In a recent survey, 37 percent of the respondents reported economic crime in their organizations. Of particular note, the categories of bribery and corruption, and cybercrime both were cited more by respondents this year than in last year’s survey.
PwC’s 2014 Economic Crime Survey was completed by 5,128 respondents from 99 countries. According to the results, asset misappropriation was the most common economic crime, and was cited by 69 percent of the respondents, which probably comes as no surprise.
A new category was added to the survey by PwC this year: procurement fraud. The firm believes this category is primarily driven by more-competitive public tender processes from governments and state-owned businesses, and the increasing integration of supply chain into core business activities. Interestingly, procurement fraud received a significant response (29 percent), which made it the second most frequently reported type of fraud.
Bribery and corruption was the third most reported economic crime, and was cited by 27 percent of the respondents. I was more interested, however, to see cybercrime listed as the fourth most-reported crime. It was cited by 24 percent of the respondents. Additionally, more than 11 percent of those companies suffered financial losses of more than US$1 million.
In a sign that organizations are taking this threat more seriously, the survey results indicate that the perception of the risk of cybercrime is increasing at a faster pace than that of reported actual occurrences, the PwC report explains. This year, 48 percent of the respondents said their perception of cybercrime risk at their organization increased, up from 39 percent in 2011.
Even so, companies continue to make their critical data available to management, employees, vendors and clients on a multitude of platforms—including high-risk platforms such as mobile devices and the cloud—because the economic and competitive benefits appear so compelling, the report notes. Ultimately though, cybercrime isn’t strictly a technology problem, and is instead, a strategy problem, a human problem and a process problem. After all, organizations aren’t being attacked by computers, but by people attempting to exploit human frailty as much as technical vulnerability, PwC observes.
Finally, regardless of the type of economic crime, organizations often don’t grasp the true financial impact of an economic crime until after it has happened—sometimes well after, PwC notes. As in previous years, the survey underscores that the cost of fraud, both in financial and non-financial terms, is significant. For example, nearly one in five organizations suffering fraud experienced a financial impact of between US$1 million and US$100 million. But economic loss isn’t the only consequence for companies. The PwC survey respondents also reported damage to employee morale, corporate and brand reputation, and business relations as some of the most severe non-financial impacts of economic crime.
When taking into account the secondary damage, the true cost of an incidence of economic crime can be long lasting. Consider, PwC notes, the long chain of adverse events which may follow a single, high-profile incident of economic crime: lost revenues as customers look for other business partners; delayed entry to new markets due to regulatory issues; lowered stock price; and declining productivity and morale.
Given those findings, I wonder what you think. What do you believe are the possible long-term ramifications of economic crime? Secondly, given that cybercrime increasingly relies on employee error—or bad judgment—rather than a system flaw, how is your company working to prevent this type of attack?