Canadian organisations have been advised to take action to reduce the risk of internal fraud, as new research reveals that a growing number of economic crimes are inside jobs.
According to the 6th PwC Global Economic Crime Survey, 54% of economic crimes reported over the last 12 months involving businesses were committed internally. This represents a worrying 21% rise on the 33% figure reported in 2009.
“Volatile and uncertain economic conditions globally have increased both the incentive and the opportunity to commit economic crime,” PwC partner Malcolm Shackell said. “The good news is that, compared to external fraud, businesses have significantly more influence to reduce the risks of internal fraud.”
According to the survey, a typical internal fraud involves a longer period of undetected deception than external fraud – which is more often a single large fraudulent incident. It also paints the following picture of the typical fraudster:
- in middle management or a junior role
- has been with the business for between three and five years
Some 50% of businesses reported at least one incident of economic crime over the past 12 months, and 16% of respondents suffered losses in excess of $5m. Of those businesses that suffered economic crime, 86% were affected by asset misappropriation.
Cybercrime on the rise
While theft of assets or funds retained the top spot in this year’s survey, PwC noted that cybercrime has made a rapid ascent to second place.
Cybercrime accounted for a third of all economic crimes reported by businesses, leading PwC to highlight its growing risk profile this year’s report title – Cybercrime: Out of obscurity and into reality. “While economic crime is the norm not the exception, the kind of risk businesses face is shifting, Shackell said. “Asset misappropriation such as asset disposal, fraudulent invoicing and employee expense fraud is what we see on a day to day basis, but that that’s changing with the increasing reliance on technology.”
He added that cybercrime is now the biggest growing threat to business – and no longer just the domain of the serious hacker. “It’s low cost, high rewards and anonymity has a broad appeal,” he said. “Computers and the internet are playing a central role in committing cybercrimes such as distributing viruses, illegally downloading files and stealing personal information such as bank accounts.”
Business is underprepared
While the awareness of the growing threat posed by cybercrime is on the rise, the readiness of organisations to deal with this major risk has been found wanting, and around half of the survey’s respondents admitted that they don’t have, or are not aware of having, in-house capability to prevent and detect cybercrime.“One of the stumbling blocks to businesses being better prepared is that cybercrime is perceived as just an IT issue and visibility across the CEO and board is low,” Shackell said.
He pointed to survey results revealing that 54% of respondents said that it’s the role of the CIO or the CSO to manage the risk of cybercrime. One in five also said that senior executives never reviewed cybercrime risks – or only did so on an ad-hoc basis. “Our increased dependence on and accessibility to technology makes cybercrime prevention and detection the responsibility of the whole business,” Shackell said, adding that cyber-attacks can destroy the reputations, as well as the bottom lines, of organisations.