Third of UK Firms Have Experienced a Security Breach Since 2020

Cyber-threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC.

The consulting giant’s latest Global Economic Crime Survey revealed that nearly two-thirds (64%) of UK businesses experienced fraud, corruption or other economic/financial crime during the past 24 months, a significant increase on the 56% recorded in 2020, and 50% in 2018.

It’s also much higher than the 2022 global average of 46%, PwC said.

Cybercrime was the most commonly reported fraud type, although figures here dropped from 42% in 2020 to 32% in 2022. Included for the first time in the report, supply chain incidents accounted for 19%.

Most (51%) reported fraud cases in the UK were traced back to external parties, versus just 43% globally. The top three culprits were cited as customers, hackers and vendors/suppliers.

PwC’s head of digital & forensic investigations, Fran Marwood, said it was surprising to see a decline in cyber breaches.

“From what we are seeing in the market, I believe some of the trends are temporary, with, for example, instances of fraud and misconduct potentially remaining undiscovered as traditional controls and corporate culture evolve to keep pace with remote working,” he added.

“Encouragingly, in some cases, incidences of economic crimes have reduced due to the investment organizations have made in effective compliance programmes, cyber-defenses and fraud prevention controls.”

The potential financial impact of these incidents is high: almost a quarter of UK respondents claimed the figure to be between $1-5m.

“With fraud now a greater and more costly threat than we’ve seen before, and the risk landscape continuing to undergo rapid change, it is important that organizations invest in prevention, and take the time to make sure their defenses are match-fit for any attacks,” Marwood concluded.

“Organizations also need measures in place so they can act at pace when fraud happens to them. Failing to do so can end up with them suffering the penalty.”

What’s Hot on Infosecurity Magazine?