Almost 50% of survey participants experience fraud or financial crime, fuelled by cybercrime

Cybercrime tops the list of current threats facing businesses, while emerging risks from ESG reporting fraud and platform fraud could impact businesses in the future. The technology, media and telecommunications sector experienced the highest incidence of fraud across all industries, according to the latest PwC Global Economic Crime and Fraud Survey. The survey shows that organisations' networks are vulnerable and external fraudsters are becoming a bigger threat as attacks increase and become more sophisticated.

The survey of 1,296 business leaders from 53 countries found that cybercrime, customer fraud and asset misappropriation were the most common crimes experienced by organisations, regardless of revenue. The survey includes Ireland, but limited participation prevented separate Irish data extraction.

The report also showed that overall fraud and financial crime rates against business have remained consistent since 2018, despite supply chain issues, environmental and geopolitical instability, an uncertain economy and many emerging threats.

Larger companies are at a greater risk for fraud

While just under half of organisations (46%) reported experiencing fraud or economic crime within the last 24 months, the impact of these crimes has been more substantial. Among companies with global annual revenues over $10 billion, 52% experienced fraud during the past 24 months. Within that group, nearly one in five reported that their most disruptive incident had a financial impact of more than $50 million. The share of smaller companies (those with less than $100 million in revenues) affected was lower; 38% experienced fraud, of which one in four faced a total impact of more than $1 million.

The growing maturity of the technology, media and telecommunications sector helped the sector identify a significant increase in fraud activity since 2020, with nearly two thirds of companies experiencing some form of fraud, the highest incidence rate of all industries.

Cybercrime tops the list of threats

Cybercrime poses the biggest threat to small, medium and large businesses as the impact of hackers rose substantially over the last two years. The rise of digital platforms opens the door to myriad financial crime risks—40% of those encountering fraud experienced some form of platform fraud. In this year's survey results, cybercrime came in ahead of customer fraud—the most common global crime in 2020—by a substantial margin. 42% of large businesses reported experiencing cybercrime in the period, while only 34% experienced customer fraud.

Pat Moran, PwC Ireland Cybersecurity and Digital Forensics Leader, said: "Environmental, geopolitical, financial and social pressures are creating a risk landscape that is more volatile than ever. At the same time, we're seeing an increase in threats from outside the organisation as bad actors form fraudster groups to infiltrate digital platforms. Organisations need to be more agile than ever to respond to these converging threats and adopt new approaches and technologies to predict and prevent fraud.

"In Ireland, in our experience, we have seen increased levels of cybercrime since the onset of the pandemic, particularly phishing and ransomware attacks, partially driven by increased remote working and also by the increased sophistication of cybercriminals. We continue to be a target for cybercriminals due to our large concentration of foreign direct investment. Although the Government has recently strengthened our national defences, we continue to be on high alert."

Emerging risks

Forty percent (40%) of organisations that encountered fraud experienced digital platform fraud. The rise of digital platforms, such as social media and e-commerce, opens the door to fraud and economic crime risks. Platform fraud is not simply an IT cybercrime threat, it is an organisation-wide threat that requires an organisation-wide, cross-functional effort with a diverse community of solvers.

Other emerging risks, including ESG reporting fraud (the act of altering ESG disclosures so that they do not truly reflect the activities or progress of an organisation) and supply chain fraud, have the potential to cause greater disruption in the next few years. For example, just 6% of organisations said that they experienced anti-embargo fraud (participation in unsanctioned foreign boycotts) in the last 24 months. But that may change in the next 24 months as global sanctions rise to the highest levels in recent history.

Similarly, just 8% of organisations that encountered fraud in the last 24 months experienced ESG reporting fraud. But as ESG continues to increase in importance to stakeholders, the incentive to commit fraud in this area may grow.

Furthermore, one in eight organisations experienced new incidents of supply chain fraud as a result of the disruption caused by COVID-19 while one in five sees supply chain fraud as an area of increased risk as a result of the pandemic.

Defence against external threats requires new thinking

The survey finds that threats from external actors are increasing, with perpetrators quickly growing in strength and effectiveness. Nearly 70% of organisations that experienced fraud reported that the most disruptive incident came via an external attack or collusion between external and internal sources.

Respondents also indicated that they are strengthening internal controls, technical capabilities and reporting to prevent and detect fraud. However, defending against new external threats requires a different set of tools. It is unlike the effort to contain internal fraud, because companies have little ability to influence or control the actions of external perpetrators through traditional fraud prevention tools such as codes of conduct, training and investigations.

Deirdre McGrath, Partner, PwC Ireland Forensics and Transaction Services, concluded: "With external fraud growing, companies must think more creatively to help shore up and protect their perimeters. Understanding the end-to-end life cycle of customer-facing products, striking the proper balance between user experience and fraud controls, and having a holistic view of data will help arm businesses in the never-ending fight against fraud."