Australia has been identified as a country that is a ‘top hotspot for cybercrime’, according to PwC’s Global Economic Survey for 2016.
According to the survey, more than one in 10 Australian organisations report losses of more than $1 million each in the last two years.
On top of this, the report says that only 42% of Australian organisations have a fully operational incident response plan, and only 40% organisations think that their first responders are fully trained.
James Walker, founder and managing director of Brisbane-based IT outsourcing company, has been working in the IT industry for more than 20 years and says he has never seen cyber crime being so organised and powerful. As part of its operations, Computer One provides cybersecurity audits to both Australian and multinational companies.
When it comes to Australian organisations and cyber crime, he says, “There are at least 15 major channels for data to leak out of your organisation. If you don’t have a plan to mitigate risk in every one of them then you are simply passing time until you lose your intellectual property.”
According to Walker, “Security is now a sub-set of IT Management that requires a specialist approach. The tools require specialist training. For example, the hackers’ methods need to be studied in detail and there’s more at stake than ‘business as usual’ processes. In a way, it’s like the difference between a GP and a surgeon.
“Cryptolocker showed us that every company can be a victim of cybercrime, no matter how mundane the industry. It doesn’t matter whether or not the hacker thinks your data is important – if YOU think it’s important then you are a good target.”
He says, “Only by being proactive about protecting their assets does an organisation have a chance to avoid being the victim of a major breach.”
On a global scale, the PwC survey found economic crime continues at an unprecedented rate in 2016.
More than a third of organisations have experienced economic crime in the past 24 months, as reported by over 6,000 respondents to PwC’s Global Economic Crime Survey 2016. This year’s results show that the incidence of economic crime has come down, for the first time since the global financial crisis of 2008-9 (albeit marginally by 1%).
At first glance, this could be evidence of a return on the investments in the preventative measures which organisations have been making over the past few years. But as we look at the data more closely, it is possible that this small decrease is actually masking a greater trend: that economic crime is changing significantly, but that detection and controls programmes are not keeping up with the pace of change. What’s more, the financial cost of each fraud is on the rise, PwC finds.
This year’s report illustrates how economic crime has evolved over the last two years, morphing into different forms depending on industrial sector and region.
Despite this evolving threat, PwC says it has seen a decrease in the detection of criminal activity by methods within management’s control, with detection through corporate controls down by 7%. What’s more, one in five organisations (22%) have not carried out a single fraud risk assessment in the last 24 months.
When looked at in the context of the findings in PwC’s 19th Annual Global CEO Survey – where two-thirds of chief executives agreed that there are more threats to the growth of their company than ever before (a sharp increase, compared to 59% in 2015) – this points to another trend: that too much is being left to chance. In fact, the findings indicate that one in ten economic crimes are discovered by accident.
Today, more than ever before, a passive approach to detecting and preventing economic crime is a recipe for disaster. To underscore this fact, the survey uncovered a widespread lack of confidence in local law enforcement – a phenomenon that is not limited to regions or level of economic development.
The message is clear: the burden of preventing, protecting and responding to economic crime rests firmly with organisations themselves, PwC says. And, there are various things businesses can do better to tackle these threats, such as implementing more sophisticated and effective measures that not only reduce these risks, but also bring the benefits of a more threat-aware business, confident of its defences in a changing world.
Walker added, “Your brand can be valued as the sum total of all the profit you will make in the foreseeable future simply, because of the trust that is placed in your products or services. Imagine the impact of a breach of that trust on your brand – that’s how much it is worth to have your data protected.”