In the latest edition of their Global Economic Crime Survey, PricewaterhouseCoopers have announced a finding of a 20% increase in cybercrime, making it the fastest growing category of economic crime. The UK seems to be the most severely affected, with 55% of organisations being affected by some type of cybercrime, higher than the US which stands at 38%.
Of the UK economic crime (therefore including cybercrime) in 2015, 60% was carried out by external entities and of those committed by employees, the level of that being fraud carried out by senior management rose from 11% to 18%.
The report also pointed out that much of the economic crime which wasn’t classed as cybercrime, was driven by technology, altering the landscape of economic crime in general. While cybercrime has greatly increased, more traditional economic crimes such as asset appropriation have fallen in number.
Of the UK organisations surveyed, more than half said they anticipated being hit by cybercrime within the next two years and only 12% believed that the authorities have the required resource and skills to address this.
The PwC report put some of the cybercrime increase down to the growth in use of IoT devices and cloud-based storage and the growing sophistication of cyber criminals, who no longer target only financial information. Targeted data now includes other customer data and corporate intellectual property, the loss of which can be devastating.
Despite this, the greatest concern of businesses remains the interruption of service, rather than any damage to reputation or loss of intellectual property, with 31% of respondents saying a cyber attack would have a medium or high impact on their services.
Besides reporting on the levels and type of cybercrime, the report also covers the issue of senior management engagement regarding the growth in cybercrime. Disappointingly, only 25% of the companies reported that their board had any involvement in their cybercrime defense plans or had actively asked for information. Unsurprisingly considering the above, only 45% of companies said they had a cyber attack response plan in place.
As any report covering cybercrime continue to discover, companies are ill prepared to deal with a cyber attack and its consequences, despite the high level of media coverage of high profile attacks the message simply doesn’t seem to be reaching the key decision makers. As PwC state, it’s not a matter of if, but when and companies would be well advised to test their defence in depth and plan accordingly for when they become part of the statistics.