According to the survey, 46% of public sector respondents have experienced cybercrime in the last year (up from 37% in 2009). This is well above the average 36% across all the sectors covered by the survey. It is not surprising, says the report, given the effect of public sector cuts in so many countries.
The three main types of fraud are asset misappropriation, accounting fraud, and bribery and corruption. All are on the increase in the public sector: asset misappropriation has been suffered by 75% of the respondents. The report highlights that the collateral damage to an organization’s reputation and relationships with regulators, suppliers, employees and the public, is a widely held concern.
“Damage to an organization’s reputation and the potential loss of data,” comments Andrew Miller, PwC’s head of information security in government, “are high on the public sector’s agenda when it comes to the impact of cyber attacks. This is hardly surprising given recent high profile cases of data security breaches.”
There are many things that need to be done. The public sector needs to respond in the same way as the private sector, “by tightening up their controls and investing in fraud prevention techniques,” says Ian Elliott, a partner in PwC’s forensic services. But the public sector also needs to change its practices. The report shows that public sector organizations are continuing to maintain business relationships with third parties that have already defrauded them. While around 50% of private sector companies terminate such relationships, only around a quarter of public sector organizations do so.
“It is vital,” concludes the PWC report, “that organisations continue to ensure that they are investing in fraud prevention and detection methods and that senior management is setting a tone from the top that encourages, and rewards, ethical behaviour.”