Out-Law News | 05 Mar 2014 | 11:23 am | 2 min. read
Of the 1,330 financial services firms in 79 countries surveyed by PwC as part of its 2014 Global Economic Crime Survey, 45% reported that they had experienced some form of economic crime compared to 34% of firms across all other industries. Around 39% of these incidents were cybercrimes, compared to 17% of incidents affecting firms in other industries, PwC said.
The professional services firm said that the amount of cybercrime affecting the financial services sector was likely far higher than the reported figure. It said that it was aware of a "clear majority" of financial services firms, particularly those in the retail banking sector, experiencing cybercrime during the survey period.
"The financial services sector was one of the first to be targeted by cybercrime – little wonder, as there have always been significant potential financial gains to be had from subverting computerised processes and corporate controls in banks," said PwC's Andrew Clark, one of the authors of the report. "In our experience, financial services organisations do not always identify and log the cyber element of economic crime experienced. This leaves them exposed to cyber threats in spite of any existing cyber defence: if cybercrime is not being accurately tracked, the true risk of cybercrime cannot be fully grasped and understood."
PwC highlighted "clear weaknesses" in some firms' fraud risk assessments, whistleblowing mechanisms and awareness of the "pervasive and sustained threat" of cybercrime, while acknowledging that the financial services sector tended to be better than other industries at preventing and detecting economic crime due to stricter regulation and better corporate controls. Respondents from the sector generally perceived a greater increase in the risk of cybercrime compared to those in other industries, but only 41% of surveyed firms thought it likely that they would experience cybercrime in the next two years.
Economic crime expert Michael Ruck of Pinsent Masons, the law firm behind Out-Law.com, said that the findings reflected the concerns of UK market regulator the Financial Conduct Authority (FCA). The FCA had repeatedly identified the risk of cyber attacks through network intrusions in its 2013 Risk Outlook, and would likely expect high standards of firms particularly in relation to protecting personal customer information, he said.
"Cyber attacks through network intrusions may lead to system failures, for example of payment systems; theft of assets; or breach or theft of customer personal information," he said. "The increasing reliance on technology-based infrastructures can also result in firms being exposed to the failings or risk management weaknesses of external systems; for example, those of retailers or mobile phone providers responsible for online purchases or mobile payments."
"Firms may consider there is only so much they can do to prevent themselves becoming the victim of fraud or cybercrime, but the FCA is likely to set a very high bar on this issue, particularly with regard to protecting personal customer information. Firms must ensure they are up to speed with the various IT systems they and related external parties use, the risks to these systems from both day to day activities and those of a fraudulent or criminal nature, and how these risks should be addressed," he said.
"The FCA is clearly focussing its attention in this area and we will likely see enforcement action in the near future regarding both business as usual failings, for example related to customers being unable to access their monies, and failings by firms to identify and address the risks of fraud and cybercrime," he said.
Theft remains the most common form of economic crime reported by financial services firms, affecting 67% of respondents to the PwC survey. Other crimes reported included money laundering, by 24% of respondents; accounting fraud, by 21%; and bribery and corruption, reported by 20% of surveyed firms.