Cyber breaches and insider threats, which include malicious insiders stealing, manipulating or destroying data, are the fastest-growing risks according to executives, and are driving investment in forensic data analytics (FDA) according to EY’s 2016 Global Forensic Data Analytics Survey, ‘Shifting into high gear: mitigating risks and demonstrating returns’.
The survey was conducted with 665 executives globally across nine industry sectors, including financial services, life sciences, manufacturing and power and utilities. When looking at the current use of FDA tools to investigate incidents or manage risk, the survey found that internal fraud risk ranks highest for the application of FDA at 77 per cent and cyber breach or insider threat risk ranks second at 70 per cent.
Sixty-nine per cent say that they need to do more to improve their current anti-fraud procedures, including the use of FDA tools. Notably, this figure increased to 74 per cent for the C-suite cohort. Of those respondents citing regulatory pressure as the reason to improve their procedures, C-suite respondents were found to be the most concerned as regulatory enforcement becomes more rigorous and widespread.
David Stulb, EY’s global leader of Fraud Investigation and Dispute Services (FIDS), said: “For organisations, the threat of cybercrime is an everyday reality, posing a dynamic and relentless challenge. This means boards and senior management need to incorporate FDA as a critical component of their risk management and compliance programmes. This is especially critical given the regulatory enforcement environment and market reaction to instances of alleged corporate fraud, bribery and cyber breach.”
Joseph Galea, EY Malta’s senior manager responsible for IT risk and assurance, said: “Maltese companies are becoming more and more dependent on ICT infrastructure, making them vulnerable to common threats that stem either from genuine human error or malicious intent. Hence the need for cyber security that ensures the safety, confidentiality, integrity and availability of cyberspace. Addressing cyber security on an organisational and company level calls for a planned, collective and systemic approach, leading to the launch of a company cyber security strategy.”
Three out of five respondents plan to increase their spending on forensic data analytics (FDA) over the next two years
With just 55 per cent saying their FDA spend is sufficient, a drop from 64 per cent in the 2014 survey, it is no surprise that three out of five say they plan to spend more on FDA in the next two years. Looking at the reasons for increased investment, the survey found that responding to growing cybercrime risks and increased regulatory scrutiny are the top drivers at 53 per cent and 43 per cent, respectively. How FDA tools are deployed is also changing, with 63 per cent saying they invest at least half their FDA budget on proactive monitoring activities.
In response to increased risks, the use of advanced FDA is becoming mainstream, with new technologies and surveillance monitoring techniques widely used to help companies manage current and emerging fraud and cyber risks. The rising maturity of corporate FDA efforts is also evident in the growing sophistication in their use of data. Seventy-five per cent routinely analyse a wide range of structured and unstructured data, enabling them to gain a comprehensive view of their risk environment.
David Remnitz, EY’s FIDS Global and Americas Forensic Technology and Discovery Services leader, said: “Given the level of pressure organisations are facing on fraud prevention, it is no surprise the majority of respondents are expending more effort on proactive initiatives. Surveillance monitoring programmes utilising FDA can help organisations strengthen their compliance programmes, improving corporate culture and bolster the confidence of regulators and other stakeholders.”
The findings also show striking similarities among organisations that have reported positive results from their FDA efforts, such as: investing more of their total compliance and anti-fraud spend in FDA; harnessing sophisticated analytics tools, including social media, web monitoring and data visualisation, in combination to identify rogue activities, patterns and trends; and incorporating larger data volumes and a wider variety of data sources (both structured and unstructured).
Mr Remnitz said: “Traditionally, organisations turn to advanced FDA tools to help with their investigations. But today, FDA is becoming indispensable to proactive risk management. Organisations need to recognise the role FDA can play not only in their reactive investigations, but also in their proactive surveillance, compliance, anti-fraud and cyber breach response efforts.”