Economic crime is a huge threat. But are businesses ready?
For the most part, no, businesses are not keeping pace.
PwC has put out their 2016 Economic Crime Survey. It’s no surprise really that cybercrime has jumped from it’s past 4th place finish, to 2nd place this year – comfortably nestled right behind the #1 crime, asset misappropriation.
After all, we do live in an digital age. We can do things faster and quicker. We have tools and platforms to make connections with customers, vendors, and partners all over the world.
However, cybercrime does play it’s role in limiting the speed in which we can do all things digital.
Of course cybercrime is all over the headlines so it’s no surprise really that it’s the only crime in the survey that registered an increase. Over a quarter of the respondents said they had been affected by cybercrime. Unfortunately for another 18%, they didn’t know whether they had or not… scary!
It’s also a global issue affecting countries all over, and permeating every industry. Even those who previously thought themselves immune.
But one interesting result that came out of this survey is that cybercrime is not an IT problem like most believe. It’s actually a business risk that like any other, needs to be managed accordingly. Because it’s not just about credits cards and cash anymore. It’s about intellectual property, brands, and reputation.
So not surprisingly, only four in ten companies in the survey have personnel that are “fully trained” to act as first responders, and the majority of these (73%) are IT security staff.
But the mitigation of this risk is the responsibility of the entire organization. The non-financial aspects like reputation, brand, and employee morale can be far more damaging and have longer term negative consequences for a company.
Therefore, there needs to be a cybercrime section build into every risk management framework. But is that happening?
According to the survey, 1 in 5 respondents are not aware of a formal ethics and compliance program in their company. Although 82% of companies say they have a formal plan in place. It would appear that communication of said plan has failed, if it actually does exist.
Here’s another interesting finding from the survey. Seventy six percent of companies rely on internal audit to ensure the effectiveness of their ethics and compliance programs. Interestingly though almost half of the incidents of serious economic crimes were perpetrated by internal parties. This fact is corroborated by the ACFEs Report to the Nations. Their findings from 2014 state that the higher the perpetrator’s level of authority is, the greater the losses tend to be.
It’s easy to raise your hand and wave the white flag in defeat.
We say not so fast.
The survey mentions, and we fully stand behind the fact that economic crime is a poor decision driven by human behaviour. So why shouldn’t the answer start with people. Your people. In your company.
This means communicating clearly processes and policies to all employees. It also means creating a culture where every employee is driven to uphold the company’s values.
Put the Spotlight on your risk
Different companies and industries have different risks. But these organizations struggle to drill down into the heart of these risks to learn what they are so that they can be addressed. And to make matters more difficult, is that investors, consumers, suppliers, and third-parties require increasing evidence of an organization’s commitment to doing the right thing. In fact the SEC has issued a warning that future examinations will consider a company’s cyber response capabilities.
Many crimes start with employees. They can also end with employees. Companies need to start gathering important data from employees.
The absolute best method to do this is via an ethics reporting platform. The PwC survey cites that only 42% of surveyed companies are monitoring whistleblower hotline reports. However, the ACFEs Report to the Nations cites that anonymous tips are by far the most effective way to detect misconduct. So why aren’t more companies embracing ethics hotlines?
With the growing pressure for organizations to provide evidence of their commitment to do the right thing, they really need to start implementing ethics hotlines and case management systems to collect and report on instances of misconduct. It’s not a complicated matter. Nor is it expensive.
Some closing advice from the survey: “if you see someone else in your sector getting attacked, it is wise to assume you may be next in the bullseye.”
[source]Global Economic Crime Survey 2016[/source]