A much wider awareness and understanding of the range, threat and cost of fraud in business has driven reported economic crime to its highest level recorded in PwC’s bi-annual survey of business crime. Fraud and cybercrime in Ireland has hit record levels, the costs, especially post the event, are significant. Irish businesses are investing more than global companies to combat crime but more can still be done. These are some of the key findings in the PwC 2018 Irish Economic Crime and Fraud Survey published today.
Pictured are (l-r): Kenan Furlong, Partner, A&L Goodbody; Detective Chief Superintendent, Patrick Lordan, Garda National Economic Crime Bureau and Pat Moran, Partner and Cyber Leader, PwC
In line with the global trend, half (49%) of Irish firms have suffered economic crime and fraud in the last two years, up from a third (34%) in 2016 and 26% in 2010. Cybercrime (61%) leads economic crime experienced in Ireland, and has overtaken asset misappropriation (29%) for the first time. Consumer fraud (42%) and business misconduct (16%) also feature prominently.
Speaking at the launch of the 2018 PwC Irish Economic Fraud Survey, Detective Chief Superintendent, Patrick Lordan, Garda National Economic Crime Bureau, said: "The research highlights that economic crime, fueled by cybercrime, is becoming more prevalent and more costly for Irish businesses. It is encouraging to see that Irish companies are spending significant resources in the combat of crime and it is essential that these efforts continue. In a world that has become ever more complex, we will continue to work with businesses, Government, the ODCE, Regulators and international colleagues in the prevention and detection of economic crime and fraud. This study provides a valuable benchmark into the levels of economic crime and fraud in Ireland, how it is impacting businesses and the measures to combat crime.”
While two-thirds (66%) of survey participants reported the cost of the most disruptive crime to be less than €810,000, we see a growing trend of larger losses represented in the survey with over one in ten (11%) suffering significant frauds in excess of €4m, up from just 3% in 2016. It is also worrying that almost a fifth (18%) of participants revealed that they either did not know the overall cost or that it was immeasurable.
The clean-up costs of economic crime are also substantial. For example, seven out of ten (69%) participants confirmed that they had spent the same or more on the subsequent investigations as the actual crime itself – and was substantially more than the global experience (46%). Interestingly, the survey also suggests that few Irish businesses fully appreciate the impact of fraud on employee morale, business relations and their reputation/brand while global companies are much more aware of the potential collateral damage.
Pat Moran, PwC Ireland Cyber Leader, said: “Actual crime could well be higher than reported crime which makes the findings from this survey even more concerning. What the survey is clearly showing us is that there is a better understanding of what fraud is through risk assessments and where it is taking place through cyber security programs.
“However, despite the progress in understanding and reporting, the fact that just over half (51%) say they have not, or don’t know if they have experienced fraud in the past two years, suggests blind spots still exist in many organisations.”
The survey reveals that the incidence of cybercrime in Ireland has increased substantially - 61% reported having suffered cybercrime over the last two years compared to 44% in 2016 – and is double global levels (31%). A similar proportion (61%) also expect even more cybercrime in the future, up from 36% in 2014.
Phishing was the most prominent (66%) technique for targeted cyber attacks, followed by malware (56%); surprisingly this was substantially less for global companies (33% and 36% respectively).
According to the survey, half (51%) of Irish participants had increased the level of spending on efforts to combat fraud in the last two years (Global: 42%). This trend looks like continuing with 59% planning to step-up these efforts in the next two years (Global: 44%).
Six out of ten (60%) performed fraud risk assessments in the last two years (Global: 54%). It is disappointing, at the same time, that four out of ten (40%) Irish companies have not yet undertaken any fraud risk assessments.
Irish companies are also doing more than global counterparts to prevent and detect cybercrime. For example, three-quarters (75%) had a fully operational cybersecurity program (75%) in place to deal with cyber risks (Global: 59%) while 73% had performed a cyber attack vulnerability assessment in the last two years (Global: 46%).
Pat Moran commented: “As the value of transactions over the internet increases exponentially year-on-year, fraudsters are turning to new ways of re-directing funds and are successfully achieving their goals. The funds allocated to crime detection and prevention are increasing, with Irish companies investing more than global companies, and that has a multiplier effect in terms of understanding and detecting fraud. With the rise in reported frauds, this may suggest that Irish companies have been rewarded for their efforts to uncover crime. But fraud levels are still rising. Put simply, the impact of fraud is no longer an acceptable cost of business.”
The survey reveals that there are significant opportunities in Ireland to further leverage certain emerging technologies to help combat fraud and economic crime. Just one in ten (11%) said that they used technology to detect fraud compared to a quarter (23%) of global companies. Just 15% had used data analytics and only 6% had used Artificial Intelligence in the last two years to help combat fraud which also lagged global companies.
Pat Moran continued: “There is a real opportunity to make the business case for robust new investments in fraud prevention and detection through the use of emerging technologies. Leading global companies are leveraging innovative and cloud-based techniques to identify suspicious patterns and pre-empt economic crime and fraud.”
“Fraudsters are becoming more strategic in their goals and more sophisticated in their methods. It’s a big business in its own right. It is an enterprise that is tech-enabled, innovative, opportunistic and pervasive – like the biggest competitor you did not know you had.”
Nearly half (47%) of Irish respondents said that changes in the geopolitical landscape will increase the opportunities for fraud in the next two years (Global: 26%).
With the public’s tolerance for corporate and personal misbehavior declining, in addition to beefing up their internal corporate controls, almost a quarter (22%) of Irish respondents reported detecting fraud via tip-offs.
Pat Moran concluded: “We are seeing more and more organisations now recognising that fraud is simply too costly to ignore. Fraud is the product of a complex mix of conditions, only some of which can be tackled by corporate controls and machines.
“Organisations should also ensure that they have the right culture, including setting the tone from the top with a spirit of open accountability, where people in the organisation understand what is acceptable behaviour. While corporate controls and technology have a strong role to play in monitoring and detection, when it comes to blocking that ‘last mile’ to fraud, the returns from people initiatives are likely to far exceed those from investing in another piece of technology.”
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 158 countries with more than 236,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
©2018 PwC. All rights reserved