Fraud and cybercrime represent a significant cost. The recent 2019 Financial Cost of Fraud Report, researched by Crowe UK and the University of Portsmouth, found that global losses equate to £3.89 trillion annually – a figure which amounts to 6.05% of the world’s GDP.
For the UK, this cost equates to £130 billion each year. It is also a cost which shows no signs of slowing. Since 2009, losses to fraud have risen by a drastic 56.5%.
For businesses, this cost can make the difference between profit and loss and be significantly damaging from both a financial and reputational point of view. Cybercrime is not a marginal, peripheral problem, but one which affects all industries and organisations, no matter the size or location.
With the advent of Industry 4.0 and the need for successful manufacturers to embrace digitisation and automation, the risks attached to cybercrime extend beyond the need to protect personal data. Exposure to ‘industrial espionage’, particularly for companies involved in developing new products and processes also is a cyber risk and of course, the ‘connected factory’ is especially exposed to cyber and ransomware attack.
Another recent report published by Crowe, The Dark Web: Bad for Business, uncovered the existence of attempts to target, attack and defraud 21 of the top 50 UK brands through online market places. While undertaking the research, we found fraudsters selling materials to facilitate attacks on organisations. These included fraud packs, template bank statements, utility bills and passports, UK bank account numbers and sort codes and documents providing advice on phishing. All of these materials could be used to commit identity theft against individuals and defraud legitimate businesses.
From the research, it is evident that fraud is evolving and becoming increasingly professional and organised, as cybercriminals collaborate and trade online to obtain the information and tools necessary to defraud businesses and commit crime.
One could be forgiven for assuming smaller scale organisations are more at risk of cybercrime than larger organisations, who are thought to have the infrastructure in place to deter and tackle such activity. However, our report, The Dark Web: Bad for Business, uncovered the extent to which large, well-resourced organisations reliant on technology with significant IT budgets to match, are vulnerable to cybercrime.
Despite their size, it was still possible for the organisations included in our research to be targeted by hackers, thus it is important for organisations of all sizes to think more realistically about their vulnerability to cybercrime.
The fact of the matter is, if an organisation is attractive enough to a cybercriminal – an attempt to hack is likely to be made.
Our research covered a range of sectors from banking and finance to retail and entertainment. Criminal cyber activity was consistently found against organisations, regardless of the category in which they fell.
In its nature, if not its impact, cybercrime is akin to coughs and colds – we should not have the unrealistic expectation of immunity – but we can minimise the number of times they affect us and the extent of their adverse impact on organisations. Management of both the problem and recovery is key – organisations need to think about managing an attack if and when it happens, recovering in the aftermath and mitigating financial, legal and reputational damage.
Where cybercrime is suspected, organisations should never assume that what they have found is the full extent of what has happened. They should be prepared to examine sources of digital evidence, such as computers and phones, in such a way to properly preserve evidence, uncover the full extent of the fraud and cybercrime that has taken place and be able to recover losses.
A first step to better protection is to understand your company’s vulnerability to cybercrime and an easy, free way to do this is to use Crowe’s Cybercrime Vulnerability Score card tool, developed and based on research undertaken with University of Portsmouth. This rates your organisation, identifies the major vulnerabilities and provides a checklist of things to do.
Take part in our Cyber Vulnerability Scorecard
The last three months have been dominated by politics and largely, from our discussions, manufacturers have concentrated on production and operations, leaving investment and other strategic decisions until after the general election and Brexit.
Our winter edition of Manufacture looks at the outcome of our recent outlook survey and key topics impacting the manufacturing sector at present.