The menace of cyber crime could become the second biggest reason of financial frauds across enterprises in the next few years amid companies using technology across service lines in a bid to enhance performance, a survey by consultancy firm PwC said.
About 48 per cent of the respondents said the risk of cyber crime had increased, up from 39 per cent in 2011, the PwC 2014 Global Economic Crime Survey said.
Also, 45 per cent of financial services organisations affected by frauds reported being victims of cyber crime—nearly three times the frequency as reported by all other industry sectors.
Cyber crime ranked fourth (24 per cent) after asset misappropriation (69 per cent), procurement fraud (29 per cent) and, bribery and corruption (27 per cent) in the tally.
However, 30 per cent respondents said cyber crime would pose the highest risk to their companies, next only to asset misapproriation (40 per cent).
"The results appear to reflect the megatrends of global expansion into less-developed markets and the expectation of increasing incidents of cyber crime as more technology is deployed in all areas of business. Cyber crime is not just a technology problem. It is a business strategy problem," it said.
About one in four of respondents said they have experienced a cyber crime and over 11 per cent of these suffered financial losses of more than USD one million.
About 14 per cent said the financial impact of cyber crime was between USD 100,000 and USD 1 million, while six per cent believed it is between USD 1-5 million.
"This underscores the challenge of the threat. Many entities do not have clear insight into whether their networks and the data contained therein have been breached, and they don't know what has been lost or its value," the report said.
This poses risks in a global business ecosystem that is increasingly reliant on both technology and intellectual property — and that values transparency, it added.
"In a changing technological landscape, sophisticated adversary takes advantage by attacking new weaknesses. This is why it is essential for organisations to at least try to keep pace with the criminals who threaten them," the report advised.
Companies often make their critical data available to management, employees, vendors and clients on a multitude of platforms, including high-risk platforms like mobile devices and cloud.
While nobody expects the benefits of technology to diminish, or for organisations to shrink their digital footprint, it's clear that with more data accessible on more platforms, valuable data will remain under attack, and that the cost of security breaches will continue to be steep, it said.
"Ultimately, cyber crime is not strictly speaking a technology problem. It is a strategy problem, a human problem and a process problem. After all, organisations are not being attacked by computers, but by people attempting to exploit human frailty as much as technical vulnerability," it said.
This is a problem which requires a response that is grounded in strategy and judgement about business process, access, authority, delegation, supervision and awareness—not merely tools and technologies, it added.