Source: Risk Management
Australian organisations have been advised to take action to reduce the risk of internal fraud, as PwC research reveals that a growing number of economic crimes are inside jobs.
According to the 6th PwC Global Economic Crime Survey, 54 per cent of economic crimes reported over the last 12 months by Australian businesses were committed internally. This represents a worrying 21 per cent rise on the 33 per cent figure reported in 2009. “Volatile and uncertain economic conditions globally have increased both the incentive and the opportunity to commit economic crime,” said PwC partner Malcolm Shackell. “The good news is that, compared to external fraud, businesses have significantly more influence to reduce the risks of internal fraud.”
According to the survey, a typical internal fraud involves a longer period of undetected deception than external fraud – which is more often a single large fraudulent incident. It also paints the following picture of the typical Australian fraudster:
- In middle management or a junior role.
- Has been with the business for between three and five years.
Worryingly, despite Australia’s relatively strong global economic position, the survey found that Australia’s economic crime incidence rate was higher than that of the wider Asia Pacific or global regions. Almost 50 per cent of Australian businesses reported at least one incident of economic crime over the past 12 months, with 16 per cent of respondents suffering losses in excess of $5 million. Of those businesses that suffered economic crime, 86 per cent were affected by asset misappropriation.
Cybercrime on the riseWhile theft of assets or funds retained the top spot in this year’s survey, PwC noted that cybercrime has made a rapid ascent to second place. Cybercrime accounted for a third of all economic crimes reported by Australian businesses, leading PwC to highlight its growing risk profile this year’s report title – Cybercrime: Out of obscurity and into reality. “While economic crime is the norm not the exception, the kind of risk businesses face is shifting, said Shackell. “Asset misappropriation such as asset disposal, fraudulent invoicing and employee expense fraud is what we see on a day to day basis, but that that’s changing with the increasing reliance on technology.” “Computers and the internet are playing a central role in committing cybercrimes such as distributing viruses, illegally downloading files and stealing personal information such as bank accounts.” He added that cybercrime is now the biggest growing threat to business – and no longer just the domain of the serious hacker. “It’s low cost, high rewards and anonymity has a broad appeal,” he said.
Australian business underprepared
It appears that Australian business is taking note of the growing cybercrime threat, with two thirds of survey respondents rating cybercrime as the second biggest risk that they will face in the next 12 months – two places higher than its world ranking of fourth. But while the awareness of the growing threat posed by cybercrime is on the rise, the readiness of Australian organisations to deal with this major risk has been found wanting, with around half of the survey’s Australian respondents admitting that they don’t have, or are not aware of having, in-house capability to prevent and detect cybercrime.
“One of the stumbling blocks to businesses being better prepared is that cybercrime is perceived as just an IT issue and visibility across the CEO and board is low,” said Shackell. He pointed to survey results revealing that 54 per cent of respondents said that it’s the role of the CIO or the CSO to manage the risk of cybercrime. One in five also said that senior executives never reviewed cybercrime risks – or only did so on an ad-hoc basis. “Our increased dependence on and accessibility to technology makes cybercrime prevention and detection the responsibility of the whole business,” said Shackell, adding that cyber-attacks can destroy the reputations, as well as the bottom lines, of organisations.