Cyber breach and insider threat risks drive increased investment in forensic data analytics
Monday 15 February 2016
- Three out of five survey respondents globally plan to increase spending on forensic data analytics (FDA) over the next two years
- Organisations are putting a greater focus on proactive fraud detection and prevention activities
- Australian executives report the higher than average increase in concerns around risk of insider threats and cyber breaches
Executives view cyber breaches and insider threats as the fastest-growing fraud risks facing their businesses and this is driving increased investment in forensic data analytics (FDA), according to the findings of a new EY survey.
EY’s 2016 Global Forensic Data Analytics Survey, Shifting into high gear: mitigating risks and demonstrating returns, also shows Australian executives are among the most likely to report an increase in concern about cyber breach and insider threat risks – which include malicious insiders stealing, manipulating or destroying data – with 80% saying their level of concern had either significantly or slightly increased. This is second only to the UK (83%) and well above the global average of 62%.
The survey was conducted with 665 executives across 17 countries, including Australia, and covered nine key industry sectors, including financial services, life sciences, manufacturing, transport and power and utilities. When looking at the current use of FDA tools to investigate incidents or manage risk, the survey found that internal fraud risk ranked highest for the application of FDA globally at 77%, followed by cyber breach or insider threat risks at 70%.
Sixty-nine percent of global respondents and 65% of Australian respondents say that they need to do more to improve their current anti-fraud procedures, including the use of FDA tools. Notably, this figure increased to 74% for C-suite members. C-suite respondents were also found to be the most likely to cite regulatory pressure as the reason for improving anti-fraud procedures, as regulatory enforcement becomes more rigorous and widespread.
Rob Locke, EY’s Fraud Investigation & Dispute Services (FIDS) Managing Partner for Oceania, says boards and senior management need to ensure FDA is incorporated as a critical component of their organisation’s risk management and compliance programs.
“For all organisations, the threat of cybercrime is an everyday reality, posing a dynamic and relentless challenge. Given the current regulatory enforcement environment and market reaction to instances of alleged corporate fraud, bribery and cyber breach, having a robust and effective FDA program in place is more important than ever,” Locke says.
Increased FDA investment
With just 55% of respondents globally saying that their FDA spend is sufficient, a drop from 64% in our 2014 survey, it is no surprise that three out of five say that they plan to spend more on FDA in the next two years. When looking at the reasons for increased investment, the survey found that responding to growing cybercrime risks and increased regulatory scrutiny are the top drivers at 53% and 43%, respectively.
How FDA tools are deployed is also changing, with 58% of Australian respondents saying they now invest at least half of their FDA budget on proactive monitoring activities.
“Given the level of pressure organizations are facing on fraud prevention, it is no surprise that the majority of respondents are expending more effort on proactive initiatives,” Locke says.
“Traditionally, organisations turned to advanced FDA tools to help with their reactive investigations. However, they are now beginning to recognise the indispensable role FDA can play in their proactive surveillance, compliance, anti-fraud and corruption efforts.”
“Following ongoing probes into trader activity at financial institutions globally, we are now seeing a concerted push by banks in particular to embrace proactive monitoring of unstructured data – emails, chats, texts and the like. This inevitably involves the deployment of forensic data analytic techniques to sift through millions of communications in almost real time,” says Warren Dunn, EY’s Forensic Technology Leader.
“There are obvious benefits to taking a proactive approach to FDA, with the Association of Certified Fraud Examiners’ most current Report to the Nations on Occupational Fraud and Abuse showing a 59.7% lower cost per fraud incident for those organisations using proactive data analytics compared to those who weren’t. Surveillance monitoring programs utilising FDA can also help organisations strengthen their compliance programs, by improving corporate culture and bolstering the confidence of regulators and other stakeholders.” Dunn says.
FDA maturity leads to positive results, but resources not yet fully realised
Fifty-six percent of survey respondents agree they currently get positive results or recoveries from the FDA tools they use. The findings also show striking similarities among those organisations that have reported positive results from their FDA efforts, such as:
- investing more of their total compliance and anti-fraud spend in FDA;
- harnessing sophisticated analytics tools, including social media, web monitoring and data visualization, in combination to identify rogue activities, patterns and trends; and
- incorporating larger data volumes and a wider variety of data sources (both structured and unstructured).
“But while we are already seeing some great results from the use of FDA, the majority of respondents believe they still have a long way to go reap the full benefits,” Locke says.
“By using current technology capabilities and leading analytics to help focus investigative and compliance monitoring efforts, FDA can be an important enabler of cost reduction. But only 9% of respondents globally are confident they are fully realising the value of FDA in reducing anti-fraud program costs – and none of the Australian respondents thought they were – so there is clearly still work to be done here.”
“Organisations need to recognize the full spectrum of value that FDA can bring – far beyond fraud detection. To realise its full potential, they will need to be more aggressive in the implementation of FDA, invest in the right skills and technology, and adopt it beyond the scope of traditional fraud risk management,” Locke concludes.
Notes to Editors
About the survey
Between June and September 2015, researchers from Longitude Research, a business-to-business research and content agency, conducted 665 interviews across 17 countries with organizations actively using FDA. Respondents had to be the decision-makers responsible for their company’s anti-fraud program.
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organisation, please visit ey.com.
This news release has been issued by Ernst & Young Australia, a member firm of Ernst & Young Global Limited.
Liability limited by a scheme approved under Professional Standards Legislation.