29 Nov, 2011
UK surfing an economic crime wave in response to economic austerity, PwC’s latest fraud survey shows
Economic crime remains on the rise in Britain as business and public sector organisations struggle in the face of economic austerity and spending cuts, according to the findings from PwC’s latest global economic crime survey (GECS) of 3877 representatives of organisations in 78 countries, published today.
Over half (51%) of the UK respondents to the GECS, the most comprehensive study of economic crime in the business world, reported at least one instance of economic crime in the last 12 months, compared with the global figure of 34%. Perhaps more worryingly nearly a quarter of UK respondents said they’d experienced more than 10 incidents of economic crime during the year.
The survey findings suggest that the combination of rising economic crime in the UK, and widespread austerity spending cuts that limit the resources available to focus on economic crime, has made today’s business environment altogether more difficult and risky. Although one reason for the higher levels of economic crime reported in the UK might be that more respondents are carrying out fraud risk assessments, so they’re better equipped to identify it.
Since the last survey carried out in 2009 the proportion of UK respondents reporting the cost of fraud to be between $100,000 and $5 million has risen by 11%. The proportion reporting the cost to be more than $5 million has risen by 3%, suggesting that overall, the actual cost of fraud for most organisations is rising. The true costs could be much higher, given the proportion of frauds that are likely to have gone undetected.
Cybercrime has become the third most common type of economic crime in the UK, while levels of ‘conventional’ economic crime have fallen (e.g. asset misappropriation fell by eight percentage points compared with our last survey in 2009, and those reporting accounting fraud by 5%).
Tony Parton, forensics partner, PwC said: “The fact that 26% of those who experienced an economic crime in the last 12 months reported a cybercrime is particularly alarming. This is a dramatic finding and marks the promotion of cybercrime to the premier league of fraud. As well as direct financial costs, there are other commercial consequences of cybercrime, such as reputational/brand damage, poor employee morale or service disruption.”
William Beer, director, cyber security services, PwC said: “Organisations face serious threats from cyber criminals from within as well as outside. And it’s clear that senior executives need to take these risks more seriously: worryingly, almost four in ten respondents say their organisation doesn’t have the capability to prevent and detect cybercrime. On top of this, we’ve discovered that organisations might not be clear about exactly what cybercrime is, who it affects, and what they need to do to protect themselves. “
Since the rise of the internet, people have traditionally perceived cybercrime as an external threat and 46% of UK respondents have a similar perception. Those who said cybercrime originated from sources outside the UK perceived Hong Kong and China, India, Nigeria, Russia and the US as the top threats. But the survey results suggest that the perception of cybercrime is changing, and that organisations are now recognising the risk of cybercrime coming from inside.
83% of respondents feared reputational damages as the biggest consequence of cybercrime.
William Beer, director, cyber security services, PwC added: “Reputational damage strikes an organisation at its core. The effects can seriously damage the perception of a brand, leading to loss of market share. As society becomes less tolerant of unethical conduct, businesses need to ensure they place a premium on building public trust.”
Internal v. external fraud
The majority of UK respondents saw fraud coming from outside their organisation, yet over a third found their own employees were responsible for the largest frauds, showing a change in sentiment from the 2009 survey, and also differing from the global response, which indicated more internal than external fraud.
Tony Parton, forensics partner, PwC said: “During a downturn, the ‘corporate core’ of an organisation tends to be hit the hardest, with severe resource cutbacks in areas that are the first and second line defences against fraud, like internal audit. Under-staffing and increased workloads might mean that internal fraud’s going undetected, or that those completing our survey aren’t finding out about it.
“There’s some good news though for UK senior executives since 84% of those who identified an economic crime had carried out a fraud risk assessment, while only 61% of those who failed to identify any crimes had carried one out. So the direct correlation between doing assessments and identifying crimes should give organisations looking to bolster their defences a good starting point.”
Who are the fraudsters?
The typical fraudster committing an internal fraud in the UK is most likely to be: male, aged between 31 and 40, educated to below degree level and having worked for three to five years in the organisation. The global and UK profiles in 2011 are very similar. The main difference is that the UK fraudster is likely to be less educated: global fraudsters are likely to have at least a first degree.
Respondents in the UK also tended to describe their fraudsters as middle management rather than senior executives. One reason for this could be that poor economic conditions are reducing the opportunities for promotion – middle managers in the UK tend to stay at that level for longer than their global counterparts. Indeed, if middle managers can’t get promoted when they feel they deserve to be, they might find it rationalise committing a crime. Global respondents are seeing a return to the situation more common in the past where senior managers exploited their position for their own benefit.
Tony Parton, forensics partner, PwC commented: “There’s a significant 18% rise in the proportion of internal frauds carried out in the UK by middle management since we first reported a ‘cappuccino crime wave’ in 2009. With two-thirds now committed by middle management, it’s surprising that our survey shows only one-third of senior executives were aware of an economic crime being reported in their organisations.
“But our survey does identify one thing that’s far more likely to catch the eye of busy senior executives – cost. In 2011 48% of respondents who noted their most significant fraud as internal estimated their costs to be in excess of $100,000, up by 12% since 2009. Put bluntly, this suggests that not only are middle managers responsible for more internal fraud, but this crime is also costing their organisations significantly more.”