Cyber crime is up 20% since 2014 and is the fastest growing economic crime, according to PricewaterhouseCoopers’s (PWC) latest biennial Global Economic Crime Survey.
The UK has seen a double digit rise in economic crime against corporates in the past two years, with 55% of organisations affected – up 11% since 2014 and well above the US (38%) and China (28%).
The survey found that 60 % of economic crime in the UK was committed by external perpetrators, up from 56% in 2014. While there was a decline in economic crime perpetrated by employees (31%), there was an 11% increase in fraud committed by senior management to 18%.
“While the prevalence of traditional fraud – such as asset misappropriation – has fallen since 2014, there has been a huge rise in organisations reporting cyber crime, with technology driving almost every other area of economic crime,” said Andrew Gordon, PwC’s global and UK forensics leader.
“Businesses need to minimise the opportunities for economic crime through rigorous fraud risk assessment, supported by a culture based on shared corporate values, robust policies and compliance programmes,” he said.
Some 44% of UK organisations that experienced economic crime in the past two years were affected by cyber incidents, a jump of 20% from 2014 and 12% greater than the global response of 32%.
The rise of cyber crime, the report said, is in stark contrast with some of the traditional forms of economic crime, including asset misappropriation and procurement fraud, which have declined.
Just over half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime.
Global corporate intelligence leader at PwC Mark Anderson said cyber attackers are now more ambitions than ever.
“Their aim goes beyond targeting financial information to include a company’s ‘crown jewels’ – customer data and intellectual property information, the loss of which can bring down an entire business,” he said.
“The threat of cybercrime is now a board level risk issue, but not enough UK companies treat it that way.”
UK respondents say the greatest concern about a cyber attack is the potential disruption to services, with 31% saying it would have a medium to high impact.
Surprisingly, almost half say that cyber crime would have no effect on their reputation, and almost 60% are not concerned about the potential for theft of intellectual property.
The strong shift towards more senior and experienced employees carrying out corporate fraud in the UK should be of particular concern, the report said, because senior management fraud is often more difficult to detect and prevent, and usually has a much greater effect on an organisation.
While those in middle management remained the most responsible for economic crime (36%), half the instances committed by staff in the UK involved employees over the age of 40, and the number carried out by staff over the age of 50 tripled from 6% to 18%.
The survey found that 45% of internal fraudsters had worked for more than five years in the organisation they defrauded and 21% had more than a decade of service. In contrast, the number of junior staff carrying out economic crime has fallen since 2014 from 45% to 28%.
While the majority (86%) of UK organisations have formal business ethics and compliance programmes in place, far fewer (63%) back up these rules with regular training and communication.
Financial services companies are set to be the biggest spenders on compliance in the UK in the next two years, while compliance budgets for other industries are under pressure as they face demands to do more with less, according to the survey.
The survey also found that 20% of UK organisations say they have never performed a fraud risk assessment, while 44% do so annually. Some 5% of respondents say they have been asked to pay a bribe in the past 24 months, while 7% feel they lost a business opportunity to a competitor who was willing to pay it.
More than a fifth of frauds were detected through suspicious transaction monitoring, 14% through fraud risk management, 8% through data analytics, 8% through internal audit and 8% through accidental discovery.