Cyber breaches and insider threats, which include malicious insiders stealing, manipulating, or destroying data, are the fastest-growing risks according to executives, and are driving investment in forensic data analytics (FDA), finds EY’s 2016 Global Forensic Data Analytics Survey, “Shifting into High Gear: Mitigating Risks and Demonstrating Returns.”
The survey was conducted with 665 executives globally across nine industry sectors, including financial services, life sciences, manufacturing, and power and utilities. When looking at the current use of FDA tools to investigate incidents or manage risk, the survey found that internal fraud risk ranks highest for the application of FDA at 77% and that cyber breach or insider threat risk ranks second at 70%.
Of those executives surveyed, 69% say that they need to do more to improve their current anti-fraud procedures, including the use of FDA tools. Notably, this figure increased to 74% for the C-suite cohort. Of those respondents citing regulatory pressure as the reason to improve their procedures, C-suite respondents were found to be the most concerned as regulatory enforcement becomes more rigorous and widespread.
David Stulb, EY’s global leader of Fraud Investigation & Dispute Services (FIDS), said, “For organizations, the threat of cybercrime is an everyday reality, posing a dynamic and relentless challenge. This means that boards and senior management need to incorporate FDA as a critical component of their risk management and compliance programs. This is especially critical given the current regulatory enforcement environment and market reaction to instances of alleged corporate fraud, bribery and cyber breach.”
Increased FDA investment
With just 55% of respondents saying that their FDA spend is sufficient, a drop from 64% in EY's 2014 survey, it is no surprise that three out of five say that they plan to spend more on FDA in the next two years. When looking at the reasons for increased investment, the survey found that responding to growing cybercrime risks and increased regulatory scrutiny are the top drivers at 53% and 43%, respectively. How FDA tools are deployed is also changing, with 63% of respondents saying they invest at least half of their FDA budget on proactive monitoring activities.
FDA use on the rise
In response to these increased risks, the use of advanced FDA is becoming mainstream, with new technologies and surveillance monitoring techniques widely used to help companies manage current and emerging fraud and cyber risks. The rising maturity of corporate FDA efforts is also evident through the growing sophistication in their use of data. Seventy-five percent of respondents routinely analyze a range of structured and unstructured data, enabling them to gain a comprehensive view of their risk environment.
David Remnitz, leader of EY’s FIDS Global and Americas Forensic Technology & Discovery Services (FTDS), remarked, “Given the level of pressure organizations are facing on fraud prevention, it is no surprise that the majority of respondents are expending more effort on proactive initiatives. Surveillance monitoring programs utilizing FDA can help organizations to strengthen their compliance programs, improving corporate culture and bolstering the confidence of regulators and other stakeholders.”
FDA maturity leads to positive results
The findings also show that there are striking similarities among those organizations that have reported positive results from their FDA efforts, such as:
- Investing more of their total compliance and anti-fraud spend in FDA
- Harnessing sophisticated analytics tools, including social media, web monitoring and data visualization, in combination to identify rogue activities, patterns and trends
- Incorporating larger data volumes and a wider variety of data sources (both structured and unstructured)
Remnitz concluded, “Traditionally, organizations turn to advanced FDA tools to help with their investigations. However, today, FDA is becoming indispensable to proactive risk management. Organizations need to recognize the role FDA can play not only in their reactive investigations, but also in their proactive surveillance, compliance, anti-fraud and cyber breach response efforts.”