The perceived risk of cybercrime to Canadian organizations is on the rise according to a new report on economic crime from PwC. The 2011 Global Economic Crime Survey ranks cybercrime as one of the top four economic crimes (23%), slightly behind accounting fraud and bribery and corruption (24%). Asset misappropriation (or theft) is the top crime, reported by 72% of organizations around the world who were victims of economic crime in the past year.
Overall 32% of the Canadian respondents from business and government said they were victims of some form of economic crime during the past 12 months, a decrease of 24% from PwC’s 2009 survey. “Canada has historically reported higher instances of white-collar crime than our global counterparts but the 2011 results show that we are now reporting fewer instances,” says Steven Henderson, National Forensic Services Leader at PwC.
He continues, “This could be for a few reasons: better diligence in implementing anti-fraud regimes within companies, the effects of the Canadian economy being stronger over the past two years than other countries resulting in an environment with less visibility of fraud which normally arises during a downturn, or the fact that crimes like cybercrime or collusion between parties are still being committed but are inherently more difficult to detect.”
When it comes to cybercrime, 38% of Canadian respondents believe their perception of its risks has increased and the majority (57%) believe the greatest threats are coming from outside of their organizations – from external sources residing within Canada and abroad. Globally, the following alphabetically ordered countries are reported as the top 5 most likely places that cybercrime originates from:
- Hong Kong and China
“Cybercrime is global in nature and traditional geographic borders do not provide protection,” says Henderson. “Organizations should have a clear understanding of current and emerging cybercrime threats, and management needs to understand the risks and opportunities that are inherent in a cyber world.”
However, while companies may recognize the significance of protecting and investigating cybercrime incidents, only 36% of the Canadian respondents said they have in-house capabilities to investigate cybercrime and less than half have access to forensic technology investigators who can create effective response mechanisms and policies. In addition, nearly half of the Canadian organizations reported that they had not received cyber security related awareness training in the past year. Only 21% said that senior executives review the risks that cybercrime presents on an annual basis, further supporting the more “reactive culture” to crime prevention found in the survey results.
More traditional types of fraud such as theft are most often being committed within the company, by employees (56%), while external fraudsters were the main perpetrator 40% of the time, according to global respondents.
The typical internal fraudster was profiled to be male (77%), between the ages of 31 and 40 years old (43%), a first degree graduate (37%) and had been employed with the organization between three and five years (30%). In addition, 39% of the perpetrators were classified as junior staff, 41% as middle management and 18% as senior management. “Crimes by senior management tend to be more sophisticated, larger in dollar value and more difficult to detect,” says Henderson. “This could be a factor in why frauds committed by senior management were not identified nearly as often as those committed by more junior staff.”
When employees have been identified as committing economic crimes, they are most often dismissed from their jobs (77%). Forty-four percent of the time law enforcement is involved and in 40% of the incidents, civil action is taken.
Henderson concludes, “When senior management takes an active interest in fraud within their organization and takes strong disciplinary action towards the perpetrators, the right ‘tone at the top’ is established. A corporate culture that clearly stresses the importance of integrity, where executives are seen as “walking the talk” and that has a well communicated and comprehensive anti-fraud regime, is less likely to be victimized by economic crime.”
Methodology – PwC’s Global Economic Crime Survey 2011 continues to provide insight into the state of economic crime worldwide. The 2011 survey was completed by 3,877 respondents from 78 countries. Of the total number of respondents, 52% were senior executives, 36% represented listed companies and 38% represented organizations with more than 1,000 employees.
This year’s Canadian report is divided into two sections (1) Cybercrime – awareness of the crime, how it impacts organizations, and what actions are taken to address risks; and (2) Fraud, the fraudster and the defrauded – the types of fraud committed, who is committing them, how they are detected and actions taken by organizations in response.