Financial losses caused by cybercrime have soared in China and across the world this year, caused mainly by a lack of security strategies by many companies, according to global accounting firm PricewaterhouseCoopers LLP.

The company said that the average annual financial loss resulting from cybersecurity incidents in the Chinese mainland and Hong Kong increased by 33 percent year-on-year in 2014 to $2.4 million, and that across the world rose 34 percent to $2.7 million.

The study was conducted in the second and third quarters of 2014 and was based on more than 9,700 responses worldwide, including 420 organizations from the Chinese mainland and Hong Kong.

Respondents included chief executive officers, chief financial officers and chief information security officers.

Large organizations (with gross annual revenues of $1 billion or more) detected 44 percent more incidents compared with last year, but at the other end of the scale, 20 percent of the respondents in the Chinese mainland and Hong Kong detected zero incidents or could not give a figure.

The total financial losses due to the theft of business secrets around the world were estimated between $749 billion and $2.2 trillion annually.

Samuel Sinn, PwC China's risk assurance partner, said that based on a simple calculation, using 4 percent as the Chinese respondents out of the total population of survey respondents, this could amount to a national amount of between $30 billion and $90 billion.

"While the survey confirms our concerns that the financial impact of detected security incidents is increasing rapidly, many more attacks are either going undetected or unreported," said Sinn.

"The actual value of stolen intellectual property or trade secrets is therefore likely to be much higher and could range in the tens of billions of dollars in the Chinese mainland and Hong Kong alone."

Simon Wu, a senior manager with PwC's cybersecurity service in China, said: "Higher information transparency of companies and more paperless offices could be reasons for the rapid increase of financial losses caused by cybersecurity incidents."

According to the survey, incidents attributed to insiders and third-party vendors rose while the actual security preparedness of companies fell.

Around 41 percent of Chinese mainland and Hong Kong respondents reported that former employees were the most likely sources of internal breaches of security.

"The potential threat posed by former employees echoes a trend highlighted in our survey in which respondents claimed that four out of five economic crimes against businesses in Chinese mainland were inside jobs," said Sinn.

"Companies will give many workers privileged user-access tools, but implementation of key insider-threat safeguards is declining," said Chun Yin-cheung, a partner at PwC China's risk assurance practice in Shanghai.

"Compromises attributed to third parties with trusted access increased, while due diligence weakened."

The survey also showed that while many Chinese mainland and Hong Kong respondents reported that they currently had data protection policies in place, 84 percent of them increased their information security budgets this year.

But many companies admitted they still depended too heavily on law enforcement agencies for tipoffs rather than detecting incidents themselves.

"China has paid close attention to cybersecurity and enacted laws and regulations, but financial losses are difficult to quantify and increase the difficulty in the measurement of penalties," said Wu.

"To tackle the challenge, companies should ensure that their cybersecurity strategy is aligned with business objectives and is strategically funded, and they should identify their most valuable information assets and prioritize protection of this high value data," said Sinn.

"Companies should understand their adversaries, including the motives, resources and methods of attack to help reduce the time from detect to respond," said Cheung.

"They also need to assess the cybersecurity of third parties and supply chain partners, and ensure they adhere to your security policies and practices."

Wu said it would be wise for firms to collaborate with others to increase awareness of cybersecurity threats and plan their response tactics.

Related

• Beijing police nab 30,000 suspects in cyber crime crackdown
• Cyber-crime becomes 'gigantic industry': experts
• Lack of legislation major challenge to fight cyber crime: experts
• Kenya calls for partnership to fight cyber crime in Africa

Go to Forum >>0 Comment(s)