A majority of South African organisations have been a victim of economic crime over the last two years.
PwC’s biennial Global Economic Crime survey, released today, found that a whopping 69% have fallen victim to economic crime, far more than the rates for organisations in Africa or the rest of the world.
Louis Strydom, forensic services leader for PwC Africa, comments: “Economic crime remains a serious challenge to business leaders, government officials and private individuals in South Africa. In this survey, we have found that the trend has remained unchanged from 2014, with 69% of South African respondents reporting that they had experienced economic crime in the last two years.
“When compared with the global statistics of 36%, we are faced with the stark reality that economic crime is at a pandemic level in South Africa. No sector or region is immune from economic crime.”
Almost half of the economic crime experienced by local organisations was cybercrime, at 32% – up a massive 23% compared to the previous survey conducted in 2014. Cybercrime is now the fourth most reported type of economic crime.
In addition, more than half of organisations (57%) believe it is likely they will experience cybercrime in the next 24 months.
Compounding the problem is that more companies are still not adequately prepared for – or even understand – the risks, with only 35% of respondents saying that have a fully-operational cyber-incident response plan in place. In fact, only 34% of organisations have personnel that are “fully trained” to act as first responders, and 20% of companies indicate they would make use of oursourced personnel.
Junaid Amra, PwC associate director: cyber-crime and forensics technology services, points out that cybercrime has become more pervasive over the last couple of years. “It is no longer geographically specific,” he says. “And it is permeating across all industries.”
However, broader awareness of cybercrime seems to be lacking, he says. “We need buy-in from the top; and cybercrime awareness needs to be incorporated into incident response plans.”
There are two types of cyber-crime, Amra says: cyber-fraud where assets can be monetised and which tend to grab the headlines; and transfer of wealth or IP attacks which are far more serious, dealing with international cyber espionage, the theft of critical IP such as trade secrets and plans for new products.
Cybercrime threat actors include nation states, where espionage and cyber-warfare dominate; insiders, which refers to employees and trusted third parties with access to sensitive data; terrorists targeting government agencies, infrastructure and energy; organised crime syndicates that go for financial or personal information; and hacktivists who aim to disrupt services or damage reputations.
Amra stress that cyber-security is not just and IT issue but that every stakeholder has a role to play.
South Africa is not alone in reporting increased rates of economic crime, however, with 68% of French and 55% or UK respondents also reporting high increases over the last 24 months. Both countries were up 25% compared to 2014. Meanwhile, 61% of Zambian respondents reported economic crime, up 31% over 2014.
“The fact that developed countries are included in the list of top 10 countries reporting the highest rates of economic crime brings home a clear message – economic crime is a global issue and one that affects developed markets as much as it does emerging ones,” adds Strydom.
The survey also found that South Africans exhibit significantly low levels of confidents in the local law enforcement agencies, with 70% or organisations believing agencies are inadequately resourced and trained to investigate and fight economic crime. This is almost twice the global rate of 44%. In addition, 12% of respondents said they don’t know if law enforcement is adequate, with just 18% having faith in the people who need to investigate and prosecute economic crime.
A spin-off from this low confidence is that, once organisations have uncovered economic crime, most try to handle it themselves.
Economic crime is costing businesses billions of dollars. While more than half of the global organisations surveyed reported having lost less than $100 000 to economic crime over the last 24 months, only 43% of South African organisations could make that claim. Almost a fifth of local respondents experienced losses of between $100 000 and $1 million, and one in four respondents indicated having suffered losses of more than $1-million.
For the first time since 2009, external actors exceeded internal actors as the dominant profile of fraudsters acting against an organisation (46% external versus 45% internal). South African organisations were reported to be more than twice as likely to be defrauded by vendors compared to the rest of the world. Reports of senior management perpetrating economic crimes against the organisations they work for more than halved from the previous survey (from 41% to 15%), while middle management appear to have taken centre stage, with 39% of fraud being perpetrated by internal actors emerging from this band.
The survey found that asset misappropriation remains the most prevalent form of economic crime reported by 68% of respondents. It is followed by procurement fraud (41%), and bribery and corruption (37%). Cybercrime has risen to the fourth most reported type of economic crime in South Africa (up two places from 2014), with 32% of organisations affected, on par with the global average.
Over half (56%) of South African respondents say that top management would rather allow a business transaction to fail than have to use bribery. Fifteen percent of respondents that hailed from mainly the private sector organisations had been asked to pay a bribe in the past two years, and another 12% believe they lost an opportunity to a competitor that may have paid a bribe. More than half of South African respondents believe it is ‘likely’ that they will experience bribery and corruption in the next two years.
Poor data quality and skills shortages are undermining the efficacy of anti-money laundering (AML) systems. Only 50% of money laundering and terrorist-financing incidents in financial services organisations were detected by system alerts. One in three South African organisations experienced difficulty in sourcing personnel with skills in the areas of anti-money laundering/combating the financing of terrorism. More than a third of financial services respondents that have undergone inspections by regulators had to address major findings.
Overall, the report finds that business detection and response plans are not keeping pace with the level and range of threats now facing organisations, with a potential trend of too much being left to chance.
Trevor White, partner, Forensic Services and Global Survey Leader, PwC says: “While it is a positive sign that there has been increased detection by means of whistleblowing hotlines, far too much, is being left to chance by organisations – economic crimes discovered by accident more than doubled from 6% in 2014 to 14% in 2016. Another eight percent of survey respondents could not even tell us how serious economic crimes against their organisations were detected.”
Globally, the overall rate of economic crime reported has fallen for the first year since the financial crisis, but only marginally – to 36% from 37% in 2014. Regionally, lower levels of economic crime are reported in North America (37% vs 41%), Eastern Europe (33% vs 39%), Asia Pacific (30% vs 32%)) and
Latin America (28% vs 35%). The rate of economic crime rose in Africa (57% vs 50%), Western Europe (40% vs 35%) and the Middle East (25% vs 21%).
The 2016 Global Economic Crime Survey interviewed 6,337 participants in 115 countries. In South Africa, 232 organisations from a broad spectrum of industries took part in the survey. The main aim of the survey is to inform South African business leaders about developments in the continuously changing landscape of economic crime in the country and to encourage debate around strategic and emerging issues in this sphere.