Cybercrime tops list of external fraud threats faced by businesses globally - PwC

PwC survey finds half of firms have experienced fraud or financial crime in past two years

Irish businesses have seen a rise in ransomware and phishing attacks since the pandemic began. Photograph: Getty Images
Irish businesses have seen a rise in ransomware and phishing attacks since the pandemic began. Photograph: Getty Images

Cybercrime and customer fraud top the list of external fraud threats faced by businesses worldwide, a new global economic crime and fraud survey has found, as almost half of companies surveyed said they had experienced fraud or financial crime in the past two years.

The PwC Global Economic Crime and Fraud Survey found that of those companies encountering fraud, 70 per cent said there were new incidents of fraud as a result of the disruptions caused by Covid-19.

And as attacks become more sophisticated and more frequent, external fraudsters are posing a larger risk to organisations than before.

The report, which includes as respondents 1,296 executives from 53 countries including the Republic, looks at the threat of fraud, the cost of fraud and what companies need to do to develop stronger responses.

READ SOME MORE

“With external fraud growing, companies must think more creatively to help shore up and protect their perimeters,” said Deirdre McGrath, partner at PwC Ireland’s forensics and transaction services. “Understanding the end-to-end life cycle of customer-facing products, striking the proper balance between user experience and fraud controls, and having a holistic view of data will help arm businesses in the neverending fight against fraud.”

Rapid shift

Cybercrime overtook customer fraud in this year’s survey as the most common type of fraud by an external perpetrator experienced by organisations, with the rapid shift to digital over the past two years also opening companies up to more risk.

The highest incidence of cyberattack was in the tech, media and telecoms businesses, with two-thirds of respondents from this sector saying they had experienced some form of fraud. Meanwhile, Irish businesses have seen a rise in ransomware and phishing attacks since the pandemic began.

The consequences can be significant. Among global companies with revenues exceeding $10 billion that had experienced fraud, one in five reported a fraud incident costing more than $50 million.

Of companies with less than $100 million in revenues, 38 per cent said they had experienced fraud, of which one in four were impacted to the tune of more than $1 million.

Forty per cent of those encountering fraud said they had experienced digital platform fraud, which is an organisation-wide threat. Although only 8 per cent of organisations said they had experienced environmental, social and governance (ESG) reporting fraud, that figure was expected to rise as more companies place importance on ESG reporting.

Supply chain

Other types of emerging fraud included supply chain fraud, which came in the context of the disruption caused by Covid-19.

"Environmental, geopolitical, financial and social pressures are creating a risk landscape that is more volatile than ever. At the same time, we're seeing an increase of threats from outside the organisation as bad actors form fraudster groups to infiltrate digital platforms. Organisations need to be more agile than ever to respond to these converging threats, and adopt new approaches and technologies to predict and prevent fraud," said Pat Moran, PwC Ireland cybersecurity and digital forensics leader.

“In Ireland, in our experience, we have seen increased levels of cybercrime since the onset of the pandemic, particularly phishing and ransomware attacks, partially driven by increased remote working and also by an increased sophistication of the cyber criminals.”

Mr Moran said Ireland’s large concentration of foreign direct investment made it a target for cybercrime, and the country remained on high alert.