More than half of New Zealand organisations are still unprepared for cybercrime incidents

  • The top five types of fraud affecting New Zealand’s businesses are asset misappropriation (74%); cybercrime (29%); procurement fraud (29%); human resources fraud (18%); and accounting fraud (18%).

  • Fifty-five per cent of New Zealand organisations either don’t have an incident response plan for cybercrime, or have one but it’s not yet operational.

  • Forty per cent of New Zealand organisations expect to experience cybercrime at some point over the next two years.

  • Forty-two per cent of fraud detection in New Zealand is through a tip-off, including a formal whistleblower service

Forty per cent of New Zealand organisations report their workplaces as being victimised by economic crime in the past two years (up from 33 per cent in 2014), according to PwC’s 2016 Global Economic Crime Survey released today. This is higher than the global average of 36 per cent, but significantly below neighbouring Australia at 52 per cent.

New Zealand survey results found 42 per cent of fraud detection is through a tip-off, including formal whistleblowing services. Corporate controls only accounted for detecting 24 per cent of crimes, which is significantly down from 56 per cent in 2014 at the time of the last survey. While business confidence is high, fraud is an unfortunate downside for businesses and corporate detection methods are not keeping pace, says PwC Forensic Services Partner Eric Lucas. 

“This points to a potentially worrying trend. Eighteen per cent of all economic crimes detected in New Zealand were by accident and there is too much being left to chance. Today more than ever before, a passive approach to economic crime is a recipe for disaster.

“Understanding your vision and strategically maintaining a plan for growth as well as defence, based on your unique threat landscape and profile, will be the difference. In a fast-moving digital world, being prepared is a living, breathing daily exercise which needs to be constantly updated so you are ready when threats turn into reality.”

And the survey data shows that many organisations in New Zealand are still unprepared. Despite 40 per cent of New Zealand respondents saying they will likely be the victim of cybercrime over the next two years, only 45 per cent have an operational incident response plan and 9 per cent have a digital forensic investigator on their first responder teams.

Economic crime is a business issue and not an IT or accounting issue, Mr Lucas says, but too many New Zealand organisations are not fully preparing for these threats. 

“In a fast-changing and digitally dependent market, many organisations are not well placed to avoid cybercrime attacks, or if subject to attack, respond to them. Only about half of boards ask for information regarding their organisation’s state of readiness to deal with cyber incidents.” 

Financial services: Do some sectors offer more opportunity for economic crime than others?

Globally, financial services organisations (48%) reported a higher number of economic crime incidents, followed by government and state-owned enterprises (44%). In New Zealand, an anti-money laundering regime effecting financial services has been in operation for almost three years following the introduction of the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act in 2013. 

“Being associated with funds that have contributed to the financing of terrorism or linked to the 'legitimisation' of criminal proceeds is a reputational and regulatory risk for financial entities. This is not a concern only for established companies but also for those who are hoping to establish themselves in New Zealand,” Mr Lucas says.

At present in New Zealand, the Act only applies to financial institutions – banks, finance companies, brokers, remittance agents and the like – many of which are still struggling to be fully compliant. In the coming years, Phase Two of the Act will bring in many professional services including accountants, lawyers and real estate agents. 

“What we do know is that the costs and time to fully comply are far greater than anticipated and that when the scope is extended – as it has been in most other complying countries already – the costs and inconvenience to business and their customers will only grow,” Mr Lucas says.

The global survey results for financial services respondents showed that only half of money laundering (ML) or terrorist financing (TF) incidents were detected by system alerts. In New Zealand, reporting entities are required to monitor transactions for suspicious activity and many of them have automated systems to do this. 

“One of the biggest challenges we see during our audits of reporting entities’ AML/CFT programmes, is whether the triggers implemented are based on the risks identified, and confirming that the triggers actually work as expected. All industry players in New Zealand are still learning. We anticipate increased regulatory action against reporting entities in the future as expectations of compliance increase,” concludes Mr Lucas.

Follow us