Russia The Global Economic Crime Survey Cybercrime in the spotlight

Transcription

1 Russia The Global Economic Crime Survey Cybercrime in the spotlight With almost 4000 responses from senior executives in 72 countries, this is the most comprehensive global survey of economic crime available to businesses. November 2011

2 In Russia, 37% of organisations reported being victims in the last 12 months alone which is significantly lower than in 2009 or Is economic crime in Russia on the decline? PwC

3 Contents Introduction 2 Key findings 3 Fraud a positive trend? 4 Types of economic crimes 8 The financial and non-financial damage from economic crimes 10 Perpetrators of fraud who they are? 12 Fraud look, and you will find 14 Time for action dealing with fraudsters 16 Cybercrime 18 About us 23 Contact information 24 The Global Economic Crime Survey 2011, Russia 1

4 Introduction We are pleased to present the results of the 2011 Economic Crime Survey in Russia. The survey was prepared based on sixth Global Economic Crime survey data. This year we have an opportunity to evaluate trends on fraud spanning a 12-year period of surveys. Almost 4,000 respondents in 72 countries, including 126 representatives of Russian leading entities took part in the 2011 Economic Crime Survey - 47% higher than that for 2009 Economic Crime Survey. 126 representatives of Russian leading entities took part in the 2011 Economic Crime Survey The survey was designed to seek respondents views on economic crime in general and, specifically, about cybercrime which is a growing concern in C-suites and boardrooms. We were particularly interested to find out which types of cybercrime are considered to be the most dangerous and the methods organisations use to prevent and detect this type of fraud. The London Business School (UK) assisted us in the designing the questionnaire and data processing this lent a certain amount of academic rigour. In preparing the report, we treated all replies in confidence. Information received in course of this survey was used without referring to any specific entity and was only linked to the industry, organisation size and other demographic data. The survey covered a wide range of organisations, operating in Russia including private companies (67%), publicly listed companies (26%), government sector entities (6%) and not for profit organisations (1%). Organisations operating solely within Russia made up 51% of the population. Respondents represented activities across the industry spectrum, the majority of respondents are from retail and consumer industry (18%), financial services (17%), manufacturing (12%) and energy, utilities and mining (10%). Over a quarter - 27% of the respondents - work in organisations with 10,000 or more staff globally, and 43% of the respondents are executive officers or board members. 2 PwC

5 Key findings Fraud remains one of the most problematic risks for businesses worldwide. In Russia, 37% of organisations reported being victims in the last 12 months alone. This is higher than the global average (34%), as well as the Central and Eastern Europe (CEE) (30%) and Emerging 7 1 (31%) results. At the same time this percentage is significantly lower than 2009 (71%) and 2007 (59%). Whilst we anticipated a reduction in reported fraud due to survey demographics we surveyed more small- and medium-sized organisations, that empirically report less fraud the absolute drop is surprising. There are three possible explanations: A reduction in the incidences of economic crime; A reduction in the rate of detection of frauds themselves or A change in the willingness of organisations to report economic crimes that they are aware of. Fraud is considered a significant future threat. 73% of respondents believe their organisation remains highly vulnerable to economic crimes within the next 12 months. Of those who have been the victim of economic crimes, 32% had suffered more than 10 instances within the last 12 months. Asset misappropriation remains the most common type of economic crime reported in Russia (72%), whilst, unsurprisingly, bribery and corruption continues to be a major challenge in the Russian market 40% of respondents were affected in the last year. Indeed, 13% of respondents in Russia claimed that they chose not to enter a new market or declined to pursue a new business opportunity due to corruption risks. This is a troubling statistic. Not only is foreign direct investment impacted by perceptions of corruption, local Russian operators are also withholding investment monies where corruption risks are high. 23% of respondents report suffering from cybercrimes. This is a growing threat. Fraudsters are becoming more sophisticated and global respondees reported that cybercrime risks, many of which are viewed as emanating from developing markets, including Russia, are causing severe concern. It is also clear that few organisations have a clear view on the cybercrime risks that they may face, or where they do understand the risks, how to protect themselves. The majority of investigations (83%) are done in house. A lack of independent review often raises questions about the objectivity of any investigation and in some cases sends the wrong message to staff. 55% of organisations reported that an internal party working alone was responsible for the fraud committed, 36% told us that a party external to the organisation played a role. These statistics are most significant for the fact that the percentage of economic crimes has decreased where both internal and external perpetrators appear to collude in committing the fraud. Certainly since the onset of the global economic downturn(s), prudent organisations have performed significantly more detailed checks on business partners. This may also have contributed to an overall reduction in reported fraud in Russia. Russian organisations are turning to dismissal and notification of law enforcement much more frequently where internal parties are involved in fraudulent activities. In 77% of such cases the person was dismissed. 59% of the organisations surveyed in Russia employ a whistle-blowing mechanism. The majority of them find this mechanism either effective (47%) or very effective (5%). 1 Emerging 7 countries include Brazil, Russia, India, China, Indonesia, Mexico and Turkey. The Global Economic Crime Survey 2011, Russia 3

6 37% of Russian organisations report being subject to one or more significant economic crimes in the last 12 months. It s higher than the global, CEE and E7 averages but lower than 71% and 59% in 2009 and 2007 respectively. Fraud a positive trend? Is economic crime in Russia on the decline? Certainly the economic shock to the system that Russia went through in late 2008 and 2009 made businesses more vigilant in the subsequent years. Costs have come under greater scrutiny. We have noted an upturn in proactive assessments of potential business partners and counterparties. Many Boards of Directors and senior management are becoming more engaged in overseeing business operations. All these factors may have positively contributed to a reduction in the absolute rate of economic crime. In our experience though, it is precisely those organisations at the forefront of good governance and increased vigilance that have historically reported more economic crimes. So whilst greater vigilance may have contributed to the decline, it is certainly not the only cause. Motives to commit economic crimes may well have decreased since the time of our last survey in At that time the Russian economy was at its lowest point in recent times. Incentives were correspondingly high for would-be fraudsters both internal and external to the organisation. With management focused on putting out fires just to stay alive the opportunities were there and sometimes exploited. So yes, there is likely to be a positive effect from an improved economic environment and a reduction in the motive to commit fraud. This will have had an impact on the number of reported incidents. It is likely also that detection rates have decreased. This is worrying. 10% of survey respondents do not know if their organisation suffered any fraud. Furthermore, this year our survey included more small- and mediumsized businesses, which traditionally report fewer instances of fraud. Given the acknowledged risks of economic crime in all developing markets, including Russia this is not a good place for an organisation to be. Almost a third of Russian respondents (29%) conduct no assessments of fraud risk. As our analysis below shows, the more organisations perform risk reviews, the more economic crimes are detected. And economic crime is evolving. There is a move towards more sophisticated schemes that organisations systems often fail to detect. Companies systems of monitoring and control are often challenged to detect more sophisticated frauds. And they are substantially more complex to investigate. Given that 83% of Russian respondents state that they deal with all economic crime incidents in 4 PwC

7 Figure 1. Respondents by geography of operations Company operates: in Russia and internationally (2011) in Russia and internationally (2009) 45% 73% 45% 10% 25% 2% Yes in Russia only (2011) in Russia only (2009) 30% 67% 61% 19% 9% 14% No Don't know 0% 50% 100% % of respondents who experienced economic crimes in the past 12 months. house, there is a concern that such schemes are unlikely to be detected by the more traditional investigative methods at the disposal of the in house teams. So is there a positive trend to report in economic crime incidence in Russia? It is very likely that the - shockingly high - reported incidence rates of 2009 have reduced. There are good reasons for this. But the reported rate in 2011 is mixed with a word of caution. Russia still suffers more fraud than the average E7 developing nation. Companies still need to devote greater energies to assessing risks and strengthening detection mechanisms, particularly around the more sophisticated, and evolving, risk areas. And a trend? We all hope for reduced opportunity and motivation to commit fraud, as well as increased detection of frauds that do occur. But of course we won t really know until Lower incidence rates for organisations operating only in Russia The population of respondents this year differs from that of This was not a focus of our survey 1,000 leading organisations in Russia were invited to participate. But it is perhaps a natural impact of a general more positive trend. More Russian organisations participated overall (126 in 2011 versus 86 in 2009) which demonstrates an increasing willingness of organisations to comment on their experiences with what was once a taboo topic. Of the 2011 respondents, 51% operate only in Russia (compared to 31% in 2009). These organisations, show a much lower rate of reported fraud - 30% reporting incidents of economic crime compared to 45% for those operating outside of Russia as well. This is perhaps not surprising. It is to be expected that those organisations that operate only in Russia will, on average, be smaller than those that have both a Russian and an international footprint. Consistent with the results of our previous Figure 2. Organisations reporting fraud, according to their number of employees More than 5, ,001 to 5, Up to 1000 employees 58% 90% 44% 70% 20% 56% surveys, there is a strong correlation between the size of an organisation (as measured by number of employees) and fraud incidents reported. Larger organisations have reported fraud more often (see figure 2). Additionally more smaller private organisations participated in the survey this year. Whereas 58% of organisations employing over 5,000 employees reported fraud, that percentage sinks dramatically, to only 20%, in organisations employing less than 1,000 persons. 0% 20% 40% 60% 80% 100% % of respondents who experienced economic crimes in the past 12 months. Russia 2011 Russia 2009 Whereas 58% of companies employing over 5,000 employees reported fraud, that percentage sinks dramatically, to only 20%, in companies employing less than 1,000 persons. The Global Economic Crime Survey 2011, Russia 5

8 73% A of Russian respondents still regard themselves as highly vulnerable to economic crime 29% of Russian respondents perform no fraud risk assessment at all It is likely that detection rates in Russia have decreased. Fraud detection It has been a recurrent theme from our previous economic crime surveys. Organisations that undertake more frequent fraud risk assessments and reviews detect more fraud. Surprisingly, given the acknowledged risks of operating in developing markets such as Russia, 29% of Russian respondents perform no fraud risk assessment at all. A further 29% undertake such assessments only once a year. It is interesting that where fraud risk assessments were conducted on a regular rhythm, more frequently than once per quarter, 62% of organisations reported incidences of economic crime. Where assessment are either never performed, or undertaken only once a year the reported incidence rate fell to 34%. We asked those respondents not undertaking any fraud risk assessments why they did not do them. Only 8% gave the main reason as cost. 44% stated that they are not sure what fraud risk assessment involves, another 17% did not see any value in performing them and the remainder could not state a reason. Troubling statistics, as it would seem logical that if you understand the risk, and appreciate the potential benefit, than an organisation would take action to understand how it can better protect itself from the unknown. 73% of Russian respondents still regard themselves as highly vulnerable to economic crime. The question to be addressed by these organizations is how much do they fear a major fraud or illegal act? And how willing are they to put proper prevention and detection measures in place? 6 PwC

9 Figure 3. Correlation between fraud risk assessment and fraud detection. Not at all Once Quarterly/ every six months More often 69% 54% 53% 38% 25% 17% 8% 30% 5% 5% 3% 29% 6% 3% 38% No fraud detected 1 to to to 1,000 More than 1,000 0% 20% 40% 60% 80% 100% % of all respondents. The Global Economic Crime Survey 2011, Russia 7

10 Economic crime takes on many different forms, some more common than others, but all can be equally damaging if they occur. Types of economic crimes Figure 4. Types of fraud incidence Asset misappropriation Bribery and corruption Accounting fraud Cybercrime* 15% 24% 27% 24% 23% 28% 23% 23% 40% 48% 72% 72% 67% 64% Anti-competitive behaviour* 7% 17% IP infringement Insider trading Espionage Money laundering Other 7% 13% 15% 23% 6% 9% 4% 2% 2% 3% 7% 9% 2% 12% 20% 4% 2% 5% 13% Global 2011 Russia 2011 Global 2009 Russia % 20% 40% 60% 80% % of respondents who experienced economic crimes in the past 12 months. Respondents were able to select multiple options. * Options marked * were not suggested as response options in PwC

11 Asset misappropriation. Bribery and corruption. Cybercrime and accounting fraud. Anti-competitive behaviour. Asset misappropriation retains its place as the most common form of economic crime, both in Russia and globally. The prevalence of this type of fraud is not surprising. It is among the easiest to commit but also easiest to detect. The high prevalence of this type of economic crime is a clear indication of where management should concentrate its immediate attention in order to avoid losses. Bribery and corruption remains a major issue for Russian organisations. Statistics from to the Ministry of Internal Affairs estimate that the average amount paid per bribe grew approximately 6.5 times versus the previous year and has now reached 293 thousand roubles 2. Of the organisations reporting economic crime in the past 12 months, 40% said that they suffered from an instance of bribery or corruption, including 48% of organisations with more than 5,000 employees. Compared to 2009 this percentage decreased by 8% however, which indicates that although a continuing major risk, there is reason to be hopeful that some effect is being felt from both the increased publicity and legal activities promoted by the Russian government as well as organisation s own internal efforts to enhance compliance frameworks and promote ethical behaviours across the employee base. No one would deny however that there remains a significant amount to do to reduce corrupt and corruptive activities at all levels in the Russian business environment. Cybercrime and accounting fraud are mentioned by about 23% of respondents each. In a special section on page 18 we look separately at the concept and evolution of cybercrime. Anti-competitive behaviour was reported by 17% of our respondents against a global average of 7%.This is perhaps not surprising. Corporate raiding and the theft of sensitive information remain a challenge for businesses in Russia. The industries reportedly most at risk are communications, retail and manufacturing. 2 Press release of the Ministry of Internal Affairs of the Russian Federation dated 22 July 2011, The Global Economic Crime Survey 2011, Russia 9

12 7% of Russian organisations reported annual loss from fraud over USD 100 million. The financial and non-financial damage from economic crimes Direct cost Often the first question we are asked when requested to assist on an economic crime case is (we want to know) what s the damage? A key question certainly, if not the most important. Our 2011 survey shows that fraud losses continue to run at high levels. USD100 million. This is over ten times the global average (0.6%). 22% of Russian organisations that suffered an incident lost over USD 5 million. No small matter for any organisation. Whilst in % of respondents reported that monetary value of annual losses from fraud was less than USD100 thousand, at the same time 7% mentioned that losses ran to over Figure 5. Financial losses from economic crimes in the last 12 months 100 million to 1 billion US dollars 7% Don't know 4% 5 million to 100 million US dollars 15% Less than 100,000 US dollars 40% 100,001 to 5 million US dollars 34% % of respondents who experienced economic crimes in the past 12 months. 10 PwC

13 Fraud risk triangle. Where rationalisation of the fraudulent acts is enhanced, the triangle and fraud risk increases. Opportunity Fraud risk triangle Incentive or pressure Attitude & Rationalisation As we have seen in prior surveys, the major losses occur with senior and middle management involvement. A substantial challenge for companies, and in particular their boards of directors and oversight bodies, is to shape the internal controls necessary for the prevention and detection of fraud by senior management. Clearly a rather different approach needs to be applied than the controls designed to oversee more junior staff members. In the Russian business environment often the board and oversight bodies are rather remote from senior management which helps go a long way to understanding why the most significant losses lie well above global averages. Collateral damage While the direct costs of economic crime may seem alarming enough on their own, one should not ignore the collateral damage from fraud, i.e., damage to a company s brand and customer trust; to the share price and stakeholder trust; to the company s business relations and relations with regulators; and to staff morale. Collateral damage can result in higher staff turnover and loss of productivity. And although more difficult to quantify, the collateral damage from fraud can be a significant cost to any business. 13% of Russian organisations highlighted employee morale and business relationships as the most significant factors affected by economic crime. The importance of staff morale to the success, productivity and efficiency of any organisation as well as the additional costs incurred due to the high staff turnover should be incentive enough for executive management to act decisively on fraud prevention measures Figure 6. Correlation between the level of perpetrator and amounts of losses 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 100% 100 million to 1 billion US dollars 40% 60% 5 million to 100 million US dollars 14% 43% 43% 100,001 to 5 million US dollars 50% 42% 8% Less than 100,000 US dollars Junior staff members Middle management Senior management % of respondents who experienced economic crimes caused by internal fraudsters in the past 12 months. Most surprising is how low this figure is. Potentially fraud is being viewed by organisations as just a fact of life in Russia. This attitude can lead organisations down a worrying path, where organisations themselves unintentionally provide a rationalisation for potential fraudsters. Looking at the fraud triangle, the three elements that need to be in place for any economic crime to occur, where rationalisation of the fraudulent acts is enhanced, the triangle (and by definition the risk of economic crime) increases. Constant and consistent messaging is needed to encourage people within the business to make the right choices even if the opportunity to commit fraud presents itself. The Global Economic Crime Survey 2011, Russia 11

14 In our 2009 survey we reported that external parties were more frequently the perpetrators of identified frauds than internal parties (62% vs. 35%). This year saw a reversal of these results with internal fraudsters playing the dominant role (55% vs. 36%). Perpetrators of Fraud who they are? Figure 7. Perpetrators of fraud Russia 2011 Russia 2009 Internal fraudsters External fraudsters Don't know 9% 3% 35% 36% 55% 62% % of respondents who experienced economic crimes in the past 12 months. 12 PwC

15 In our 2009 survey we reported that external parties were more frequently the perpetrators of identified frauds than internal parties (62% vs. 35%). This year we saw a reversal of these results with internal fraudsters playing the dominant role (55% vs. 36%). This switch may suggest that current economic conditions have led to previously honest employees becoming involved in fraud for the first time. It may also result from external business parties being screened more frequently and more effectively. Asked about the employment position of the internal fraudster, 31% of Russian respondents said that he (or she) was a member of senior management, a proportion much higher than the global average (18%). Where the fraud was perpetrated by external party, organisations believed that this was more often a client (41%) than any other category of third party. 55% of respondents believe that internal fraudsters play the dominant role. Fraudster s portrait Hello, I m a typical fraudster I m a man (81%) I have higher education (65%) I m between 31 and 40 years (50%) I m from senior management (31%) or middle management (42%) I joined the company 3-5 years ago (39%) The Global Economic Crime Survey 2011, Russia 13

16 Economic crime is evolving. Fraud look, and you will find The most popular detection methods have remained the same for several years. Corporate security is again at the top of the list, although its effectiveness, as well as that of internal audit, appears to have declined in comparison to previous years, followed by external tip offs and internal audit. The percentage of cases revealed by accident increased to 6% The number of cases where it 17% was not possible to specify how fraud was detected increased to 14 PwC

17 Figure 8. Detection methods* Corporate Control Corporate security (both IT and physical security) Internal audit (routine) Fraud risk management Suspicious transaction reporting 1% 2% 6% 9% 11% 15% 16% 23% 25% 28% 20% Rotation of personnel 2% Corporate Culture Beyond the influence of management Tip off(external) Tip off(internal) Whistle blowing system By accident Investigative media By law enforcement 11% 7% 8% 6% 11% 8% 2% 11% 5% 6% 3% 5% 9% 3% 7% Russia 2011 Russia 2009 Russia 2007 Other Don't know 5% 18% 17% % 5% 10% 15% 20% 25% 30% % respondents who experienced economic crimes in the past 12 twelve months for 2011 and 2009; and in the last 2 years for Whistle blowing system According to the results of our survey, 59% of respondents employ a whistleblowing mechanism ( WBS ), but the number of cases detected through these systems appears to have fallen, therefore raising the question do hotlines really work? However 52% of those respondents who do have a WBS find this mechanism either effective or very effective and 44% of those organisations report fraud which is a higher detection rate than the average one. We believe that this shows that only a small proportion of organisations are as yet reaping the full benefits from WBS and that there is still work to be done in publishing and promoting the use of WBS. The Global Economic Crime Survey 2011, Russia 15

18 Once a company confirms a suspected fraud, appropriate action against the perpetrator is essential in order to deter potential fraudsters and to show stakeholders that the organisation will not tolerate such malpractice. Time for action dealing with fraudsters Figure 9. Actions taken by organisations against internal perpetrators* Dismissal 57% 77% Law enforcement informed* 35% Civil action was taken, including recoveries 15% 33% Don't know 8% 2% Warning/reprimand Other (please specify) 8% 4% 3% 23% Russia 2011 Russia 2009 Transfer 4% 3% Notified relevant regulatory authorities 4% 20% Did nothing 3% % of respondents who experienced economic crimes in the past 12 months. Respondents could chose several options. Options marked * were not suggested as response options in There is a clear trend towards stronger action being taken against internal fraudsters. Findings include: the percentage of respondents dismissing fraudsters increased dramatically to 77% compared to 57% in 2009, 25% in 2007 and only 15% in 2005; law enforcement authorities were informed in a significant proportion of cases (35%); for the first time (during the 12 years PwC has been conducting the Global Economic Crime Survey) no Russian of the respondents chose the answer Did nothing in respect of the action taken against an internal perpetrator. 16 PwC

19 These all demonstrate a remarkable shift in the degree to which respondents are prepared to tolerate fraud. We believe that such measures, if properly communicated by management, can have a preventive effect. In the case of frauds perpetrated by external fraudsters the most popular reaction this year is informing law enforcement (88% of cases), followed by civil actions and cessation of business relations. In 2009 organisations reacted more passively and in the majority of cases limited themselves to avoiding further business contact with dishonest partners. 88% of respondents informed law enforcement in cases, when external fraudsters were involved. Figure 10. Actions taken by organisations against external perpetrators* Law enforcement informed* 88% Civil action was taken, including recoveries Cessation of the business relationship Notified relevant regulatory authorities Other (please specify) Did nothing 6% 8% 6% 5% 65% 56% 47% 56% 29% 39% Russia 2011 Russia 2009 Don't know 2% % of respondents who experienced economic crimes in the past 12 months, respondents could chose several options. * Options marked * were not suggested as response options in The Global Economic Crime Survey 2011, Russia 17

20 25% of Russian respondents believed the cybercrime threat to their organization has increased. Cybercrime Distorted perception of Cybercrime Cybercrime covers a range of computer related illegal activities, including hacking, malicious virus attacks, intellectual property theft, commercial espionage and many others. Overall, 23% of respondents who had suffered a fraud reported having been a victim of such an attack. 25% of Russian respondents believed the cybercrime threat to their organization has increased in the last two years, but the comparable figure globally was 39%. We believe that both the number of incidents and the perception of the threat understate the true situation. This is because many incidents of cybercrime do not get reported and many incidents are never detected in the first place. Russia has a known shortage of qualified computer security specialists which has a serious impact on the country s overall information security landscape. Sources of cybercrime threats Regarding the nature of the cybercrime perpetrator, 14% of respondents believe that the greatest cybercrime threat comes from within the organization itself, with a further 39% considering internal and external risks to be equally high. Of those who considered the greatest risk to be purely internal, the IT and the sales and marketing departments were seen as posing the greatest risk. Figure 11. Sources of cybercrime threats Don't know 13% Internally 14% Both internally and externally 39% Externally 34% % of respondents who experienced cyber crimes in the past 12 months. 18 PwC

21 Figure 12. Regulatory risks are rated amongst the highest effects of Cybercrime Theft or loss of personal identifiable information 14% 36% 50% Service disruption 19% 29% 52% IP theft, including theft of data Regulatory risks 15% 20% 21% 37% 48% 59% Very Concerned Quite concerned Cost of investigation and damage control Financial loss Reputation damage 12% 14% 17% 55% 33% 38% 48% 37% 46% Not very concerned 0% 10% 20% 30% 40% 50% 60% 70% % of all respondents. The biggest concerns expressed by Russian respondents related to financial loss, intellectual property and information theft, reputational risks and theft of personal data. In each case, over a third of respondents stated that they were very concerned by these possible effects of cybercrime. Furthermore, nearly 80% of respondents were either quite concerned or very concerned by the regulatory risks resulting from a cybercrime incident. Given the trend towards greater regulation in all business sectors, this highlights the need to have an effective strategy to minimize the risk of a cybercrime attack and, in the event that this is unsuccessful, to manage the resulting disruption and impact. The Global Economic Crime Survey 2011, Russia 19

22 60% Respondents engaged with external cybercrime experts last year 41% 52% of them engage external experts do it as a routine proactive measure of them engage external experts in the event of an incident Responsibility, Response and Investigation of cybercrime incidents Computer Forensics in Russia is still in its infancy and its potential as an investigative instrument is yet to be fully explored. A total of 60% of respondents engaged with external cybercrime experts, 41% of them as a routine proactive measure and 52% in the event of an incident. Only 40% of respondents believed they had the capability to investigate cybercrime in house. There was some evidence of a lack of preparedness on the part of respondents for dealing with a cybercrime attack with 30% of organisations having no media and PR management plan and a further 22% unaware if they had one or not. There is a clear shift of responsibilities away from Business Units and boardrooms to the Chief Information Officer (CIO) according to Russian respondents. 64% of respondents said that CIO is responsible for dealing with risks of cybercrime, compared to 54% globally, and few respondents felt the responsibility rested with the business units (6%) or the board (13%). Asked how often the board or similar body reviewed the risks presented by cybercrime to the organization, 19% of respondents selected the option not at all. The increasingly important role of information technology and the challenging economic environment means that information security is no longer something that businesses can overlook. While boardrooms around the world are beginning to wake up to the extreme costs and reputational risks caused by cybercrime incidents, these figures suggest that cybercrime is not yet being given the attention it deserves in Russian boardrooms. 20 PwC

23 Critical success factors Security Everyone s Business To be successful in mitigating the risks of cybercrime the responsibility for ensuring data security must be coordinated across the business; it has to have the commitment of top management and involve every business unit and individual employee. Develop a clear response plan Developing an effective incident response plan is crucial to minimizing the impact of a cybercrime attack. Such a procedure is vital in ring-fencing the systems affected by an attack and improves the organisation s chances of full recovery after the incident. Have access to experts One element of the response plan will be the up to date names and contact numbers of those people and entities who are expected to be called upon in the event of a cyber attack. Having available resources to prevent and respond to cybercrime is a must for a modern organisation. Often organisations experiencing conflicting demands on available resources and should establish working relationship with organisations specialising on preventing and investigating cybercrimes. Such organisations have available to them highly skilled technical personnel who are experts in the areas of IT Security and Computer Forensics. Communication is the key Utilising public relations techniques is critical to successfully managing cybercrime incident. Often by issuing an immediate and honest statement and providing frequent updates on the situation an organisation can stop potentially damaging rumours at the source. Good public relationship strategy can also help to improve customer loyalty by demonstrating the organisation s commitment to resolve the incident as quickly as possible, thus turning crisis into opportunity. The Global Economic Crime Survey 2011, Russia 21

24 Appendix 1 Respondents by industry Other 14% Automotive 5% Communication 7% Retail and consumer 18% Professional services 5% Manufacturing 12% Financial services 17% Energy, utilities and mining 10% Engineering and construction 3% Entertainment and media 9% % of all respondents. 22 PwC

25 About us PricewaterhouseCoopers ( provides industry-focused assurance, tax and advisory services to build public trust and enhance value for our clients and their stakeholders. More than 163,000 people in 151 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice. Forensic services With the largest network of forensic services practices in the world, spanning 63 countries and employing over 1,400 advisors, PricewaterhouseCoopers firms can draw on vast experience of dealing with difficult situations across a broad spectrum of industries in many jurisdictions. Our fast-growing Forensic services practice in CEE employs over100 professionals, including accountants, economists and IT professionals. Our services include: Investigations Fraud risk management Commercial disputes International arbitration Transaction and shareholder disputes & investigations Forensic technology solutions Intellectual property services Licensing management services Insurance claims services Anti-money laundering services Capital project services U.S. regulatory investigations and securities litigation Corporate Intelligence The Global Economic Crime Survey 2011, Russia 23

26 Contact information Irina Novikova Partner Tel: +7 (495) Edwin Harland Partner Tel: +7 (495) PwC

27 The Global Economic Crime Survey 2011, Russia 25

28 PricewaterhouseCoopers Russia B.V. All rights reserved.in this document PwC refers to PricewaterhouseCoopers Russia B.V., which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.