malware, cyber crime, data theft, network security

Cybercrime was the second most common type of economic fraud suffered last year by Canadian organizations, a new study suggests.

The report by PricewaterhouseCoopers, released this morning, Canadian organizations reported that 28 per cent of the fraud they suffered in 2015 came through online sources, up four per cent from 2014. The leading cause of fraud was misappropriated assets (such as monetary assets/cash or supplies and equipment), at 62 per cent. The report notes that this type of theft might be high because it’s the easiest to find. Other leading sources were procurement fraud, human resources fraud, bribery and corruptions, and mortgage fraud.

The four per cent increase in cyber fraud could indicate that despite a general trend towards heightened regulations and increased organizational controls, companies don’t have effective anti-fraud strategies, the report said.

“If cybercrime continues increasing at the same rate, this means that almost one in every three businesses is likely to be a victim of cybercrime and will be open to being affected both financially and on a reputational level,” says the report.

Just as worrying to the report’s authors is that one in four Canadian organizations (26 per cent) has not carried out a single fraud risk assessment in the last 24 months.

“Too much is being left to chance and not enough is being done from a proactive stand-point,” says the PwC report. “Today more than ever before, a passive approach to economic crime can lead to trouble.”

In an interview William Platt, a partner, in PwC Canada’s eDiscovery litigation support division, noted the survey also showed that while almost 60 per cent of the 140 Canadian respondents believe that cybercrime is on the rise, (compared to 47 per cent in 2014),  31 per cent  said their boards either don’t ask them about their organizations’ state of readiness to deal with cyber incidents, or  the board doesn’t consider the need for this information.

“It doesn’t seem to be a translation to the boards in terms of raising their awareness of this,” he said.

On the other hand 22 per cent of respondents said their boards ask for quarterly security reports, with another two per cent asking for monthly reports.

The Canadian numbers are part of a larger annual global economic crime survey of C-level executives conducted by the consulting company.

Sixteen per cent of Canadian organizations reported losses due to cybercrime between $50,000 and $5 million (all numbers US), while another 31 per cent calculated an estimated loss between $1,000 and $50,000. Of significant note was the increase in the greater than $1 million loss category from 5 per cent in 2014 to 12 per cent in 2016.