EY’s 13th Global Fraud Survey, ‘Overcoming compliance fatigue: reinforcing the commitment to ethical growth’, has found that 57% of Irish respondents consider themselves to be at high risk of cybercrime attacks.
The survey included in-depth interviews with more than 2,700 executives across 59 countries, including chief financial officers, chief compliance officers, general counsel and heads of internal audit.
Whilst this level of cyber risk awareness is higher than the average global response of 49%, it is significantly below that of the UK where 74% of respondents consider themselves to be at a high risk of cybercrime attack.
Julie Fenton, partner and head of EY’s Fraud Investigation & Dispute Services (FIDS) practice in Ireland commented: “While there is the need for some education of around the risk of cybercrime, the conversation also needs to move onto how businesses respond to these dangers. Awareness is just the beginning and business leaders need to ensure robust incident response strategies are in place. When a data breach does occur, many companies fail to investigate how and why an attack has taken place, which can leave networks compromised and exposed as the full extent of the breach is never uncovered.”
The findings show that over half of Irish respondents (53%) cited hackers and hacktivists as the biggest threat to their organisation, suggesting a lack of knowledge around the various sources of potential attacks. Only 24% of Irish respondents recognised the potential threat posed by employees and contractors, compared to the global average of 33% and 36% in the UK.
Fenton adds: “Employees are sometimes seen as the weak link due to their susceptibility to phishing emails – where spoof emails are sent out in an attempt to gain password or confidential information, downloading viruses and transferring files to unauthorised personal devices.”
Confusion over understanding of bribery
The findings reveal concerning levels of perceived fraud, bribery and corruption across the world, with only 16% of respondents indicating that bribery and corruption is widespread in Ireland. However, when asked what is acceptable to help a business survive, 39% of Irish respondents said they are willing to offer corporate entertainment in order to retain business. This suggests that further clarity is required surrounding ethical business conduct guidelines.
Different challenges exist across the world.
54% of respondents in emerging markets have identified that bribery and corruption happen widely in these territories, with results showing that 10% of emerging market respondents have been asked to pay a bribe, compared to 3% in developed markets.
Fenton commented: “As more Irish businesses capitalise on growth opportunities in emerging markets, there is a clear need to educate boards and management teams on the relevant issues and ensure they are equipped to appropriately respond to the threats and risks in those territories.”
Is the C-suite making the right risk management choices?
Insufficient awareness of potential risks will only heighten the C-suite’s difficulties and, of the Irish executives who took part in the survey, only 43% had participated in a risk assessment and 49% did not have whistleblowing policies in place for the internal reporting of fraudulent misconduct. Furthermore, only 18% of Irish respondents note that people have been penalised for breaching policies, compared to a global average of 35%.
Speaking on the action Irish companies can take to mitigate risk, Fenton remarked: “Businesses need to do more than implement a whistleblower hotline to promote ethics within their organisations. Regulators are investing heavily to bolster their ability to mine big data from corporations for potential irregularities and the latest data visualisation tools can help to identify revenue recognition or procurement-related red flags earlier and more efficiently.”
Fenton concluded: “CEOs can do more to lead from the front on these matters, and boards and other stakeholders should intensify their efforts to challenge management to reinforce their commitment to ethical growth.”