More than half of the UK companies surveyed by PwC as part of its 2016 Global Economic Crime Survey had been victims of fraud, up by 11 percentage points since the last survey in 2014 and significantly higher than the "largely static" global crime rate of 36%, the professional services firm said. Some 44% of UK businesses surveyed had experienced cyber crime over the survey period against a 32% global figure, while the proportion of frauds committed by senior management in the last two years more than doubled, from 7% to 18%.
Despite these findings, almost one third of UK survey respondents said that they had no cyber response plan in place while 20% said that they had never performed a fraud risk assessment, according to PwC. In addition, only 12% of UK respondents thought that law enforcement authorities had the skills and resources needed to effectively investigate cyber crimes, PwC said.
Civil fraud and asset recovery expert Alan Sheeley of Pinsent Masons, the law firm behind Out-Law.com, said that the figures showed that companies "and indeed individuals" could not afford to ignore the growing risks of cyber crime to their businesses.
"It is of vital importance that all companies and at-risk individuals are carrying out internal checks, and seeking specialist advice where necessary, to ensure that their systems and processes are sufficiently robust to repel attempts at cyber crime," he said.
"Those unlucky entities that do fall victim to cyber fraudsters should promptly seek specialist legal advice to enable them to consider and take forward any available options that may allow them to recover the lost assets; and to rectify whatever weakness in the system it was that enabled the fraud to succeed in the first place. Victims should also bear in mind that any insurance that might otherwise cover the loss of fraud could be voided by the victim not taking what the insurer deems to be proper and effective action to mitigate and address the effects of the fraud," he said.
"Traditional" forms of economic crime including bribery, asset misappropriation and procurement fraud all declined in the past two years, while the proportion of cyber crimes increased by 20 percentage points. The fast take-up of cloud-based storage by UK businesses and the growing use of the 'internet of things', which mean that anything connected to an office network was now vulnerable to cyber attacks, were among the reasons given for this by PwC. In addition, 51% of UK respondents said that they expected to fall victim to cyber crime in the next two years, "suggesting it will become the UK's largest economic crime", PwC said.
UK companies were most concerned about the potential disruption to services that cyber attacks could cause, with 31% saying that such attacks would have a "medium-to-high" impact on their businesses. However, almost half said that cyber crime would have no impact on their reputation and almost 60% were unconcerned about the potential for theft of intellectual property.
The proportion of accounting and HR frauds, which are typically committed by company employees, both increased over the last two years although the overall proportion of frauds committed internally decreased. Those in middle management positions were responsible for 36% of economic crimes committed by staff, but more than half of frauds committed by staff involved employees over the age of 40 and the proportion carried out by staff over the age of 50 had tripled from 6% to 18% since 2014.
PwC said that the increase in the number of what it called 'silver fraudsters' should be of "particular concern" to UK companies. Frauds carried out by senior and more experienced employees tended to be more difficult to detect and prevent, and usually had "a much greater impact on an organisation", it said.
Although the vast majority of UK companies surveyed had formal compliance programmes in place, only 63% of them backed up those rules with regular training and communication, the survey found. Financial services companies planned the biggest spend on compliance training over the next two years, PwC said.
Financial regulation expert Michael Ruck of Pinsent Masons said that although the growth of cyber crime was "clearly an increasing issue of importance for all firms", the value of financial data as a target for fraudsters meant that compliance programmes and risk management were vital for financial firms.
"Senior managers at financial services firms who are subject to the senior managers' regime need to be clear on who is responsible for this aspect of each firm's activities," he said.
"The key point is that cyber security is not an issue just for IT but for the firm as a whole, requiring input from across the board to ensure risks are identified and addressed appropriately," he said.