PwC cybercrime report is a wake-up call for the industry, says Qualys CTO
Cybercrime is rapidly becoming one of the biggest threats to UK organisations, according to a new report from PricewaterhouseCoopers (PwC).
The report, titled 2011 Global Economic Crime Survey, revealed that cybercrime is now one of the top four economic crimes and businesses are becoming aware of the internal threat from cybercrime as well as external threats.
In fact, according to PwC, cybercrime is now the third most common type of economic crime in the UK with over one-quarter of victims of economic crime reporting a cyber element to it.
Tony Parton, forensics partner, PwC said this statistic is, "particularly alarming. This is a dramatic finding and marks the promotion of cybercrime to the premier league of fraud. As well as direct financial costs, there are other commercial consequences of cybercrime, such as reputational/brand damage, poor employee morale or service disruption."
The survey also revealed that businesses are now more aware that threats can come from internal sources as well as external. PwC said that more than one-third of victims found that their own employees were responsible for the largest frauds.
"During a downturn, the ‘corporate core’ of an organisation tends to be hit the hardest, with severe resource cutbacks in areas that are the first and second line defences against fraud, like internal audit," said Parton.
"Under-staffing and increased workloads might mean that internal fraud’s going undetected, or that those completing our survey aren’t finding out about it," he added.
The vast majority (83%) of respondents feared reputational damage as the biggest consequence of cybercrime. "Reputational damage strikes an organisation at its core. The effects can seriously damage the perception of a brand, leading to loss of market share. As society becomes less tolerant of unethical conduct, businesses need to ensure they place a premium on building public trust," said William Beer, director, cyber security services, PwC.
Beer added that while it is good to see cybercrime rising up the agenda at UK businesses, more still needs to be done.
"Organisations face serious threats from cyber criminals from within as well as outside," he said. "And it’s clear that senior executives need to take these risks more seriously: worryingly, almost four in ten respondents say their organisation doesn’t have the capability to prevent and detect cybercrime."
Wolfgang Kandek, CTO of Qualys, echoed Beer’s thoughts.
"The 2011 PwC Global Economic Crime Survey is an astonishing read and serves as a wake-up call for all organisations that use computers in their daily business," he said. "The report outlines the measures needed to combat fraud, starting with involvement from top management. Typical businesses are now so dependent on computers and the Internet, that awareness of cybercrime is mandatory at the board level."
"The next step is to enable the IT department to react to cybercrime, as currently both fraudsters and technology are moving faster than them, efficiently sharing information about malicious schemes. The challenges for IT are less of a technical nature, as a plethora of tools, both free and commercial are available, but are closely related to operational and implementation issues," Kandek added.
"We have done this before when we secured global e-commerce infrastructures in the first years of the century. We have all the technology needed, we now just need to apply it to the new problem at hand," he concluded.