Financial services continues to be the most targeted sector by fraudsters.
According to PwC's global economic crime survey, 45 per cent of financial services organisations have suffered fraud in the past 12 months, in comparison with 30 per cent of those in other industries. Also, cyber crime accounted for 38 per cent of economic crime, compared with 16 per cent of crime in other industries.
Of the 3,877 businesses surveyed, the financial services sector represented 23 per cent of them (with 878 respondents from 56 countries). The financial services respondents perceived the risk of cyber crime to have increased in the past 12 months, and it is the second most commonly reported type of economic crime.
Andrew Clark, forensic services partner at PwC, said: “The rise in cyber crime is not so surprising given the sector holds large volumes of the type of data cyber criminals are interested in, and there is an established underground economy servicing the needs of the market for stolen and compromised data.
“Cyber crime puts the financial services sector's customers, brand and reputation at significant risk. Regulators are increasingly viewing cyber crime as a key area of focus, and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat.”
Of the financial services businesses surveyed, 46 reported having no 'whistleblowing' mechanism in place, while 22 per cent said what they had was "effective", and another 22 per cent said it was "only slightly effective".
Clark highlighted that only 18 per cent of financial services respondents said they had in place all five measures specified in the survey:
- Ensure that cyber security is embedded into the business and that the risks are fully defined and understood, and the impact of changing technologies in the marketplace are fully addressed and planned for;
- Ensure there is a fully defined cyber crisis response plan to protect against financial and non-financial loss and to mitigate the reputational risks associated with an incident;
- Ensure that senior management proactively take the lead in the fight against economic crime;
- Conduct more regular fraud risk assessments to identify ever-changing economic crime risks;
- Promote and support the embedding of whistleblowing mechanisms.
“We expected most organisations to have cyber-crime incident response mechanisms in place. It appears that some financial services organisations are complacent about the risks that cyber crime poses, in spite of serious concerns about potential damage arising from cyber threats,” he said.
“Overall responsibility for managing cyber-crime risks rests with senior management. It is therefore essential that senior management understand the potential risks and opportunities the cyber world can present and ensure that there is clear accountability and responsibility within the organisation for dealing with these risks and opportunities.”