PwC reveals full extent of cybercrime in 2016

Cybercrime is now the second highest reported economic crime in the world, a new report reveals.

PwC has released the results of its Global Economic Crime Survey 2016, which found that almost two-thirds (61 per cent) of CEOs around the world are concerned about cybercrime and the effect it could have on their organisation.

In particular, the majority of respondents are worried about the potential impact that breaches might have on their brand’s reputation, with these concerns often closely linked to potential financial and legal damage as well.

Here, we take a look at the true extent of cybercrime in 2016, before discussing why financial services organisations need to be prepared for the threat of an attack, as well as the value that cyber security experts can add to a business.

The true extent of cybercrime

PwC found that 32 per cent of global organisations have been affected by cybercrime, with a further 34 per cent believing that they will be the target of a breach or attack within the next two years.

Despite this, just 37 per cent of financial services firms have an adequate cyber incident response plan in place, meaning around two-thirds are unnecessarily leaving themselves open to risks.

What’s more, 19 per cent of those questioned didn’t even know whether or not their company had a response plan, which meant they were inadvertently placing themselves at an even greater risk of suffering a breach. A further 12 per cent were in the process of implementing such a strategy, while 14 per cent had no intentions to bring in this kind of plan in the near future.

Arguably even more concerningly, 18 per cent of CEOs didn’t know if their business had been the victim of a cyber security breach, suggesting that their data and assets could currently be under attack without them being aware. PwC discovered that hackers regularly linger on companies’ networks for several weeks or months at a time, remaining undetected the whole time.

Furthermore, the cost of cybercrime is continually increasing, with some businesses reporting losses of $100 million (£70.5 million) or more.

Why financial services need to be prepared for cybercrime

It is not just financial losses that organisations need to be concerned about though, as the PwC report found that cyber breaches often led to increased compliance-related risks for affected businesses. Eight per cent of respondents cited this risk as high, while the majority (67 per cent) said a cyber attack had led to at least some regulation-related risk for their company.

This is a particular concern for banks and other organisations in the financial services sector where compliance is a vital factor. If a breach adversely affects operations so that a bank is no longer working in a compliant manner, the legal consequences could be severe, and the reputational damage potentially irreversible.

In light of this, businesses need to make sure they are staying ahead of the game when it comes to strengthening their cyber security credentials – after all, statistics show that failure to do so could cost them millions.

Kris McConkey, cyber security partner at PwC, commented: “Organisations today are able to cover more ground, more quickly, than ever before – thanks to new digital connections, tools and platforms which can connect them in real time with customers, suppliers and partners. Yet at the same time, cybercrime has become a powerful countervailing force that’s limiting that potential.”

The report added that organisations need to remember that cybercrime is not solely an IT-related problem, but that it is in fact to do with much more than that. Cyber security and risk management need to go hand-in-hand, while the actions of people in all departments, not just IT, can also be accountable for leaving a business open to breach.

The value of cybercrime experts

PwC’s findings not only demonstrate the growing prominence of cybercrime, but also the increasingly pressing need for organisations of all sizes to invest in the recruitment of an experienced IT security professional.

As cyber attacks are closely related to a number of other areas, such as risk management and regulatory compliance, recruiting a cyber security expert can have significant long-term benefits for a business’ reputation, finances and even legal standing.

While it is important to have such an expert on hand, Mr McConkey concluded that when it comes to digital security, it is vital that “everyone in the organisation – from the board and c-suite to middle management and hourly workers – sees it as their responsibility”.

Our Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.