On the surface, the results of the PwC Global Economic Crime Survey 2016 might not appear to be particularly alarming: the percentage of organizations that experienced economic crime in the previous 24 months was down, albeit only slightly. Scratch beneath the surface, however, and it doesn’t take long to find signs of trouble.
That’s the view expressed by PwC in discussing the findings of its biennial survey, the results of which the Big Four accounting firm released Thursday. The survey of 6,337 respondents in 115 countries found that 36% of their organizations were hit by economic crime in the past two years. That was down from 37% in 2014, the first drop since the global recession of 2008–09.
PwC acknowledged that the modest decline could be evidence that organization-level crime prevention measures might be starting to pay off, but after taking a closer look at the data, the firm warned that the decrease might be the red herring of a troubling trend: “that economic crime is changing significantly, but that detection and controls programs are not keeping up with the pace of change.” In addition, the financial cost of fraud often is substantial, with 14% of organizations reporting a loss of more than $1 million during the past two years.
“Don’t be fooled by a modest drop in some of our crime metrics,” Andrew Gordon, global leader, Forensic Services, PwC, said in a news release. “These mask an increasingly complex economic crime environment driven by cyberthreats and regulatory pressure, while the cost of the crimes are rising.”
The percentage of organizations affected by cybercrime jumped 8 percentage points, to 32%, making it the second most prevalent economic crime, behind only asset misappropriation (64%, down from 69% in 2014). Cybercrime moved past bribery and corruption (24%, down from 27%) and procurement fraud (23%, down from 29%) among the most frequently reported economic crimes.
Among the troubling trends found on the cyber front: Only 37% of respondents indicated that their organizations have a fully operational cyber-incident response plan in place. One-half said their organizations have no plan at all or didn’t know if they have a plan; 14% said they have no intention of implementing a plan. This is despite the fact that more than half of respondents see an increased risk of cybercrime and more than one-third believe it is likely their organizations will experience cybercrime over the next two years.
This head-in-the-sand approach could also be seen in organizational approaches to economic crime as a whole. The survey found that more than one-fifth of organizations (22%) have not carried out a single fraud risk assessment over the previous 24 months, while fraud detection through corporate controls dropped by 7%. PwC also found that one in 10 economic crimes is discovered by accident, writing in the survey report, “When considered in the light of the decreased rate of detection by means under management control—and of the increased prevalence of cybercrime—we must ask ourselves: are these crimes becoming harder to detect or are we simply becoming less aware of the changing threats our businesses face?”
On a regional basis, higher rates of economic crime were reported among respondents from Africa (57%, up from 50%), Western Europe (40%, up from 35%), and the Middle East (25%, up from 21%). The other four regions, including North America (37%, down from 41%), posted lower rates.
A summary of the report is also available on a PwC webpage.
—Jeff Drew (firstname.lastname@example.org) is a JofA senior editor.