The Global Economic Crime Survey Cybercrime: are you at risk?

Similar documents
Cybercrime in the spotlight

Advisory Forensic Services. Economic Crime in a Downturn Global Economic Crime Survey Hungarian Country Report 2009

Underestimated threats?

Global Economic Crime Survey Italian Addendum 2016

Russia The Global Economic Crime Survey Cybercrime in the spotlight

Economic crime in a downturn

global economic crime survey 2005

Economic crime: people, culture & controls. The 4th biennial Global Economic Crime Survey Chemicals industry

Global Economic Crime Survey 2014

The offering, giving, soliciting or acceptance of an inducement or reward which may influence the action of any person.

Economic Crime in the Arab World

NORTHERN IRELAND PRACTICE AND EDUCATION COUNCIL FOR NURSING AND MIDWIFERY

Anti-Fraud, Bribery and Corruption Policy

Director of Customer Care & Performance. 26 April The Board is asked to consider and approve the attached draft

NORTHERN IRELAND SOCIAL CARE COUNCIL

1.3 The required standards of integrity confer a level of personal responsibility upon individuals. This Policy thus applies to:

THE INTERNATIONAL IMPACT OF FRAUD THE UK BRIBERY ACT RAISING THE BAR ABOVE THE FOREIGN CORRUPT PRACTICES ACT

Audit Evidence 26 October 2017 Petr Mališ Petr Blažek

Anti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group

Fraud and Corruption Control Plan

ANTI-BRIBERY POLICY AND PROCEDURES

Profile of a Fraudster:

Anti-Bribery and Corruption Policy

ANTI-FRAUD AND CORRUPTION POLICY. For the ACT Alliance

The Bribery Act Adequate procedures.

Under attack: are organisations doing enough to tackle the cyber threat?

HYDRATIGHT GROUP ANTI-BRIBERY AND ANTI- CORRUPTION POLICY 11 MAY 2016

The LTE Group. Anti-Bribery Policy Produced by. The LTE Group. LTEG anti-bribery policy v4 06/2016

Anti-Fraud, Bribery and Corruption Policy and Response Plan

Whistle-Blowing Policy and Procedure Manual

It is the responsibility of all Fletcher Personnel to understand and comply with this Policy, including any reporting requirements set out below.

I. STATEMENT OF COMMITMENT AGAINST CORRUPTION, BRIBERY & EXTORTION

Head, Financial Crime Control (FCC) Supported by: Operational Risk & Compliance Committee (ORCC)

Warrego Energy Limited Level 6, 10 Bridge Street, Sydney NSW 2000 T: E: warregoenergy.com ABN

Whistleblowing Policy

Anti-Bribery Policy WHC reserves the right to amend this policy at its discretion. The most up-to-date version can be downloaded from our website.

ANTI-BRIBERY POLICY 1. INTRODUCTION

ANTI-BRIBERY & CORRUPTION POLICY

ANTI-BRIBERY POLICY. (Covering all employees) Contents

Industry Agenda. PACI Principles for Countering Corruption

Wilmington Anti-Bribery and Corruption Policy Standard. Effective Date : June 2012

THE BRIBERY ACT 2010 POLICY STATEMENT AND PROCEDURES

Anti-Bribery and Anti-Corruption

This Policy sets out Sewtec s position on any form of bribery and corruption and provides guidelines aimed at:

Recommendation of the Council for Development Co-operation Actors on Managing the Risk of Corruption

CCG CO06: Anti-Fraud, Bribery and Corruption Policy

Futures & Options Association Bribery Act Checklist

The Institute of Company Secretaries of India Northern India Regional Council Seminar on. Dr. Sanjeev Gemawat

1. offering, promising or giving a bribe (in the UK or overseas); 2. requesting, agreeing to receive or accepting a bribe (in the UK or overseas);

Anti-Bribery and Corruption Policy

Whistle Blowing Policy Date Implemented: June 2016 Review Date: June 2018

FORENSIC. Doing business under the UK Bribery Act. Survey kpmg.com/in

NETCARE LIMITED CORPORATE GOVERNANCE ANTI-CORRUPTION POLICY POLICY NUMBER COR12 CORPORATE GOVERNANCE PREPARED BY PREPARATION DATE JUNE 2014

ANTI-CORRUPTION AND BRIBERY POLICY

Anti-Corruption and Bribery Policy

ANTI-BRIBERY POLICY 1 POLICY STATEMENT

Anti-Bribery and Corruption Policy

SUNTORY BEVERAGE AND FOOD EUROPE ANTI-BRIBERY AND CORRUPTION POLICY OCTOBER 2015 EDITION 001

AIDENVIRONMENT ANTI-CORRUPTION AND BRIBERY POLICY

Counter-fraud and anti-bribery policy

Zen Internet ANTI-CORRUPTION AND BRIBERY POLICY. Zen Legal Department. Issue: v.2.final. Date: Wednesday, 05 August 2015

Truform Manufacturing LLC. Anti-Bribery, Anti-Corruption & Rev /22/17

ANTI-CORRUPTION AND BRIBERY POLICY

Anti-Corruption & Bribery Policy (including gifts and hospitality)

ANGLOGOLD ASHANTI LIMITED Registration No. 1944/017354/06 ( AGA or the Company ) AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Anti- Bribery Policy. Date of Approval: 4 th February 2014 Date for Next Scheduled Review: February 2017 Review Body:

UACN WHISTLEBLOWING POLICY

Protecting Your Company's Value: Study of fraud trends and creating an action plan

Little Rascals Pre-school Anti-Bribery Policy

standards for appropriate ethical, responsible and professional behaviours

FirstRand anti-bribery policy

Ethical Culture. Speaking up: Information for CII members about whistleblowing. CII guidance series

SAINT CHRISTOPHER AND NEVIS STATUTORY RULES AND ORDERS. No. 47 of 2011

REPORT TO THE NATIONS

Trinity School. Whistle Blowing Policy

Premium Integrity Program. Anti-Corruption Compliance Program

Malaria Consortium Anti-Bribery Policy

THE SOUTHERN EDUCATION AND LIBRARY BOARD - FRAUD RESPONSE PLAN. Fraud Response Plan

Anti-Bribery Policy. Anti-Bribery Policy

YMCA NSW Whistle Blower Policy

Date: June 14, 2016 JCM CAPITAL ANTI-BRIBERY AND CORRUPTION ( ABC ) POLICY

The Speak Up procedure is made available in several languages.

Schools' HR model whistleblowing procedure Jan

FIA INSTITUTE ANTI BRIBERY AND CORRUPTION POLICY

This policy and Code of Conduct will form part of the induction of new EMPLOYEES (as defined below).

Anti-Corruption Policy

Policy/Procedure WORKING WITH INTEGRITY

Serco Group plc (the Company )

2010 UK Bribery Act. A Briefing for NGOs

Policy Summary. Overview Why is the policy required? Awareness and legal compliance with Bribery Act is required to minimise risk to UHI and its staff

MC/15/89 Anti-Fraud Policy and Fraud Response Action Plan

6.23 Anti-Bribery Policy

Modern Slavery Statement 2017

GLOBAL NEW CAR ASSESSMENT PORGRAMME ANTI BRIBERY AND CORRUPTION POLICY [DRAFT]

ANTI-BRIBERY POLICY. 1. Purpose

To: All contacts in England, Wales, Scotland and Northern Ireland

The Bribery Act Southampton Solent University Key Guidance (May 2017)

ANTI-BRIBERY AND CORRUPTION POLICY Version 3 January 2018)

INTERNATIONAL ANTI-FRAUD EFFORTS: THE ISSUES OF BORDERLESS FRAUD FRAUD AND CORRUPTION IN AFRICA

[company name] Anti-Bribery & Anti-Corruption Policy

Transcription:

www.pwc.com/crimesurvey The Global Economic Crime Survey Cybercrime: are you at risk? Hungarian country report December 2011

Table of contents 1) Introduction 3 2) Executive Summary Key findings 4 3) Fraud, the fraudster and the defrauded. What are we facing in Hungary? 6 4) Who is committing economic crime? The profile of the perpetrators 10 5) What actions do organisations take against the perpetrators? 13 6) How successful are Hungarian organisations in detecting and preventing economic crime? 14 7) Cybercrime in Hungary. Is your organisation ready to deal with it? 16

Introduction We are pleased to present the 2011 PwC Global Economic Crime Survey Hungarian results to you. We have prepared our 6th biannual global survey and the Hungarian country edition for the 5th time with the aim of assisting Hungarian business leaders and corporate executives by providing unparalleled insight into the impact of economic crime on organisations worldwide. With almost 4000 responses from senior executives in 78 countries, including 85 leading companies within Hungary, this is the most comprehensive global survey of economic crime available to businesses. Economic crime doesn t discriminate. It affects organisations all over the world. And no industry or organisation is immune. The fallout isn t just the direct costs; economic crime can seriously damage brands or tarnish a reputation, leading organisations to lose market share. As society becomes less tolerant of unethical behaviour, businesses need to make sure they re building and keeping public trust. Our aim with the survey was to assess: corporate attitudes to fraud in the current economic environment; which types of fraud are the most prevalent and who are the main perpetrators; what are the costs to businesses; what steps organisations are taking to detect and prevent fraud; Accordingly, our report is divided into two key sections: The current fraud environment in Hungary focusing on the type of frauds committed, and how they are detected, who is committing them and what steps organisations are taking to prevent them; Cybercrime in Hungary its impact on organisations, their awareness of the crime and what organizations are doing to combat the risks. what steps, if any, are Hungarian organisations taking to combat and prevent cybercrime and cyber threats. We sincerely thank all respondents and organizations who have participated in the survey, and without which we would not have been able to produce this report. We hope that this information will further assist the readers in their ongoing fight against economic crime. Miklós Fekete Partner, Advisory, PwC Global Economic Crime Survey 3

Executive Summary Key findings The Current Fraud Environment in Hungary 1 Our survey results show that 1 out of 4 Hungarian businesses (2) experienced one or more instances of economic crime in the past 12 months. In many cases, the incidents of economic crime were detected by accident or by means that were beyond the influence of management. The frequency of economic crime has increased compared to the previous survey. In 2009, 25% of those participants who suffered economic crime reported more than 10 cases. No one reported having experienced more than 100 instances. In 2011, however, 29% of those who suffered economic crime reported more than 10 cases, including who suffered more than 100 instances over the past 12 months. Asset misappropriation is the most prevalent type of fraud in Hungary (50% of cases reported). It is followed by bribery and corruption (3) which is the second most common economic crime experienced not only in Hungary, but in the CEE region as well. Accounting fraud (21%) is the third most prevalent type of fraud reported by survey participants in Hungary. The responses indicate that in the majority of Hungarian cases external parties to the organisation are the main perpetrators of economic crime (5). Fraud committed by vendors increased significantly from 2009 to 2011. While in 2009 there was no instance reported where the main external perpetrator was a vendor of the organisation, in 2011, 15% of external fraudsters were reported to be vendors. This figure is higher than in CEE (13%) and substantially higher than the global figure (9%). Results show that economic crime committed by agents and intermediaries is much higher in Hungary (31%) than in the CEE (16%) and globally (1). When asked about internal perpetrators, Hungarian respondents commented that, for those organisations who had suffered economic crime, the majority of internal perpetrators belonged to the management of their organisations. 4 of internal perpetrators were middle management, and even more concerning is that economic crime committed by senior management increased compared to 2009 (22 % in 2011 vs. 1 in 2009). The differences among Hungarian organisations are becoming more apparent in respect of how they react 1 Regional (CEE) and global comparison throughout the report is not exact and is for indicative purposes only, due to the differences in statistical sample sizes. 4 Global Economic Crime Survey

to economic crime being perpetrated against them. Some organisations have a zero tolerance approach. However, our survey results show that in 1 out of 5 cases reported (22%), organisations did not take any action against the internal perpetrator. Moreover, in one fifth of the cases the internal perpetrator was only transferred (22%) within the organisation, compared to CEE (5% transferred) and global results ( transferred). If you combine those responses, in Hungary, it tells us that almost 50%, who are identified as the internal perpetrator of an economic crime, was either allowed to get away with it or only moved internally within an organisation. The survey results also show that 17% of cases were discovered by accident in Hungary, which is higher than the CEE average (10%) and global () figures. Organisations cannot rely on chance to detect such incidents if they would like to avoid the costly damage of economic crime. 85% of the organisations who have already implemented a whistle blowing mechanism consider it as an effective tool in prevention and detection of economic crime. However, the results also show that nearly half of the Hungarian organisations (45%) have not yet established whistle-blower mechanism. Regular fraud risk assessment helps organisations to analyse their exposure to fraud and minimise chances for fraud and damages. However, 61% of respondents did not perform a fraud risk assessment at their organisations or had only performed it once over the past 12 months. Cybercrime in Hungary Our survey discovered that despite global and local media attention, respondents in Hungary potentially underestimate cybercrime threats. While 39% of respondents globally, indicated that their perception of cybercrime threats on their organisations has increased in the past 12 months, only 1 of Hungarian respondents commented that their perception of cybercrime risk increased. Our survey also concluded that Hungarian respondents are a lot less concerned about damages and financial losses from cybercrime activity than regional and global survey participants. While globally the figure was 40%, in Hungary only 27% of respondents said they were very concerned about reputational damage. On average across CEE 2 was the figure, in Hungary only 1 of respondents said they were very concerned about actual financial losses from cybercrime activity. The lack of concern may be due to a lack of awareness. It is worrying to learn that 42% of respondents did not receive any cyber security training in the past 12 months which would suggest that they are potentially unaware of the risks that cybercrime presents to their organisation. While globally 26%, and in CEE 22% of respondents believe that their organisation will likely face cybercrime in the following 12 months, in Hungary only of respondents believe so. Today, most people and businesses rely on the internet and other technologies. Organisations are potentially opening themselves up to cyber criminals and organisations need to be prepared for cyber threats. More than half of Hungarian respondents (5) feel that cybercrime threats are mainly external to the organisation and only 21% perceived them as both an internal and external threat. This is much lower than CEE (43%) and global (42%) figures. Experience has shown that to neglect internal threats can be very dangerous, particularly internal hacking by employees for their own purposes. 36% of respondents in Hungary said their organisation does not have an in-house capability to prevent and detect cybercrime, and 73% said their organisation does not keep an eye on social media sites, or they are not aware of them. There is no reason that Hungary should be at less risk of cybercrime than any other country, so the results in this area may indicate that organisations should consider where their risks are and where the threats come from. Global Economic Crime Survey 5

Fraud, the fraudster and the defrauded. What are we facing in Hungary? Economic crime continues to be a serious issue affecting organizations in Hungary. No industry is immune. Our survey indicates that more than 1 in 4 Hungarian organisations (2) reported having experienced one or more instances of economic crime in the past 12 months. 36% 3 32% 30% 2 26% 2 Has your organisation experienced any economic crime within the last 12 months? 2 30% 30% 3 3 Hungary CEE Global 30% 2011 2009 % of respondents This figure may only be the tip of the iceberg and many instances may remain undetected. In our experience it would be extremely difficult for organisations to detect all instances of fraud, and even more difficult if the organization does not grant anonymous ways to report economic crime and/or does not perform fraud risk assessments regularly. In comparison to this: 61% of Hungarian respondents said that no fraud risk assessment was performed at their organizations or it was performed only once in the last 12 months. 45% of respondents indicated that their organisation does not have a whistle-blowing mechanism implemented. 6 Global Economic Crime Survey

Types of economic crime The frequency of economic crime has increased compared to our previous survey: In 2009, 25% of those participants who suffered economic crime reported more than 10 cases. No one reported having experienced more than 100 instances in the previous survey. In 2011 however, 29% of those who suffered economic crime reported more than 10 cases, including who suffered more than 100 instances over the last 12 months. This indicates repeated instances/ attempts of economic crime against organisations and signals that organisations are increasingly vulnerable to repeated fraud if they do not implement ways to prevent and detect economic crime or learn from and correct weaknesses which may have been exploited. Asset misappropriation is the most common economic crime (50% of cases reported) in Hungary, followed by bribery and corruption (3) and accounting fraud (21%). Respondents indicate that bribery and corruption is still more prevalent in Hungary (3) than in the CEE region (36%) and on a global level (2). In global and regional comparison, both asset misappropriation and accounting fraud is less frequent in Hungary than elsewhere. One potential reason for this could be due to the fact that these types of economic crimes are not being detected accurately. Asset misappropriation Bribery and corruption Accounting fraud Anti-competitive behaviour Tax fraud Money laundering Other Sustainability fraud Espionage Insider trading IP infringement Cybercrime What types of economic crime has your organisation experienced within the last 12 months? 1% 1% 2% 2% 6% 7% 7% 10% 7% 12% 13% 9% 2 2 25% 21% 23% 1 A future contributing factor may be due to the current unstable economic times. Potential reductions in headcount within organisations (which may occur in downturns and recessions) make fewer resources available to detect and prevent economic crime. For example, reduction of internal audit staff may lead to less fraud being detected and prevented in the future which puts organisations at greater risk. Also, redundancies can lead to issues where there is insufficient segregation of duties due to a lack of resources. 36% 3 50% 72% 69% Global CEE Hungary 0% 10% 20% 30% 40% 50% 60% 70% 80% % of cases reported Global Economic Crime Survey 7

Cost of fraud and collateral damage It is very difficult to accurately estimate the financial impact of economic crime. However, we asked our respondents to estimate, to the best extent possible, the cost of fraud and economic crime, they have suffered. The survey found that economic crime caused damages between USD 100k to USD 5 million for 42% of those respondents who suffered fraud over the last 12 months in Hungary. In addition to the direct losses, damage to employee morale is the most significant indirect cost of fraud (42%) and respondents indicated that there had been a significant impact on business relations (33%), as well as a negative impact on the company s reputation (13%). The study also found that damage to employee morale and business relations in Hungary are far greater than they are on regional or global level. 46% of Hungarian respondents who were victims of economic crime indicated that they suffered less than USD 100k damages. In the current economic environment, when all companies are seeking the most cost effective ways to operate, preventing and detecting economic crime could, rather than being an additional overall cost, actually result in savings for companies. 45% 40% 35% 30% 25% 20% 15% 10% 5% % How significant was the impact of the economic crime that you have experienced within your organisation in the last 12 months? 13% 19% 1 42% 29% 2 33% 20% 19% 15% 13% Reputation/brand Employee morale Business relations Relations with regulators % who indicated significant impact Hungary CEE Global 8 Global Economic Crime Survey

Global Economic Crime Survey 9

It is very important that organisations clearly communicate to their business partners and customers the expectations regarding business ethics, as well as consequences of unethical behaviour. If organisations are determined and stand firm against unethical business partners that will have a deterrent effect and will result in less damage caused by external perpetrators. Miklós Fekete, Partner, Advisory, PwC Who is committing economic crime? The profile of the perpetrators In 5 of cases reported Hungarian respondents indicated that fraud has been committed against the organization by external fraudsters. Thinking about the most serious economic crime your organisation experienced in the last 12 months, who was the main perpetrator of fraud? 5% In 3 of cases reported, economic crime was committed by internal fraudsters. It is interesting to note that both in regional and global comparison, the situation is the reverse of what the Hungarian respondents reported and more economic crime is reported to be committed by internal perpetrators (CEE 53% and 56% globally) than by externals. 3 5 53% 56% 43% 40% Don't know Internal fraudsters External fraudsters Hungary CEE Global % of cases reported The fact that the percentage of cases committed by external perpetrators is high in Hungary both in regional and global comparison could be due to a number of reasons. For example: External perpetrators in most cases are customers (3), followed by the organisation s agents/ intermediaries (31%) and vendors (15%). While in 2009 no instance was reported where the main external perpetrator was a vendor of the organisation, in 2011, 15% of external fraudsters were reported to be vendors. This figure is higher than in CEE (13%) and globally (9%). 10 Global Economic Crime Survey

Thinking about the most serious economic crime your organisation experienced in the last 12 months, who was the main perpetrator of external fraud against your organisation? 15% Vendor Customer Agents/Intermediaries Don't know 31% 3 Other % of cases reported in Hungary Fraud committed by agents/ intermediaries (31%) is nearly double the regional (16%) and global (1) average. Based on our experience, due to a lack of resources some organisations tend to neglect the importance of background checks on their business partners. This can lead to, in many cases, organisations not having a clear picture about the past business history and reputation of their business partners. If corporate intelligence/background checks of external parties (agents, intermediaries, vendors etc.) are not performed, questionable business ethics cannot be identified in time, and the organisation can become a victim of economic crime. We would recommend that organisations step-up their efforts in this area, as it is clear this is a growing issue in Hungary and not one repeated in neighbouring countries or globally. As a key prevention measure, knowing your business partners prior to engaging with them is less costly than dealing with the unpleasant consequences. When you identify an incident of potential fraud which action are you most likely to do first? Use internal resources to perform an internal investigation Contact external legal advisors Engage a specialist forensic investigator Consult with your auditor Wait to see if further indications of potential fraud in the same area may arise 1% Economic crime is often committed by collaboration of internal and external perpetrators. However, the success in detecting the internal party is strongly dependent on the objectivity of the investigation carried out. Two-thirds of respondents (66%) indicated that they first use internal resources to perform an investigation, and only of respondents said they engage a specialist forensic investigator. Engaging independent forensic experts from the beginning of the investigation ensures the impartial and objective investigative work, thus guaranteeing the independence and objectivity during the entire process. 6% 19% 66% % 10% 20% 30% 40% 50% 60% 70% % of respondents Hungary Global Economic Crime Survey 11

The independent members of supervisory boards and audit committees have a big responsibility when the involvement of senior management comes into question in relation to economic crimes. It is in the best interest of all supervisory and audit committee members that they are aware of the results of fraud risk assessments performed by the organisation, as well as, the efficiency of controls in place. Márta Hegedűsné Szűcs, Partner, Assurance, PwC Thinking about the most serious economic crime your organisation experienced in the last 12 months, at what level was the main perpetrator of internal fraud within your organisation? 11% Profile of the internal fraudster The majority of internal perpetrators (67%) in Hungary belong to management. This includes mainly middle management (4 of the cases reported) and 22% committed by senior managers of the organisations. It is a great concern that fraud committed by senior management increased compared to our 2009 survey (1). The vast majority of internal perpetrators (67%) in Hungary have been working for the organisation for more than 6 years. Included in this are employees who have been for working for the organisations for more than 10 years (33%). 4 of internal fraudsters are highly qualified, minimum 1st degree graduates. 22% Between 41 and 50 years of age (56%) Male (67%) 67% % of cases reported in Hungary Senior and middle management Junior staff members Other With the organisation for more than 6 years (67%) 1 st degree graduate (4) Interesting to note, that global and CEE results indicate that typical internal perpetrators are usually younger (between 31 and 40 years of age, 43%), and have been with the organisation between three to five years (30%). The average perpetrator in Hungary is older and working for the organisation for longer. 12 Global Economic Crime Survey

Unfortunately it seems, that Hungary, is the country of no consequences based on the survey as well. It is astonishing, that in 22% of cases reported the organisations did nothing against the main internal perpetrator. Even more concerning is that in many cases the internal perpetrator was only transferred within the organisation. A very important element of a transparent economy is that economic crime and perpetrators are dealt with properly by the organisation in all cases. Tamás Lőcsei, Partner, Tax, PwC What actions do organisations take against the perpetrators? The results of the survey show that economic crime remains often without consequences in Hungary. In every 5th case reported (22%) the organization did nothing against the main internal perpetrator which is concerning compared to CEE (7%) and globally (). In CEE only 25% of internal fraudsters keep their jobs, in Hungary, our respondents tell us this is almost double, with 4 remaining employed. The difference among organisations in Hungary is becoming more apparent in respect of how seriously they are treating the issues of economic crime. Internal perpetrators were transferred in one-fifth of cases (22%) in Hungary, which is very high both in regional (5%) and global () comparison. Internal perpetrators were dismissed in only half of the cases (56%) reported in Hungary which is a much lower percentage than regional (75%) and global responses (77%). If organisations are only transferring perpetrators within the organisation rather than potentially dismissing them, the perpetrators will continue to remain within the organization and possibly find other ways to commit fraud and economic crime. It is important for organisations to demonstrate a zero tolerance level for fraud in order to set the right tone within the organisation. It is important that deterring actions are taken and consequences of fraud are clearly communicated to all employees. Thinking about the most serious economic crime your organisation experienced in the last 12 months, what actions, if any, did your organisation take against the main internal perpetrator? Dismissal Law enforcement informed Civil action was taken, including recoveries Transfer 5% 22% 1 Warning/reprimand 13% 22% Did nothing 7% 22% Notified relevant regulatory authorities 17% 11% 11% 1% Other 2% 0% Don't know 3% 5% 0% 4 4 4 40% 33% 4 56% 77% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% % of cases reported (multiple answers possible) Thinking about the most serious economic crime your organisation experienced in the last 12 months, what actions, if any, did your organisation take against the main external perpetrator? Law enforcement informed Cessation of the business relationship Civil action was taken, including recoveries Notified relevant regulatory authorities Other Did nothing Don't know 7% 15% 5% 6% 3% 1% 0% In the case of external perpetrators law enforcement was informed (5), cessation of business relationship (46%) commenced, and civil action was taken including recoveries (46%). 63% 66% 5 39% 53% 46% 43% 56% 46% 40% 37% 31% 0% 10% 20% 30% 40% 50% 60% 70% 80% % of cases reported (multiple answers possible) Global CEE Hungary Global CEE Hungary Global Economic Crime Survey 13

How successful are Hungarian organisations in detecting and preventing economic crime? Our survey results show, that 17% of incidents were detected by accident in Hungary which is much higher than the result in CEE (10%) and globally (). Organisations cannot rely on chance in detecting fraud incidents if they would like to be confident that they will avoid the costly damages of economic crime. At the same time, it is encouraging to see that there are responsible corporate executives who are not leaving the detection of economic crime to chance. They use proactive methods like fraud risk management (13%), effective internal audit (13%), and suspicious transactions reporting (13%). Proactive identification and detection of economic crime are the most powerful tools in the fight against economic crime. Corporate control Corporate culture Beyond the influence of Change of personnel/duties management Internal audit Fraud risk management Electronic and automated suspicious transaction reporting Corporate security Internal tip-off External tip-off Whistle blowing system Law enforcement/ investigative media Thinking about the most serious economic crime your organisation experienced in the last 12 months, how was the crime initially detected? By accident Others 0% 0% 2% 3% 5% 5% 6% 6% 3% 6% 7% 10% 9% 10% 13% 13% 11% 13% 11% 11% 13% 1 15% 17% 1 Global CEE Hungary 0% 5% 10% 15% 20% % of cases reported The responses also show that nearly half of Hungarian organisations (45%) have not established and introduced whistle-blower mechanism. However, 85% of the organisations who have already implemented a whistle blowing mechanism consider it as an effective tool in prevention and detection of economic crime. Our experience also shows that employees are more willing and likely to report fraud or suspicions if anonymity is granted. If organisations do not offer such mechanisms, it is much more likely that not all fraud cases will be detected, since employees do not feel safe to voice their information or suspicions. 14 Global Economic Crime Survey

Fraud risk assessment a powerful tool for detecting fraud In the last 12 months, how often has your organisation performed a fraud risk assessment? In order to successfully prevent fraud, it is important that organisations continuously assess and monitor fraud risks and identify gaps. Regular fraud risk assessment helps organisations to analyse their exposure to fraud. It is therefore concerning, that more than half of the respondents (61%) did not perform fraud risk assessment or performed it only once over the past 12 months within their organisations. 12% 1 6% 7% 33% 2 % of respondents in Hungary Once Not at all Quarterly Every six months Don't know More often Hungarian organisations cited that the main reasons for not performing fraud risk assessments were the perceived lack of value (29%) from fraud risk assessment, despite the fact that, this would be a proactive approach to combat economic crime. Two-thirds (67%) of respondents who indicated that their organisation did not perform a fraud risk assessment either did not know why a fraud risk assessment has not been performed at their organisations or indicated that they are unsure what this actually involves. The more fraud risk assessment is performed the more likely organisations are to detect fraud. In difficult economic times, organisations should see the prevention of fraud as a major tool to save on costs. If economic crime and resulting financial damages can be prevented, direct savings can be achieved. Global Economic Crime Survey 15

Emerging technologies present new challenges to organisations and internal audit professionals: mobile applications and devices, social media, cybercrime all these risks need to be assessed and organisations need to be prepared. Andrea Major, Partner, Assurance/SPA, PwC Cybercrime in Hungary. Is your organisation ready to deal with it? Our survey discovered that in Hungary, only 1 of respondents perceived that cybercrime threats to the organisation increased over the past 12 months whilst globally the figure was 39%. Has your perception of the risks of cybercrime to your organisation changed over the last 12 months? Global 57% 39% CEE 6 30% 6% Remained the same Increased Decreased Hungary 80% 1 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% % of respondents What is cybercrime? The Global Economic Crime Survey (GECS) 2011 focused on the financial crime and fraud aspect of cybercrime and for the purposes of our survey questionnaire, Cybercrime was formally defined as follows: Cybercrime, also known as computer crime, is an economic offence committed using the computer and internet. Typical instances of cybercrime are the distribution of viruses, illegal downloads of media, phishing and pharming and theft of personal information such as bank account details. This excludes routine fraud whereby a computer has been used as a by product in order to create the fraud and only includes such economic crimes where computer, internet or use of electronic media and devices is the main element and not an incidental one 2. The above definition may be considered a fairly common definition of Cybercrime, yet it would appear that many perceive this as a wider phenomenon which makes the definition open to different interpretations. There is no standard globally accepted definition of Cybercrime available and implications of not having a clear-cut definition could be that if organisations are not aware what the dangers are, where the dangers come from and how cybercrime can impact their business, then it is the harder to detect and combat cybercrime. 2 As defined in GECS 2011 by PwC in conjunction with our survey academic partner, Professor Peter Sommer. 16 Global Economic Crime Survey

While globally 26%, and in CEE 22% of respondents believe that their organisation will likely face cybercrime in the following 12 months, in Hungary only of respondents believe so. As today most people and business rely on the internet and other technologies, organisations are potentially opening themselves up to cyber criminals and organisations need to be prepared for cyber threats. In recent days even Facebook has been subject to such attacks. How concerned are you about the effect of cybercrime activity on your organisation? Is your organisation s reputation at stake? Our survey also concluded that Hungarian respondents are a lot less concerned about damages and financial losses from cybercrime activity than regional and global survey participants. While globally the figure was 40%, in Hungary only 27% of respondents said they were very concerned about reputational damage. In Hungary only 1 of respondents said they were very concerned about actual financial losses from cybercrime activity. In CEE the figure was 2. Theft or loss of personal identifiable information IP theft, including theft of data Actual financial loss from cybercrime activity Reputational damage 1 21% 35% 3 2 31% 2 36% 33% 40% 3 27% 0% 10% 20% 30% 40% % of respondents who indicated they were Very Concerned Global CEE Hungary The lack of concern may also be due to a lack of awareness. It is concerning to learn that 42% of respondents did not receive any cyber security training in the past 12 months which would suggest that they are potentially unaware of the risks that cybercrime presents to their organisation. Low cybercrime awareness does present risks for all organisations and industries. Organisations seem to be taking a reactive rather than a proactive approach towards cybercrime threats. Our survey shows that in Hungary: 36% of Hungarian respondents do not have or are not aware whether their organisation has in-house capabilities to prevent and detect cybercrime; 5 of Hungarian respondents do not have or are not aware whether their organisation has in-house capabilities to investigate cybercrime; 51% do not have or are not aware whether their organisation has controlled emergency network shut down procedures in place; 37% of respondents engage experts only when the incident has already occurred. Unfortunately at that stage, mitigation of damages is the only solution and not a proactive prevention. Global Economic Crime Survey 17

Social media is a revolution in the way in which people communicate. Also businesses are engaging with social media for numerous reasons including marketing, communicating with customers, and collecting information. But there is a wide range of commercial risks related to their usage. In addition to increasing unproductive time by employees, they create security risks for the company they are another channel where sensitive data can leak or malicious code can get into the company. Lee Coles, Director, Forensic Services, PwC Where does the cybercrime threat come from? Is it really an external threat to the organisation? Where do you see the greatest cybercrime threat to your organisation coming from? Global 13% 46% 29% 12% More than half of Hungarian respondents (5) feel that cybercrime threats are mainly external to the organisation and only 21% perceived it as both internal and external threat. This is much lower than the CEE (43%) and global (42%) figures. CEE 13% 43% 30% 13% Hungary 5% 5 16% 21% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% % of respondents Internally Externally Both internally and externally Don't know Experience has shown that to neglect internal threats can be very dangerous, particularly around internal hacking by employees for their own purposes. Such examples include: disgruntled employees accessing HR data to extract personal information (pay data, bonuses etc); an employee accessing other colleagues emails; extracting key information from accounts payable department, setting up dummy suppliers in the system, and/or extracting funds from the organisations; misuse of social media sensitive information going public etc. Management of cybercrime risks Organisations monitoring social media sites? Whilst social media sites such as Facebook or LinkedIn may not be the real source of Cybercrime, they can be used to social-engineer Cybercrime more effectively (phishing attacks). For example, social media sites can be used to collect information about a targeted individual, to research certain staff members or to install malware onto the user s computer, making the cybercrime more effective. 73% of respondents in Hungary stated that their organisation either does not monitor the use of social media sites or that they are not aware of it. This is higher than in CEE (59%) and globally (60%). This also indicates that there is a lack of awareness of the cyber security risks these sites can present to the organisation. Of those Hungarian respondents who said their organisation is taking measures to prevent the risks of social media and networking, 65% said they monitor internal and external electronic traffic including web pages, which is lower than the CEE (82%) and globally (85%). 18 Global Economic Crime Survey

Reducing the risks What actions should organisations take to defend themselves against cyber security attacks? 1. Get the CEO involved the CEO and Board needs to be aware of the cyber threats. They need to understand the risks and opportunities of the cyber world. 2. Reassess the security function and preparedness of the organisation should a cybercrime occur unlike traditional economic crimes, cybercrime is fast paced with new risks emerging which means an organisation need to continually adapt its procedures to reflect these. 3. Awareness organisations need to have a clear awareness of its current and emerging cyber environment. If this is in place, well informed and prioritised decisions and actions can be taken. 4. Create a cyber incident response team which needs to act with speed and agility. A well functioning cyber response team means an incident is spotted anywhere in the business will be tracked, risk assessed and escalated. 5. Educating all employees an organisation needs to embed a cyber awareness culture, through recruiting those with the relevant skills so that this knowledge can be shared with all employees creating a cyber aware organisation which is better able to protect itself. 6. Take a more active and transparent stance towards cybercrime take action by pursuing cybercrime perpetrators through legal means, and communicate more publicly regarding the actions the organisation is taking regarding the threats, incidents and responses. Global Economic Crime Survey 19

Contacts Miklós Fekete Partner, Advisory E-mail: miklos.fekete@hu.pwc.com Tel.: +36 1 461 9242 George Surguladze Senior Manager, Forensic Services E-mail: george.surguladze@hu.pwc.com Tel.: +36 1 461 9127 www.pwc.com/crimesurvey PwC firms help organisations and individuals create the value they re looking for. We re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com. This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2011 PwC. All rights reserved. Not for further distribution without the permission of PwC. PwC refers to the network of member firms of PricewaterhouseCoopers International Limited (PwCIL), or, as the context requires, individual member firms of the PwC network. Each member firm is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of any other member firm nor can it control the exercise of another member firm s professional judgment or bind another member firm or PwCIL in any way.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback