Cybercrime is now the third biggest crime problem experienced by UK businesses behind only asset theft and accounting fraud, the PricewaterhouseCoopers (PwC) Global Economic Crime Survey has found.
Nearly half of the 178 middle and senior managers in private and public sectors said that cybercrime (defined as loss of IP, malware incidents and industrial espionage) had increased in the last year, with a quarter reporting more than 10 incidents.
Half of these incidents happened in the financial services sector, ahead of media and communications (17 percent), industry and manufacturing (13 percent); the public sector reported a relatively low rate of 8 percent.
The burden of responsibility for such incidents appears to fall overwhelmingly on the CIO, CSO, and to a lesser extent the CEO even if the problem area turns out to be in information systems normally considered beyond their area of expertise.
The main cybercrime worry in the UK was reputational damage which belies the fact that only 57 percent reported having a media or PR plan in place to respond to data loss incidents.
"Reputational damage strikes an organisation at its core. The effects can seriously damage the perception of a brand, leading to loss of market share,” said PwC director of cybersecurity services, William Beer. “As society becomes less tolerant of unethical conduct, businesses need to ensure they place a premium on building public trust."
Twenty-eight percent of respondents said they had no access to the forensics help needed to investigate a crybercrime incident.
One interesting finding is that while external fraud is still mostly committed by a business’s customers, a growing number of respondents were unsure who to blame. PwC’s author’s link this to the anonymity offered to cybercriminals with organisations unsure who to blame. Traditional insider fraud, mostly by middle-managers, appears to be declining.
“I wish I could say I was shocked by these stats, but the volume and severity of breaches this year have made it patently obvious that many organisations have severely limited visibility into what exactly is happening within their own systems," said LogRhythm vice president, Ross Brewer, in response to the survey.
"The PwC survey respondents are right to fear reputational damage as our research has found 87 percent of the UK public would actively avoid interacting with an organisation that had suffered data loss as a result of cyber crime.
"If, as expected, data loss disclosure laws are introduced across Europe next year, this reputational damage will be even more likely to negatively affect business performance,” he added.