As you are no doubt aware, the internet has become the primary vehicle via which criminals and fraudsters now ply their trade. A recent report, authored by global accountancy and consultancy firm, PWC (www.pwc.co.uk), has highlighted just how serious the cybercrime problem is and the risk cybercrime poses to UK businesses.
First things first, a copy of an overview of the report can be found here: http://www.pwc.co.uk/forensic-services/assets/gecs/gecs-uk-brochure-2016.pdf. It’s not too long and makes for some very interesting reading.
As a snapshot though, the key things to take away from the report are as follows:
- 55% of the companies responding to PWC had experienced some form of economic crime;
- Cybercrime was the second most common form of fraud perpetrated against UK companies at 44% of all crimes, only slightly behind asset appropriation at 49% of all crimes.
- 77% of respondent companies performed a fraud risk assessment no more frequently than once per year;
- Only 12% of respondent companies felt that the UK authorities had the necessary skills and resources to tackle or assist with cybercrime;
- 31% of fraud against companies was committed or facilitated by staff of the company involved, with over 50% of such activity occurring within middle and senior management; and
- Only 43% of respondent companies had a cybercrime response plan in place despite over 50% believing that they would be subject to some form of cybercrime in the next 2 years.
Most notably was the fact that instances of fraud and cybercrime had both increased significantly since PWC’s last report in 2014.
What does this tell us? First and foremost, it tells us that cybercrime is becoming more and more prevalent, and that UK businesses are more at risk than ever of being subject to some form of cybercrime. It also tells us that businesses need to look inwardly as much as outwardly when it comes to its strategies to protect against cybercrime.
Finally and perhaps most importantly, it highlights a significant shortcoming in companies’ planning and procedures for dealing with cybercrime should the worst happen. At the very least, companies that are reliant on IT systems (so, pretty much every company) should have clear IT policies covering how staff can use the IT systems, disaster recovery plans and now, cybercrime response plans that clearly detail how the organisation will respond to any instance of cybercrime.
If you have any questions or want to discuss any issues relating to cyber security or cybercrime, please do not hesitate to get in contact.
These notes have been prepared for the purpose of an article only. They should not be regarded as a substitute for taking legal advice.