Australia is becoming a globally-recognised hotspot for cybercrime, with more than one in 10 Australian organisations reporting losses of more than $1 million a piece in the last two years, according to a new PriceWaterhouseCoopers report.The Australian edition of PwC’s 2016 Global Economic
Crime survey found Australian organisations experienced cybercrime at double
the global rate, with 65 percent experiencing cybercrime in the last 24 months,
compared with a global average of 32 percent.
It also says that money laundering hit 26 percent of organisations in the same
timeframe, compared to 11 percent globally and just 9 percent across the
Asia-Pacific region.
Meanwhile some 31pc of Australian organisations told PwC they expect to
experience bribery and corruption in the next two years.
Aussie organisations are also dealing with more individual incidents of
economic crime, with 30 percent experiencing more than 100 incidents. That
compares with only 9 percent of global respondents experiencing the same
volume.
To make matters worse, PwC says only 42 percent of Australian organisations
have a fully operational incident response plan and only 40 percent described
their first responders as fully trained.
Indeed PwC reckons cybercrime is now the number one economic crime in
Australia, followed by asset misappropriation and then procurement fraud.
Says PwC forensic services leader Malcolm Shackell: “I think it’s fair to
say we’re a legitimate economic crime hotspot – it’s not a good picture.
“The high rate of economic crime exposed in part reflects our serious
approach to reporting but – given we are lagging on early detection mechanisms
– it reflects our reliance on doing what we have always done.”
Adds PwC cyber partner Richard Bergman: “It’s particularly concerning that
only half of the organisations surveyed identified the board as being proactive
regarding their organisation’s state of readiness for cyber incidents – and
only one fifth of first-responder teams include digital forensic investigators.
“As a result, cybercrimes may be going undetected and when they are being
picked up, response teams may be overlooking evidence and therefore limiting
their organisation’s ability to prosecute.”