SA worst in world for economic crimes‚ but fails to take preventative action
A search of a company’s offices and a director’s holiday home uncovered how employees from a competitor company used 10 computers to access their former employer’s systems over 3‚000 times over a six-month period‚ exfiltrating critical customer and other high-value data assets‚ says PriceWaterhouseCoopers (PwC).
Releasing the 2016 edition of its Global Economic Crime Survey‚ PwC said this was a simple control failure where IT failed to de-activate the accounts of ex-employees. “The alarming thing about this is that we see a number of breaches of this nature annually where the very basics of security have been ignored… Almost all organisations we’ve seen were alerted by external factors and not their internal monitoring processes.”
Organisations surveyed in South Africa – in both the private and government sectors - are reporting a higher frequency of economic crime compared with their global peers but are not taking adequate precautions‚ the company says. Top economic crimes are asset misappropriation‚ procurement fraud‚ bribery and corruption‚ cybercrime and human resources fraud.
In the latest survey‚ 69% of PwC’s South African respondents indicated that they had experienced some form of economic crime in the 24 months preceding the survey. This was unchanged from the 2014 survey.
Pwc noted: “When compared to the global statistic of 36%‚ we are faced with the stark reality that economic crime is at a pandemic level in South Africa.
“There is a fear that unless drastic action is taken to curtail the current economic crime trend‚ we may very well experience an upsurge toward the kind of levels that were experienced when our first Global Economic Crime Survey was carried out in South Africa more than a decade ago. South African respondents reported the highest percentage of economic crime in the world‚ with France coming in at a close second‚ followed by Kenya and Zambia. This does not make for good reading from the perspective of the African continent.”
The top ten countries reporting the most economic crime were: 1 South Africa 69% 2 France 68% 3 Kenya 61% 4 Zambia 61% 5 Spain 55% 6 United Kingdom 55% 7 Australia 52% 8 Russian Federation 48% 9 Belgium 45% 10 Netherlands 45%. The cost to South Africa is high.
While more than half of the global organisations surveyed (53%) reported having lost less than $100,000 to economic crime over the last 24 months‚ PwC says only 43% of South African organisations could make that claim.
Almost a fifth (19%) of South African respondents experienced losses of between $100,000 and $1-million‚ one in four respondents indicated having suffered losses of more than $1 million‚ and 2% lost in excess of $100 million (double the global average).
“It appears that South African organisations are squarely in the cross-hairs of economic predators and are being exposed to greater levels of high-loss incidents than their global and even their African counterparts.”
There is no faith in the police being able to catch perpetrators.
Seventy percent of South Africans did not believe local law enforcement agencies are adequately resourced and trained to investigate and prosecute economic crime. This was almost twice the global rate of 44% – South Africa was ranked as the second-highest in the world (second only to Kenya).
This year’s survey saw the South African profile of a fraudster change‚ PwC said. “For the first time since 2009‚ external actors exceeded internal actors (albeit marginally so) as the dominant profile of fraudsters acting against an organisation (46% external versus 45% internal). What’s more‚ South African organisations were reported to be more than twice as likely to be defrauded by vendors compared to the rest of the world.”
Reports of senior management perpetrating economic crimes against the organisations they work for more than halved from the previous survey (from 41% to 15%)‚ whilst middle management appear to have taken centre stage‚ with 39% of fraud being perpetrated by internal actors emerging from this band‚ the survey noted.
A clampdown on bogus qualifications is overdue‚ PwC said‚ noting that of the companies surveyed that experienced human resources fraud‚ an overwhelming 68% reported being victimised through the submission of false qualifications. This is significantly higher than the global average of 44%.
“It is nothing less than fraud and needs to be dealt with as such if it is to be stopped and those who have studied diligently and obtained university degrees are to be justifiably rewarded.
“Employers in both the public and private sectors‚ institutions and citizens need to jointly take a tough stance that this type of fraud will be dealt with to the fullest extent of the law‚ with the perpetrators being charged‚ prosecuted and‚ if appropriate‚ even imprisoned.”
Procurement fraud is the second most reported type of economic crime in South Africa‚ with 41% of respondents having been victims of this type of crime in the past 24 months. “While this is down from prior years‚ it is still almost double the global average of 23%.”
“Whilst our results show an 18% decline in the reported occurrences of procurement fraud‚ when overlaid with the number of internal perpetrators emanating from senior and middle management – the very same group charged with managing the procurement cycle – the stark reality emerges that the very people who are tasked with overseeing the procurement process may very well be perpetrating the economic crimes themselves.”
Cybercrime continues to escalate - ranking as the second-most reported crime in this year’s Global Economic Crime Survey and taking fourth place from a South African perspective. At 32%‚ it was the same as the global average.
The incidence of cybercrime in South African companies surveyed was sharply higher this year‚ with a 23% increase from the previous survey conducted in 2014. “At least 3% of respondents that were victims of cybercrime had experienced financial losses greater than $100 million.”
Only 35% of the PwC survey’s respondents have a fully operational incident response plan. The company added: “13% don’t know if they have one; and‚ more astonishingly‚ 12% do not have one nor do they intend implementing one!”