Warning to prioritise cybercrime as risk increases
The rise in cybercrime means companies must prioritise security training more highly, according to experts.
A March 27 report from PricewaterhouseCoopers (PwC) reveals cybercrime is now the second most commonly reported economic crime affecting financial services firms, with 38% of incidences falling into the category. Cybercrime is surpassed only by asset misappropriation, which remains the most common way for criminals to defraud companies.
Forty-five percent of financial services organisations interviewed have experienced fraud in the past 12 months, and half of the respondents believe the situation is worsening. The majority of those interviewed said their main concern is the reputational damage cybercrime could inflict on their companies, yet a minority have adequate response mechanisms in place. PwC set out the five main areas of such a strategy as being: in-house capabilities to prevent and detect cybercrime, shut-down procedures, a media and public relations management plan, in-house capabilities to investigate cybercrime, and access to forensic technology investigators.
“To our surprise, only 18% of financial services respondents said they had in place all five measures specified in our survey,” comments Andrew Clark, forensic services partner at PwC in London. “When a cybercrime incident occurs, the first few hours are crucial. It is particularly important to react quickly and decisively, as the consequences of not doing so can be severe in terms of financial and non-financial damage.”
While Clark believes overall responsibility for managing cybercrime risks rests with senior management, Ernst & Young’s London-based security and resilience partner Jane Cannon argues that the entire organisation should be familiar with risk mitigation. “Information is the lifeblood of any organisation. Exploiting new technologies and business opportunities safely for business benefit should be driven from board level and the culture of security awareness should exist throughout the organisation,” she says. “In an organisation with a strong security culture, its people are its best defence against cybercrime. When awareness is low, your people can be your biggest vulnerability.”
The risks posed by cybercrime were at the forefront of the discussion at the OpRisk North America conference in March. “Cybersecurity is keeping me awake at night more than anything else,” commented Stacy Coleman, head of operational risk at the Federal Reserve Bank of New York.
A feature in the April issue of Operational Risk & Regulation explores the growing threat of non-traditional forms of online attack.
This article was first published on Risk