“When senior management takes an active interest in fraud within their organization and takes strong disciplinary action towards the perpetrators, the right ‘tone at the top’ is established,” says Steven Henderson, national forensic services leader at PwC in Canada. “A corporate culture that clearly stresses the importance of integrity, where executives are seen as walking the talk and that has a well-communicated and comprehensive anti-fraud regime, is less likely to be victimized by economic crime.”
When it comes to what kind of fraud is of most concern, the perceived risk of cybercrime to Canadian organizations is on the rise according to a new PwC report on economic crime.
The 2011 Global Economic Crime Survey ranks cybercrime as one of the top four economic crimes (23 per cent), slightly behind accounting fraud and bribery, and corruption (24 per cent). Theft is the top crime, reported by 72 per cent of organizations around the world that were victims of economic crime in the past year.
Overall, 32 per cent of the Canadian respondents from business and government said they were victims of some form of economic crime during the past 12 months, a decrease of 24 per cent from PwC’s 2009 survey. “Canada has historically reported higher instances of white-collar crime than our global counterparts but the 2011 results show that we are now reporting fewer instances,” says Henderson.
This could be happening for a few reasons such as better diligence in implementing anti-fraud regimes within companies, the Canadian economy being stronger over the past two years than other countries, resulting in an environment with less visibility of fraud which normally arises during a downturn, or the fact that cybercrime or collusion between parties are still being committed but are inherently more difficult to detect.
When it comes to cybercrime, 38 per cent of Canadian respondents believe the perception of its risks has increased and the majority (57 per cent) think the greatest threats are coming from outside their Canadian organizations and abroad. Globally, countries reported as the top five most likely places that cybercrime originates from are: Hong Kong and China, India, Nigeria, Russia, and the United States.
“Cybercrime is global in nature and traditional geographic borders do not provide protection,” says Henderson. “Organizations should have a clear understanding of current and emerging cybercrime threats, and management needs to understand the risks and opportunities that are inherent in a cyber world.”
However, while companies may recognize the significance of protecting and investigating cybercrime incidents, only 36 per cent of the Canadian respondents said they have in-house capabilities to investigate cybercrime and less than half have access to forensic technology investigators who can create effective response mechanisms and policies.
In addition, nearly half of the Canadian organizations reported that they had not received cyber security related awareness training in the past year. Only 21 per cent said that senior executives review the risks that cybercrime presents on an annual basis, further supporting the more “reactive culture” to crime prevention found in the survey results.
More traditional types of fraud such as theft are most often being committed within the company, by employees (56 per cent), while external fraudsters were the main perpetrator 40 per cent of the time, according to global respondents.
The typical internal fraudster was profiled to be male (77 per cent), between the ages of 31 and 40 years old (43 per cent), a first-degree graduate (37 per cent) and had been employed with the organization between three and five years (30 per cent). In addition, 39 per cent of the perpetrators were classified as junior staff, 41 per cent as middle management, and 18 per cent as senior management.
“Crimes by senior management tend to be more sophisticated, larger in dollar value, and more difficult to detect,” says Henderson. “This could be a factor in why frauds committed by senior management were not identified nearly as often as those committed by more junior staff.”
When employees have been identified as committing economic crimes, they are most often dismissed from their jobs (77 per cent). Forty-four per cent of the time law enforcement is involved and in 40 per cent of the incidents, civil action is taken.
The 2011 survey was completed by 3,877 respondents from 78 countries. Of the total number of respondents, 52 per cent were senior executives, 36 per cent represented listed companies and 38 per cent represented organizations with more than 1,000 employees.
This year’s Canadian report is divided into two sections: cybercrime and awareness of the crime, how it impacts organizations, and what actions are taken to address risks; and fraud, the fraudster, and the defrauded, including the types of fraud committed, who is committing them, how they are detected, and actions taken by organizations in response.