27 Mar 2012

Cybercrime a growing threat for financial services sector

Financial services firms are the most likely to be targeted by fraudsters, yet one in five of them failed to carry out a fraud risk assessment in the last 12 months, a PwC survey has found

This is particularly worrying, given that cybercrime is now the second most common threat that the industry faces, accounting for 38% of economic crime incidents last year.

The report, which analysed 3,877 responses from 78 countries, says that half of financial services firms (FSFs) feel that the risk of cybercrime has increased in the last 12 months. This compares with 36% for other industries.

However, most of them believe that it is an external threat despite evidence in the past that criminal gangs looking to steal data have targeted staff or placed “sleepers” within organisations.

FSFs are also rather complacent about the level of risk in various departments. For example, they consider HR and legal to be the least likely targets for fraud despite the fact that these services hold sensitive information in their systems.

“FSFs should recognise that the internal threat can come from anywhere within the organisation and should not be considered as solely as IT risk,” the report warns.

The survey also reveals that only 18% of FSFs have all five of the recommended cybercrime incident response mechanisms in place. These range from having inhouse capabilities to prevent and detect cybercrime, to shut down procedures in the event of an incident.

The report recommends that FSFs identify someone in the organisation who is responsible for tackling cybercrime, assess where the threats are coming from and respond appropriately to any cyber incidents.

“They need to have a holistic and integrated response,” said PwC forensic services partner Andrew Clark. “Seeing this as an IT risk and not a financial crime risk is likely to lead to an inefficient and incomplete response to the risk.

“With the rapid changes in the delivery of banking and other financial services and the ever increasing reliance on technology for the delivery of those services, cyber security and cybercrime are risks that cannot be ignored.

“Having cyber security effectively embedded in your routine procedures and a cyber crisis response plan in place is vital.”

Cybercrime was not the only economic crime to increase last year: the incidence of asset misappropriation and accounting fraud was also up.

FSFs experienced a rise in accounting fraud from 19% in 2009 to 26% in 2011, compared to other industries which saw it fall significantly from 38% in 2009 to 22% in 2011.

Clarke believes that the increase could be partly due to greater incentives for staff to hit targets, “together with other factors such as personal pride in being seen as a success and meeting a myriad of stakeholders’ expectations”.

The survey also showed there has been a 50% increase in senior management fraud in FSFs in the last two years.  HMRC also set up a new cybercrime team to tackle tax fraud by organised criminals earlier this month to tackle the issue.

For copies of the Financial Services Report – Global Economic Crime Survey, click here

Julia Irvine