 percent, Sales and Marketing, 34 percent, and Finance, 33 percent.
While half of all respondents noted an increased awareness to the threat of cybercrime, the majority of respondents said they do not have, a cybercrime crisis response plan in place, or are not aware of having one. And 60 percent said their organization doesn’t monitor social media sites.
Chan Kheng Tek, who heads the Dispute Analysis and Investigations (DA&I) practice at PwC Singapore, said: “It is a concern that the majority of respondents are not well-equipped with a cybercrime crisis response plan, and also that cybercrime is perceived as a problem best left to IT to solve. A lack of ‘cyber-awareness’ among an organisation’s employees could leave it vulnerable to threats. In Singapore, which has such a wired and tech-savvy working population, it is crucial for organisations and their senior management to recognise that cybercrime and security are not just IT issues. Cyber security requires all departments to be diligent and do their part to ensure that threats, whether internal or external, are minimised.”
The survey found that the typical profile of an internal cybercrime fraudster was a junior employee or middle manager (cited by 85 percent), under the age of 40 (65 percent), and employed by the organisation for less than five years (50 percent).
Those who said cybercrime was more likely to originate from sources outside their home country listed Hong Kong and China, India, Nigeria, Russia and the U.S. as the countries perceived as the top cybercrime threats.
Other Survey Findings
Methodology: The sixth Global Economic Crime Survey was carried out between June 2011 and November 2011. The survey questionnaire had three sections: a section with general profile questions; a section with comparative questions looking at what economic crime organisations had experienced; and a section on this year’s special topic, cybercrime. 3,877 people from 78 countries filled in the online survey. Participants were asked to answer the questions with respect to their organisation and the country in which they are mainly based.
About the PwC network: PwC firms help organisations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com.