PwC report highlights senior management complacency about security

PwC analyzed 3877 responses from 78 different countries, and found that cybercrime accounts for 38% of economic crime incidents in FS compared to 16% in other industries. This is not surprising, says Andrew Clark, forensic services partner at PwC “given the sector holds large volumes of the type of data cybercriminals are interested in and there is an established underground economy servicing the needs of the market for stolen and compromised data.”

What is surprising, however, is that the report shows the extent to which security is still a reactive rather than proactive process, even in heavily regulated industries. “Regulators are increasingly viewing cybercrime as a key area of focus and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat,” noted Clark. But the survey also reveals that the industry’s biggest concern is reputational damage (40%), above loss of personal data (36%) and intellectual property (35%).

Since reputational damage occurs after a breach and is the greatest concern, it would be reasonable to expect post-breach damage limitation to be high on the FS agenda. It isn’t. “We expected most organizations to have cybercrime incident response mechanisms in place,” said Clark. “To our surprise, only 18% of FS respondents said they had in place all five measures specified in our survey. It appears that some FS organizations are complacent about the risks that cybercrime poses, in spite of serious concerns about potential damage arising from cyber threats.”

Worryingly, PwC suspects the problems stem from the top. Clark believes that “the FS sector’s increase in accounting fraud may be partly due to greater incentives for staff to hit targets... This suggests that the ‘tone at the top’ and overall senior management attitude to fighting fraud is worsening, and presents an increasing challenge for non-executive board members.”

The report concludes, “Those organisations ready to understand and embrace the risks and opportunities of the cyber world, will be the ones to gain competitive advantage in today’s technology driven environment. Establishing the right “tone at the top” is key in the fight against economic crime.”

What’s Hot on Infosecurity Magazine?