PriceWaterhouseCoopers’ (PwC) Global Economic Crime Survey 2016 expects half of UK businesses to be hit by cybercrime in the next two years. According to the findings, the number of cybercrime attacks reported almost doubled between 2014 and 2016. At the moment, it represents half of all economic crime committed in the UK, but the survey argues that by 2018, it will constitute the largest. While PwC claims a quarter of UK firms have already been hit by cyber-attacks, other sources quote higher figures, with GCHQ stating in 2015 that nine out of ten UK businesses had been the victims of cyber-attacks during that year alone.
Traditionally, before the rise of technology brought a potentially disabling reliance on computers, the internet and cloud-based storage, economic crime usually referred to bribery, procurement fraud and asset misappropriation. The Global Corporate Intelligence Leader for PwC, Mark Anderson, explains how this has now changed: “[The hacker’s] aim goes beyond targeting financial information, to include a company’s ‘crown jewels’ – customer data and intellectual property information, the loss of which can bring down an entire business.”
PwC claims that many companies are unprepared for a security breach and have no emergency strategy in place should they be compromised. The report states that while only 61 percent of CEOs are concerned about the issue, an even lower number (37 percent) have an active response plan.
In an age where even the biggest companies have been affected by this type of crime, (think: TalkTalk 2015 and Ebay 2014) it is difficult to believe PwC’s assertion that only 61 percent of CEOs are concerned about cybersecurity – leaving 39 percent who, supposedly, are not. CEOs are fully aware that being the victim of an attack can be financially devastating (TalkTalk, for example, was reported to have lost up to £35 million in one-off costs) and can cause irreparable damage to a company’s reputation.
However, if it is true that some UK firms are lacking knowledge in how to prevent attacks, top executives and directors must ensure they are well educated on these issues, not just for the sake of their businesses, but also for sake of their consumers. Most hacks have terrible consequences, but some can be particularly cruel, like the 2015 Ashley Madison data breach which affected over 37 million users, revealing the names, addresses, emails, and even sexual preferences of customers who had signed up to have extramarital affairs. (This particular event led to a small number of people committing suicide.) In all cases, companies have a moral responsibility to do everything they can to protect their consumers from any kind of data theft.
In order to prevent this from happening, PwC’s Global and UK Forensics Leader, Andrew Gordon, advises firms to concentrate on risk assessment. In recent times, companies like Google have become more creative and offered rewards to individuals who are able to identify and gain access to any weak points in their defence systems, a strategy which allows them to constantly re-evaluate their ability to avoid cyber theft.