Cybercrime - No One Is Immune
by AccountingWEB on
By AccountingWEB Staff
Senior managers need to take cybercrime more seriously. According to PricewaterhouseCoopers' (PwC) economic crime report, Cybercrime: Protecting Against the Growing Threat, businesses face serious threats from cybercriminals, from both within and outside their organizations.
The PwC report calls cybercrime one of the top four economic crimes – just after asset misappropriation, accounting fraud, and bribery/corruption – and it warns that cybercrime doesn’t get the attention it deserves. Instead of looking at cybersecurity from all angles, organizations have pigeonholed it as an IT problem.
These crimes aren't limited to big companies. While no industry is immune, communications and insurance companies top the list. The PwC survey says that "54 percent of the respondents who experienced economic crime were from organizations with more than 1,000 employees. But crimes committed against small and medium-sized organizations are on the rise as well, suggesting that fraudsters are now targeting these organizations more often."
CEOs should clearly define responsibilities for cybercrime, keep up-to-date on the latest developments in the field, and make sure their companies are constantly tracking risks and quickly handling problems as they arise. These and other conclusions were reported after nearly 4,000 people from seventy-eight countries were surveyed.
Highlights of the survey include:
- Sixty percent of respondents said their organization doesn’t monitor the use of social media sites.
- Two in five respondents had no cybersecurity training.
- Thirty-four percent of respondents experienced economic crime in the last twelve months, up from 30 percent reported in 2009. Half of those respondents perceive the risk of cybercrime to be on the rise.
- Almost one in ten who reported fraud suffered losses of more than $5 million.
- Fifty-six percent of respondents said the most serious fraud was an "inside job."
- Suspicious transaction monitoring has emerged as the most effective fraud detection method (up from 5 percent in 2009 to 18 percent in 2011).
"Although they are aware of the risks, companies are doing little about it and continue to be reactive rather than proactive in fighting cybercrime," the survey said. It also stated that more than half of respondents don't have, or aren't aware of having, access to forensic technology investigators, in-house capability to investigate cybercrime, and a media and public relations plan. Forty percent said they don’t have the in-house capability to prevent and detect cybercrime.
The survey found that the typical profile of an internal cybercrime fraudster is a junior employee or middle manager (cited by 84 percent), under the age of forty (65 percent), and employed by the organization for less than five years (51 percent).
So what actions should an organization take to defend against cybercrime? Here’s what the experts said in the report:
- Get the CEO involved – the CEO and the board of directors need to be aware of the risks and opportunities of the cyberworld.
- Look at how prepared an organization is for cybercrime – unlike traditional economic crime, cybercrime is fast-paced and new risks emerge all the time, which means an organization needs to adapt its procedures continually to reflect these.
- Be aware of the current and emerging cyberenvironment (situational awareness) – only then can an organization make well-informed decisions and do the right things at the right times.
- Set up a cyberincident response team that can act and adapt quickly – an organization can then track, assess risk, and deal with an incident as soon as it's spotted.
- Recruit people with the relevant skills and experience – they can pass this knowledge on to everyone else, helping to create a "cyberaware" organization that can protect itself better.
- Take a tougher and clearer stance on cybercrime – an organization should demonstrate it means business by taking legal action against cybercriminals and announcing what it's doing about threats and incidents.
Read the entire report, Cybercrime: Protecting Against the Growing Threat, to learn more.
You may like these other stories...
On the path to building a successful practice, sometime we get caught up the urgency of the moment, forgetting to take the time for extended thought. Reflecting on what I've learned in observance since I began in my...
A version of this article originally appeared at Practice Development Counsel. Many professions and industries struggle with inter-generational challenges. The advertising industry is just one of those industries...
By Phyllis Weiss Haserot, President, Practice Development Counsel This post originally appeared at Practice Development Counsel. Reflection is something I do a lot of – I have for many years quite...
Upcoming CPE Webinars
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.