PwC Ireland survey reveals business fraud at a record high, driven by cybercrime

10 September, 2020

Fraud and economic crime is at a record high in Ireland, impacting companies in more ways than ever, according to PwC's Irish Economic Crime Survey. Over half (51%) of Irish companies experienced fraud in the last two years, which is higher than global companies (47%). Of those that experienced fraud, 61% experienced two or more incidents in the two-year period.

The report forms part of PwC's biannual research examining over 5,000 responses from 99 countries including Ireland. It provides insights into the threat, cost of fraud and what companies need to do to develop stronger proactive responses.

Photo of a man working on his computer in the dark, surrounded by glowing, green-coloured screens.

Speaking at the launch webinar of the 2020 Irish Economic Crime Survey, Detective Chief Superintendent Pat Lordan of the Garda National Economic Crime Bureau said, "PwC's research highlights that cybercrime is the most prevalent of economic crimes and is a huge cost for businesses. From the survey, 69% of frauds are committed by external parties which is in line with our recent experiences. In a world that has become even more complex, we will continue to work closely with businesses, the ODCE, Regulators and international colleagues in the detection of economic crime and fraud. This study provides a valuable benchmark into the levels of fraud and economic crime in Ireland, how it is impacting businesses and the measures to combat crime".

Pat Moran PwC Ireland's Cyber leader said, "Our experience also shows that businesses suffer an increasing level of fraud during and post crisis. As the COVID-19 pandemic continues, many organisations continue to review their business models in an attempt to operate with a reduced cost base. However, this may give rise to a perfect storm for fraud. For example, increased remote working may lead to an increased likelihood of successful phishing or smishing attempts as security defences may have become weakened".

Incidence of cybercrime double that experienced by global companies

According to the research, cybercrime (69%) is by far the most prevalent type of fraud committed in Ireland, up from 61% two years ago, and double that experienced by global companies (34%). The survey further reveals that cybercrime in Ireland is three times more disruptive than the experience globally.

Will O'Brien, Director PwC Ireland Cyber Practice commented, "This is a significant finding given that Ireland is now Europe's largest data hosting cluster. This finding is a concern for Ireland's digital economy and highlights the importance of continued investment and resources in cybersecurity to mitigate cyber-risk and ensure we are cyber-resilient at a national level".

Cybercrime, customer fraud and accounting fraud are the three most disruptive types of fraud

Four out of ten (41%) Irish respondents experienced customer fraud, higher than global peers (35%). Fraud committed by the customer is one of the types of fraud where dedicated resources, robust processes and technology have proven most effective for prevention. Other common frauds in Ireland are asset misappropriation (23%), accounting fraud (15%) and money laundering (13%).

Deirdre McGrath Partner PwC Ireland Forensics commented, "When we look at fraud by industry sector, our survey shows cybercrime, customer fraud and accounting fraud are the three most disruptive types of fraud across the sectors. This is not surprising in our experience, given the potential for these types of fraud to not only cause financial damage, but also impact on brand, reputation, employee morale and market share".

The cost of fraud is substantial

Fraud hits businesses from all angles and the costs can be huge.

  • Over one in ten (13%) Irish respondents who experienced fraud in the last two years reported losing more than €4 million. A further 18% said that the cost of the fraud was immeasurable or they did not know its cost
  • A similar proportion (11%) said that they spent over €800,000 on remediation after the incident, including for example improving internal controls, conducting training and introducing new technologies. These costs can often be as or more significant than the costs of responding to the fraud incident in the first instance
  • 62% plan on increasing the resources used to combat fraud in the next two years

Significant upside to taking action when fraud strikes

The first critical step companies should take to combat fraud is to know their risks, understand their vulnerabilities, and the protocols they have in place to mitigate those risks. And since the onset of the pandemic, 68% of respondents have enhanced their internal controls in the combat of fraud and economic crime. Suspicious activity monitoring (28%) was the most common way in which fraud was detected by Irish companies, though there is room for an increasing role for analytics and software in the detection of fraud. Nearly a fifth (18%) of frauds were discovered either by tip-offs or by accident.

When fraud occurs it is important to respond quickly and do a thorough fact finding investigation. The organisation needs to understand what they could have done better, to prevent and detect the fraud earlier, so that they can avoid similar damages in the future. Key determining factors in having a better outcome from a fraud incident are having access to data, timely response, effective communication, having a plan and following it, and acting as a team. Our survey shows nearly half (46%) of Irish organisations did not report the crime to their Board, just 26% introduced new technologies and one in five (21%) did not conduct an investigation at all.

Surprisingly, the majority of survey respondents (62%) reported that their organisation emerged in a better place following a fraud incident, citing attributes such as an enhanced control environment, streamlined and improved operations and introduction of new technology.

More to do on investing in technology in the combat of fraud

As in previous years of our research, technology continues to be underused in the battle against fraud with Ireland lagging global peers. Fewer than two in 10 Irish businesses strongly agree that they've been able to upgrade their technology to combat fraud over the last two years (Global: 29%), largely due to cost.

While technology is just part of the answer in fighting fraud, the report finds that more use of disruptive technologies can be made. For example, Irish businesses are lagging behind global counterparts in utilising or finding value from Artificial Intelligence (AI)—a technology that is even more prevalent today—as a fraud-fighting tool. 58% of Irish organisations are not using or finding value from machine learning (ML) versus 31% globally. It is worrying that Irish companies are not seizing the opportunity that technology, such as AI and ML can offer to proactively detect fraud. The benefit in using technology to fight fraud is undeniable but organisations must also recognise that using tools or technology alone does not amount to an anti-fraud programme.

Deirdre McGrath concluded, "Economic crime is on the rise in Ireland. To combat fraud, businesses need to relook at their risks in this new environment, and the suite of anti-fraud tools they use to prevent and detect fraud. Importantly, the right governance and a good culture are also required to effectively fight fraud".

Notes to editors

What can organisations do to identify and prevent fraud?

Three steps to combat fraud.

1. Taking action: being prepared

Investing in preventing fraud pays dividends but is your organisation doing enough? Barely half of the organisations in our survey allocate dedicated resources to fraud risk assessment, governance and managing third parties. To raise your game in preventing fraud, you should focus on three actions. First, identify, rank and address all the risks. Second, back up anti-fraud technology with the right governance, expertise and monitoring. And third, take notice of fraud when it happens.

2. Responding: doing the right thing

When an organisation is hit by fraud, how should it respond? Nearly half of the companies in our study said they didn't conduct an investigation. But of those who did, 60% ended up in a better place afterwards. In fact, the disruption caused by fraud can act as a positive, a trigger to an organisational transformation that strengthens the organisation's defences and responses for when the next fraud comes along.

3. Emerging stronger: measuring success

Nearly 40% of companies in our survey plan to increase their spend on fraud prevention in the next two years. But will they see a return on their investment? The answer is probably yes: our research reveals a clear link between fraud prevention investments made upfront and reduced cost when a fraud strikes. For example, we found companies with a dedicated fraud programme in place spent 42% less on response and 17% less on remediation costs.

About the report

PwC's biannual research, carried out in Winter Autumn 2019 on business fraud, examines over 5,000 responses from 99 countries including 76 finance and information technology leaders in Ireland. The report provides insights into the threat, cost of fraud and what companies need to do to develop stronger proactive responses. The Irish report 'Fraud and Economic Crime 2020' is launched in Ireland today, with the majority of the field work carried out in Autumn 2019 and updated in key areas on 9 September reflecting COVID-19. The survey includes responses across major Irish industry sectors including: Government agencies, banking, financial services, aviation, legal, retail, property and education.

Other details about fraud and economic crime in Ireland according to the report include:

51% of Irish organisations experienced fraud, up from 49% two years ago and 26% in 2010.

Cybercrime was by far the most common type of fraud. Of those who experienced business fraud, 69% was cybercrime, twice the global experience (34%) and up from 61% two years ago and 45% in 2014.

Most business fraud in Ireland is committed by external perpetrators (69%), including customers, suppliers, competitors and hackers (Global: 39%). While these are the main sources of fraud the survey confirms that, in some instances, there will also have been collusion.

When dealing with a fraud incident, just a quarter (26%) of Irish respondents had access to key data/information and were able to leverage it appropriately (Global: 39%).


About PwC
At PwC, our purpose is to build trust in society and solve important problems. We're a network of firms in 157 countries with over 276,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at pwc.com.

PwC refers to the PwC network or one or more of its member firms or both, each of which is a separate legal entity. Please see pwc.com/structure for further details.

© 2020 PwC. All rights reserved.

Contact us

Pat Moran

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 5308

Johanna Dehaene

Corporate Communications, PwC Ireland (Republic of)

Tel: +353 1 792 6547

Follow PwC Ireland