UK businesses see cybercrime as a bigger threat than their international counterparts, with 74% of respondents to EY’s latest survey stating this area poses a high risk to their organisation compared to 49% globally
Businesses are also more concerned with the cyber threat from their own employees (36%) than from organised crime (26%)
Despite the UK performing better than the global average on serious fraud and corruption, 14% of UK businesses still reported a significant fraud in the last two years while 18% of executives consider bribery and corruption to be widespread
Despite the recent introduction of the UK Bribery Act, 46% of respondents in the UK agree it’s acceptable to offer entertainment to retain business compared to 29% internationally
EY’s 13th Global Fraud Survey has found cyber crime to be one of the biggest concerns for UK businesses. Specifically, 74% of respondents stated cyber crime to be a high risk to their organisation compared to 49% globally (second only to Brazil at 76%).
The survey included in-depth interviews with more than 2,700 executives across 59 countries (of which 50 respondents were from the UK), including chief financial officers, chief compliance officers, general counsel and heads of internal audit.
Globally, nearly 40% of all respondents believe that bribery and corruption are widespread in their country. However, in contrast this figure drops to 18% in the UK.
Despite the UK performing well on serious fraud and corruption, the survey does highlight that almost half (46%) of UK executives are willing to offer corporate entertainment in order to retain business. This is far higher than the global average of 29%.
John Smart, head of EY’s UK Fraud Investigation and Dispute Services (FIDS) practice, commented: “The rest of the world is playing ‘catch up’ with the UK in recognising cyber crime as a serious threat. High-profile cyber crime incidents and a number of Government initiatives may have played an important role in ensuring high awareness of this issue among business leaders here in the UK.”
Smart continued with a warning> “The conversation now needs to move on to how businesses respond to these dangers,” he urged. “Awareness is just the beginning. Business leaders need to ensure robust incident response strategies are in place. When a data breach does occur, many companies fail to investigate how and why an attack has taken place which can leave networks compromised and exposed as the full extent of the breach is never uncovered.”
The cyber threat from within
The research also found that businesses perceive employees to be a bigger concern (36%) than organised criminals (26%) when it comes to sources of cybercrime.
Paul Walker, head of Forensic Technology and Discovery Services at EY, explained: “The results may not necessarily indicate mistrust between employers and employees when it comes to cyber crime issues. The issue is whether employees take cyber crime as seriously as management do.”
Walker added: “Employees are sometimes seen as the weak link with individuals susceptive to phishing e-mails, where spoof e-mails are sent out in an attempt to gain passwords or confidential information, downloading viruses and transferring files to unauthorised personal devices.”
Encouraging picture on fraud compliance
The UK is performing significantly better than the rest of the world when it comes to getting the basics right around fraud and corruption. According to the survey, 94% of respondents agree that senior managers in the UK have strongly communicated a commitment to anti-bribery policies – roughly 10% more than the global average.
UK businesses are also top of the preparation table, with 88% having attended some form of bribery and corruption training. Furthermore, the UK is third globally when it comes to whistleblowing procedures, with 82% of respondents stating that their organisation has a whistleblowing hotline.
Despite these important processes being in place, 14% of UK businesses still reported a significant fraud in the last two years while 18% of executives consider bribery and corruption to be widespread. This may demonstrate that a culture of good compliance is failing to work its way down organisations.
Confusion over the Bribery Act
John Smart commented: “Overall, the UK continues to demonstrate a strong commitment to integrity and anti-bribery/anti-corruption compliance. This is supported by legislation such as the Bribery Act. UK companies take their responsibilities seriously in this area, and the results of our survey show a significant level of self-enforcement.”
In conclusion, Smart stated: “However, the fact that 46% of UK businesses said it was OK to offer entertainment to retain business shows there is still confusion regarding what is and is not acceptable. If gifts or entertainment are being offered as a quid pro quo or with a direct link to retaining business they are probably bribes. With the summer events season approaching, it’s more important than ever for companies to be extra vigilant around entertainment and satisfy themselves that what they offer is both appropriate and reasonable.”