Cybercrime now ranks as one of the top four economic crimes, according to the survey. “This is quite remarkable because in past years it wasn’t present”, commented William Beer, director of PwC’s UK cyber and information security practice. “Cybercrime has now come into the spotlight and is obviously a significant area of concern”, he told Infosecurity.
The perception of cybercrime as a predominantly external threat is changing, and organizations are now recognizing the risk of cybercrime coming from inside as well. PwC surveyed 3,877 respondents from 78 countries for its annual economic crime survey.
Beer noted that 40% of the organizations surveyed cited damage to reputation as a major concern from cybercrime, and this concern is triggering increased spending on preventative measures.
Respondents said the IT department was the most likely source of cybercrime internally. IT was cited by 53% of respondents, followed by operations (39%), sales and marketing (34%), and finance (33%).
While half of all respondents noted increased awareness of the cybercrime threat, the majority of respondents said they do not have a cybercrime crisis response plan in place or are not aware of having one. And 60% said their organization does not monitor social media sites.
“Organizations do need to review the way they use social media. Many organizations have structured themselves to use social media, for marketing and customer feedback, for example. However, many of them have not thought about social media from an information security point of view….The IT team has not kept pace with the developments here”, he observed.
The survey found that the typical profile of an internal cybercrime fraudster was a junior employee or middle manager (cited by 85%), under the age of 40 (65%), and employed by the organization for less than five years (50%).
Those who said cybercrime was more likely to originate from sources outside their home country listed Hong Kong and China, India, Nigeria, Russia and the US as the countries perceived as the top cybercrime threats.
“The 2011 PwC Global Economic Crime Survey is an astonishing read and serves as a wake-up call for all organizations that use computers in their daily business”, commented Wolfgang Kandek, chief technology officer at IT security risk and compliance firm Qualys. “It outlines the significant rise of cybercrime, which is now at 23%, a major factor in fraud losses at global organizations. It also dispels the notion that small organizations do not have to worry about fraud; almost half of the reported cases were detected in organizations of 1,000 employees or less and almost one-fifth in even smaller companies with fewer than 200 employees”, he added.
Ross Brewer, vice president and managing director of international markets at IT audit and data logging specialist LogRhythm, said he was not surprised by the survey’s finding that 40% of companies do not have the capability to detect and prevent cybercrime. “The volume and severity of breaches this year have made it patently obvious that many organizations have severely limited visibility into what exactly is happening within their own systems”, he lamented.