Skip to content Skip to footer

Loading Results

Engineering & construction firms see dual threat in cybercrime and corruption

20 July, 2018

Mike Sobolewski
Engineering and Construction Industry Leader, PwC US
Todd Ranta
Partner, South region, PwC US

In the ever-changing threat landscape engineering & construction (E&C) companies must face on a daily basis, one leading threat is relatively new while another is as old as the industry itself. When E&C organizations were asked in PwC’s 2018 Global Economic Crime Survey to name the most disruptive threats they anticipate facing in the next two years, respondents listed corruption and cybercrime. These same E&C firms appear positioned to address these threats head-on, however, according to the preventive measures many of them reportedly have in place.

The complete survey was based on data from more than 7,000 respondents across 123 territories. Here are the key takeaways from the 341 respondents across the engineering & construction sector, most of which are in line with the results from the full global survey:

On par with the global average, 48% of E&C companies were affected by economic crime in the previous two years vs. 49% of all respondents.

22% of E&C respondents anticipate bribery and corruption to be the most serious threat they face in the next two years while 18% said cybercrime.

In the last two years, 34% of E&C companies have been targeted by malware, 31% by phishing and 11% by network scanning.

54% of E&C respondents have a fully operational cyber security program in place to deal with these threats vs 59% of all global respondents.

48% of E&C organizations have performed a general fraud risk assessment in the previous two years compared to 54% of all global firms.

  • A slightly lower percentage of E&C respondents, 44%, targeted cyber-attack vulnerability in their assessments over the last 24 months vs. 46% of global businesses.
  • 35% of E&C companies targeted bribery and corruption compared to 33% of all companies.

Here are four steps that companies can take to fight fraud:

  1. Recognize fraud when you see it – There is an increase in awareness of fraud as more companies understand what “fraud” actually means. But every organization, no matter how vigilant, is still vulnerable to blind spots, and because they only become apparent with hindsight, it’s important to shed light on them as early as possible to enhance fraud fighting efforts.
  2. Take a dynamic approach – The C-suite can no longer claim ignorance as an excuse when the financial costs of fraud impact their business. Today’s enterprises are increasingly embedding their newly reinforced fraud prevention measures into their first line of defense. This is an important development, and the more a company learns to effectively react to micro-disruptions, the better prepared it is for responding to mega-crises.
  3. Harness the protective power of technology – As companies recognize fraud as first and foremost a business problem, many have made a strategic shift in their approach to technology, making a business case for robust new investments in areas such as detection, authentication and the reduction of customer friction. However, technology is expensive to buy and challenging to adopt across a large organization, so it’s critical to think through which emerging/disruptive technologies will work best for an organization.
  4. Invest in people, not just machines – Technology is clearly a vital tool to fight against fraud, but it can only ever be part of the solution, particularly when it comes to combatting internal fraud. The three principal drivers of internal fraud, or the “fraud triangle,” are incentive, followed by opportunity, and then internal rationalization. Since all three of these drivers must be present for an act of fraud to occur, each of them should be addressed individually. By establishing a culture of honesty and openness from the top down, companies can instill open accountability with employees and prevent fraud.