Insider threat highlighted as public sector cyber crime rises

Nearly half of all public sector organisations have been hit by economic crime in the past 12 months, with cyber crime and employee and supplier fraud in particular on the rise, according to a new report from PwC.

The consultancy's latest Global Economic Crime Survey surveyed respondents in 36 countries and found that 46 per cent had experienced one or more incidents of economic crime in the past year, up from 37 per cent in 2009 and significantly higher than the average of 34 per cent across all sectors.

Cyber crime was highlighted by PwC as a particular area of concern. Around 14 per cent of respondents said they had suffered from some form of online crime in the past 12 months, while 28 per cent believe they are likely to suffer an attack in the next year. More than 40 per cent of respondents believe cyber crime is increasing.

More than half of those surveyed said they had the resources to detect cyber crime, but most don't have the forensic capabilities needed to investigate such incidents.

More worrying is that around half of public sector organisations surveyed don't review the threat of online fraud more than once a year at a senior level, the study found.

Interestingly, the report found that the risk of fraud committed by an employee or supplier has jumped significantly, fuelled by the onset of swingeing public sector cuts.

More than two-thirds of crimes experienced in the past 12 months have been committed by public sector employees, compared with just over half in 2009, while supplier fraud jumped from 13 per cent to 32 per cent over the period.

Andrew Miller, PwC's head of information security in government, told V3 that the supply chain is increasingly responsible for policing itself.

"With a lot of services being outsourced to third parties, some of the largest departments have several thousands of suppliers, and the system of tracking and invoicing can happen within these third parties," he said.

"So given that this is generally down to the honesty of the supplier, there's a heavy reliance on the supply chain to do the right thing. They're almost becoming more of an internal player than before."

He recommended three steps for public sector IT managers, which includes building an incident response plan, learning about emerging cyber threats to "stay ahead of the game" and finding out the level of management support for such activities.