Time to Yank Cybercrime into the Light
Too many organizations are still operating blindfolded, research finds.
At a time when the public and governments are watching their every move, today's organizations are up against an unprecedented wave of crime and fraud-related risks that affect their internal and external relationships, regulatory status, and reputation. Unfortunately, not enough companies are truly aware of the fraud threats they face.
According to PricewaterhouseCooper's 2018 Global Economic Crime and Fraud (GECF) Survey, a poll of some 7,200 respondents across 123 different countries, 49% say their companies had been victimized by fraud or economic crime, up from 36% in 2016. This uptick can be attributed to a greater global awareness of fraud, more survey responses, and better understanding of what constitutes "fraud." But every company — no matter how vigilant — can have blind spots.
Some 44% of poll respondents indicate that they intend to increase spending in the next two years. Great — but where? These days, organizations are harnessing some seriously powerful technology and data analytics tools to battle the fraudsters. On top of these tech-based controls, many firms are also expanding whistleblower programs and taking care to keep leadership informed about real and potential breaches.
Despite the increased spending, many organizations are still trying to prevent fraud through a reactive, defensive approach. Only 54% of global organizations indicate that they have completed a general fraud or economic crime risk assessment in the past two years. Less than half had conducted a risk assessment to assess their vulnerability to cybercrime. Even worse, one in 10 performed zero risk assessments in the past two years.
According to PwC's CEO Survey 2018, a majority (59%) of CEOs agree or strongly agree that organizations are feeling more pressure to hold leaders accountable for any misconduct perpetrated on their watch. That may be why some 71% of CEOs measure the levels of trust between their workers and their organization's senior leadership.
The Perpetrators
As highlighted in PwC's GECF report, some 68% of external fraudsters are agents, vendors, shared service providers, and customers. Troublingly, 52% of all frauds are committed by people inside the organization, and, astonishingly, in almost a quarter (24%) of reported internal frauds, senior management are the bad guys
Cybercrime has grown up. Cybercriminals are estimated to rake in $1.5 trillion in annual cybercrime-related revenues, which means that detecting and warding off threats has necessarily become a core business issue.
No doubt much to their chagrin, 41% of executives surveyed say they spent at least twice as much on investigations and attack prevention as they lost to cybercrime itself. Because today's bad-guy geeks are as smart — and sometimes smarter — as the companies they attack, the business world is crying out for a new perspective on the diverse reality of cyber threats and related frauds.
Often, the first indication an organization gets that something major is happening is when they detect a cyber-enabled attack, such as phishing, malware, a distributed denial-of-service attack or a traditional brute-force attack. The increasing frequency, sophistication, and lethality of such assaults are prompting firms to seek ways to beat the bad guys at their own game, before they can do any damage. This is smart, but it also leads inevitably to a deeper look at fraud prevention.
Consequences Can Be Devastating
Over a third of all respondents have been targeted by cyberattacks. These attacks can severely disrupt business processes and lead to substantive losses: 24% of respondents who were attacked suffered asset misappropriation, and 21% were digitally extorted. It can be hard for companies to accurately gauge the bottom-line impact of cyberattacks, but 14% of survey respondents who said cybercrime was the most disruptive fraud said they lost over $1 million as a result. One percent lost over $100 million.
Overall, cybercrime was over twice as likely than any other fraud to be named as the most disruptive and serious economic crime expected to impact organizations in the next two years. Twenty-six percent of respondents said a cyberattack in the next two years would be the most disruptive to their business; 12% said they expected bribery and corruption to be most disruptive; while 11% said the same about asset misappropriation. In reality, cyberattacks have become so widespread that measuring their occurrences and effects is becoming less strategically productive than figuring out how the fraudsters did it.
Invest in People, Not Just Machines
To battle cyber threats in a meaningful way, organizations can harness a universe of sophisticated technologies they can use to protect themselves against fraud. These tools — including machine learning, predictive analytics, and other artificial intelligence (AI) techniques — aim to monitor, analyze, learn, and predict human behavior.
Only 14% of organizations are using AI to protect against threats. The majority continue to depend on manual, old-school processes and tools. In turn, 34% of respondents say they thought their organization's use of technology to fight fraud and/or economic crime is creating too many false positives. To minimize the rate, it's critically important to rely on much stronger on analytics and AI.
Besides tech, the human mind is far harder to influence. Research has found that few organizations have fully wrapped all the relevant risks and threats into their digital strategy. The first way to prevent rationalization is to zero in on the climate that rules employee behavior — the organizational culture. Companies should make full use of surveys, focus groups, and in-depth interviews to assess the strengths and weaknesses of that culture. Consistent training is also key. That way, potential weak cultural spots — ones that may lead a disgruntled employee to exact expensive revenge — can be identified.
Related Content:
Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info.
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024