www.pwc.com/crimesurvey

Hungarian country report

December 2011

The Global Economic Crime SurveyCybercrime: are you at risk?

Table of contents

1) Introduction 3

2) Executive Summary – Key findings 4

3) Fraud, the fraudster and the defrauded. What are we facing in Hungary? 6

4) Who is committing economic crime? The profile of the perpetrators 10

5) What actions do organisations take against the perpetrators? 13

6) How successful are Hungarian organisations in detecting

and preventing economic crime? 14

7) Cybercrime in Hungary. Is your organisation ready to deal with it? 16

3Global Economic Crime Survey

Introduction

Our aim with the survey was to assess:

• corporate attitudes to fraud in the current economic environment;

• which types of fraud are the most prevalent and who are the main perpetrators;

• what are the costs to businesses;

• what steps organisations are taking to detect and prevent fraud;

• what steps, if any, are Hungarian organisations taking to combat and prevent cybercrime and cyber threats.

Accordingly, our report is divided into two key sections:

• The current fraud environment in Hungary – focusing on the type of frauds committed, and how they are detected, who is committing them and what steps organisations are taking to prevent them;

• Cybercrime in Hungary – its impact on organisations, their awareness of the crime and what organizations are doing to combat the risks.

Economic crime doesn’t discriminate. It affects organisations all over the world. And no industry or organisation is immune. The fallout isn’t just the direct costs; economic crime can seriously damage brands or tarnish a reputation, leading organisations to lose market share. As society becomes less tolerant of unethical behaviour, businesses need to make sure they’re building – and keeping – public trust.

Miklós Fekete

Partner, Advisory, PwC

We sincerely thank all respondents and organizations who have participated in the survey, and without which we would not have been able to produce this report. We hope that this information will further assist the readers in their ongoing fight against economic crime.

We are pleased to present the 2011 PwC Global Economic Crime Survey

Hungarian results to you.

We have prepared our 6th biannual global survey and the Hungarian

country edition for the 5th time with the aim of assisting Hungarian business leaders and corporate

executives by providing unparalleled insight into the impact of economic crime on organisations worldwide.

With almost 4000 responses from senior executives in 78 countries,

including 85 leading companies within Hungary, this is the most comprehensive global survey of

economic crime available to businesses.

4 Global Economic Crime Survey

Executive Summary – Key findings

The Current Fraud Environment in Hungary1

• Our survey results show that 1 out of 4 Hungarian businesses (28%) experienced one or more instances of economic crime in the past 12 months. In many cases, the incidents of economic crime were detected by accident or by means that were beyond the influence of management.

• The frequency of economic crime has increased compared to the previous survey. In 2009, 25% of those participants who suffered economic crime reported more than 10 cases. No one reported having experienced more than 100 instances. In 2011, however, 29% of those who suffered economic crime reported more than 10 cases, including 8% who suffered more than 100 instances over the past 12 months.

• Asset misappropriation is the most prevalent type of fraud in Hungary (50% of cases reported). It is followed by bribery and corruption (38%) which is the second most common economic crime experienced not only in Hungary, but in the CEE region as well.

Accounting fraud (21%) is the third most prevalent type of fraud reported by survey participants in Hungary.

• The responses indicate that in the majority of Hungarian cases external parties to the organisation are the main perpetrators of economic crime (54%). Fraud committed by vendors increased significantly from 2009 to 2011. While in 2009 there was no instance reported where the main external perpetrator was a vendor of the organisation, in 2011, 15% of external fraudsters were reported to be vendors. This figure is higher than in CEE (13%) and substantially higher than the global figure (9%).

• Results show that economic crime committed by agents and intermediaries is much higher in Hungary (31%) than in the CEE (16%) and globally (18%).

• When asked about internal perpetrators, Hungarian respondents commented that, for those organisations who had suffered economic crime, the majority of internal perpetrators belonged to the management of their organisations. 44% of internal perpetrators were middle management, and even more concerning is that economic crime committed by senior management increased compared to 2009 (22 % in 2011 vs. 18% in 2009).

• The differences among Hungarian organisations are becoming more apparent in respect of how they react

1 Regional (CEE) and global comparison throughout the report is not exact and is for indicative purposes only, due to the differences in statistical sample sizes.

5Global Economic Crime Survey

to economic crime being perpetrated against them. Some organisations have a zero tolerance approach. However, our survey results show that in 1 out of 5 cases reported (22%), organisations did not take any action against the internal perpetrator. Moreover, in one fifth of the cases the internal perpetrator was only transferred (22%) within the organisation, compared to CEE (5% transferred) and global results (4% transferred). If you combine those responses, in Hungary, it tells us that almost 50%, who are identified as the internal perpetrator of an economic crime, was either allowed to get away with it or only moved internally within an organisation.

• The survey results also show that 17% of cases were discovered by accident in Hungary, which is higher than the CEE average (10%) and global (8%) figures. Organisations cannot rely on chance to detect such incidents if they would like to avoid the costly damage of economic crime.

• 85% of the organisations who have already implemented a whistle blowing mechanism consider it as an effective tool in prevention and detection of economic crime. However, the results also show that nearly half of the Hungarian organisations (45%) have not yet established whistle-blower mechanism.

• Regular fraud risk assessment helps organisations to analyse their exposure to fraud and minimise

chances for fraud and damages. However, 61% of respondents did not perform a fraud risk assessment at their organisations or had only performed it once over the past 12 months.

Cybercrime in Hungary

• Our survey discovered that despite global and local media attention, respondents in Hungary potentially underestimate cybercrime threats. While 39% of respondents globally, indicated that their perception of cybercrime threats on their organisations has increased in the past 12 months, only 14% of Hungarian respondents commented that their perception of cybercrime risk increased.

• Our survey also concluded that Hungarian respondents are a lot less concerned about damages and financial losses from cybercrime activity than regional and global survey participants. While globally the figure was 40%, in Hungary only 27% of respondents said they were very concerned about reputational damage. On average across CEE 28% was the figure, in Hungary only 18% of respondents said they were very concerned about actual financial losses from cybercrime activity.

• The lack of concern may be due to a lack of awareness. It is worrying to learn that 42% of respondents did not receive any cyber security training in the past 12 months – which would suggest that they are

potentially unaware of the risks that cybercrime presents to their organisation.

• While globally 26%, and in CEE 22% of respondents believe that their organisation will likely face cybercrime in the following 12 months, in Hungary only 8% of respondents believe so. Today, most people and businesses rely on the internet and other technologies. Organisations are potentially opening themselves up to cyber criminals and organisations need to be prepared for cyber threats.

• More than half of Hungarian respondents (58%) feel that cybercrime threats are mainly external to the organisation and only 21% perceived them as both an internal and external threat. This is much lower than CEE (43%) and global (42%) figures. Experience has shown that to neglect internal threats can be very dangerous, particularly internal hacking by employees for their own purposes.

• 36% of respondents in Hungary said their organisation does not have an in-house capability to prevent and detect cybercrime, and 73% said their organisation does not keep an eye on social media sites, or they are not aware of them.

• There is no reason that Hungary should be at less risk of cybercrime than any other country, so the results in this area may indicate that organisations should consider where their risks are and where the threats come from.

6 Global Economic Crime Survey

Economic crime continues to be a serious issue affecting organizations in Hungary. No industry is immune. Our survey indicates that more than 1 in 4 Hungarian organisations (28%) reported having experienced one or more instances of economic crime in the past 12 months.

Fraud, the fraudster and the defrauded. What are we facing in Hungary?

28% 30%

34%

30%

34%

30%

24%

26%

28%

30%

32%

34%

36%

Hungary CEE Global

% of respondents

Has your organisation experienced any economic crime within the last 12 months?

2011

2009

This figure may only be the tip of the iceberg and many instances may remain undetected. In our experience it would be extremely difficult for organisations to detect all instances of fraud, and even more difficult if the organization does not grant anonymous ways to report economic crime and/or does not perform fraud risk assessments regularly. In comparison to this:

• 61% of Hungarian respondents said that no fraud risk assessment was performed at their organizations or it was performed only once in the last 12 months.

• 45% of respondents indicated that their organisation does not have a whistle-blowing mechanism implemented.

7Global Economic Crime Survey

4%

4%

4%

4%

4%

4%

8%

8%

13%

21%

38%

50%

18%

10%

7%

2%

1%

4%

8%

8%

12%

25%

36%

69%

23%

7%

6%

2%

1%

4%

9%

4%

7%

24%

24%

72%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Cybercrime

IP infringement

Insider trading

Espionage

Sustainability fraud

Other

Money laundering

Tax fraud

Anti-competitive behaviour

Accounting fraud

Bribery and corruption

Asset misappropriation

% of cases reported

What types of economic crime has your organisation experiencedwithin the last 12 months?

Global

CEE

Hungary

The frequency of economic crime has increased compared to our previous survey:

• In 2009, 25% of those participants who suffered economic crime reported more than 10 cases. No one reported having experienced more than 100 instances in the previous survey.

• In 2011 however, 29% of those who suffered economic crime reported more than 10 cases, including 8% who suffered more than 100 instances over the last 12 months.

This indicates repeated instances/attempts of economic crime against organisations and signals that organisations are increasingly vulnerable to repeated fraud if they do not implement ways to prevent and detect economic crime or learn from and correct weaknesses which may have been exploited.

Types of economic crime

Asset misappropriation is the most common economic crime (50% of cases reported) in Hungary, followed by bribery and corruption (38%) and accounting fraud (21%).

Respondents indicate that bribery and corruption is still more prevalent in Hungary (38%) than in the CEE region (36%) and on a global level (24%).

In global and regional comparison, both asset misappropriation and accounting fraud is less frequent in Hungary than elsewhere. One potential reason for this could be due to the fact that these types of economic crimes are not being detected accurately.

A future contributing factor may be due to the current unstable economic times. Potential reductions in headcount within organisations (which may occur in downturns and recessions) make fewer resources available to detect and prevent economic crime. For example, reduction of internal audit staff may lead to less fraud being detected and prevented in the future which puts organisations at greater risk. Also, redundancies can lead to issues where there is insufficient segregation of duties due to a lack of resources.

8 Global Economic Crime Survey

Cost of fraud and collateral damage

It is very difficult to accurately estimate the financial impact of economic crime. However, we asked our respondents to estimate, to the best extent possible, the cost of fraud and economic crime, they have suffered. The survey found that economic crime caused damages between USD 100k to USD 5 million for 42% of those respondents who suffered fraud over the last 12 months in Hungary.

46% of Hungarian respondents who were victims of economic crime indicated that they suffered less than USD 100k damages. In the current economic environment, when all companies are seeking the most cost effective ways to operate, preventing and detecting economic crime could, rather than being an additional overall cost, actually result in savings for companies.

In addition to the direct losses, damage to employee morale is the most significant indirect cost of fraud (42%) and respondents indicated that there had been a significant impact on business relations (33%), as well as a negative impact on the company’s reputation (13%). The study also found that damage to employee morale and business relations in Hungary are far greater than they are on regional or global level.

13%

42%

33%

4%

18%

29%

20%

13%

19%

28%

19%

15%

%

5%

10%

15%

20%

25%

30%

35%

40%

45%

Reputation/brand Employee morale Business relations Relations with regulators

How significant was the impact of the economic crime that you have experienced within your organisation in the last 12 months?

Hungary

CEE

Global

% who indicated „significant” impact

9Global Economic Crime Survey

10 Global Economic Crime Survey

Who is committing economic crime? The profile of the perpetrators

“It is very important that organisations clearly communicate to their business partners and customers the expectations regarding business ethics, as well as consequences of unethical behaviour. If organisations are determined and stand firm against unethical business partners that will have a deterrent effect and will result in less damage caused by external perpetrators”. Miklós Fekete, Partner, Advisory, PwC

In 54% of cases reported Hungarian respondents indicated that fraud has been committed against the organization by external fraudsters.

In 38% of cases reported, economic crime was committed by internal fraudsters. It is interesting to note that both in regional and global comparison, the situation is the reverse of what the Hungarian respondents reported and more economic crime is reported to be committed by internal perpetrators (CEE 53% and 56% globally) than by externals.

The fact that the percentage of cases committed by external perpetrators is high in Hungary both in regional and global comparison could be due to a number of reasons. For example:

• External perpetrators in most cases are customers (38%), followed by the organisation’s agents/intermediaries (31%) and vendors (15%).

• While in 2009 no instance was reported where the main external perpetrator was a vendor of the organisation, in 2011, 15% of external fraudsters were reported to be vendors. This figure is higher than in CEE (13%) and globally (9%).

54% 43% 40%

38% 53% 56%

8% 5% 4%

Hungary CEE Global

Thinking about the most serious economic crime your organisation experienced in the last 12 months, who was the main perpetrator of fraud?

Don't know

Internal fraudsters

External fraudsters

% of cases reported

11Global Economic Crime Survey

• Fraud committed by agents/intermediaries (31%) is nearly double the regional (16%) and global (18%) average.

• Based on our experience, due to a lack of resources some organisations tend to neglect the importance of background checks on their business partners. This can lead to, in many cases, organisations not having a clear picture about the past business history and reputation of their business partners. If corporate intelligence/background checks of external parties (agents, intermediaries, vendors etc.) are not performed, questionable business ethics cannot be identified in time, and the organisation can become a victim of economic crime.

• We would recommend that organisations step-up their efforts in this area, as it is clear this is a growing issue in Hungary and not one repeated in neighbouring countries or globally. As a key prevention measure, knowing your business partners prior to engaging with them is less costly than dealing with the unpleasant consequences.

15%

38%

31%

8%

8%

Thinking about the most serious economic crime your organisation experienced in the last 12 months, who was the main perpetrator of external fraud against your organisation?

Vendor

Customer

Agents/Intermediaries

Don't know

Other

% of cases reported in Hungary

1%

6%

8%

19%

66%

% 10% 20% 30% 40% 50% 60% 70%

Wait to see if further indications of potential fraud in the same area may

arise

Consult with your auditor

Engage a specialist forensic investigator

Contact external legal advisors

Use internal resources to perform an internal investigation

% of respondents

When you identify an incident of potential fraud which action are you most likely to do first?

Hungary

• Economic crime is often committed by collaboration of internal and external perpetrators. However, the success in detecting the internal party is strongly dependent on the objectivity of the investigation carried out. Two-thirds of respondents (66%) indicated that they first use internal resources to perform an investigation, and only 8% of respondents said they engage a specialist forensic investigator. Engaging independent forensic experts from the beginning of the investigation ensures the impartial and objective investigative work, thus guaranteeing the independence and objectivity during the entire process.

12 Global Economic Crime Survey

Profile of the internal fraudster

The majority of internal perpetrators (67%) in Hungary belong to management. This includes mainly middle management (44% of the cases reported) and 22% committed by senior managers of the organisations. It is a great concern that fraud committed by senior management increased compared to our 2009 survey (18%).

The vast majority of internal perpetrators (67%) in Hungary have been working for the organisation for more than 6 years. Included in this are employees who have been for working for the organisations for more than 10 years (33%). 44% of internal fraudsters are highly qualified, minimum 1st degree graduates.

“The independent members of supervisory boards and audit committees have a big responsibility when the involvement of senior management comes into question in relation to economic crimes.It is in the best interest of all supervisory and audit committee members that they are aware of the results of fraud risk assessments performed by the organisation, as well as, the efficiency of controls in place.”� Márta�Hegedűsné�Szűcs,�Partner,�Assurance,�PwC

67%

22%

11%

Thinking about the most serious economic crime your organisation experienced in the last 12 months, at what level was the main perpetrator of internal fraud within your organisation?

Senior and middle management

Junior staff members

Other

% of cases reported in Hungary

Between 41 and 50 years of age (56%)

With the organisation for more than 6 years (67%)

Male (67%) 1st degree graduate (44%)

Interesting to note, that global and CEE results indicate that typical internal perpetrators are usually younger (between 31 and 40 years of age, 43%), and have been with the organisation between three to five years (30%). The average perpetrator in Hungary is older and working for the organisation for longer.

13Global Economic Crime Survey

What actions do organisations take against the perpetrators?

0%

0%

11%

22%

22%

22%

44%

44%

56%

5%

2%

11%

7%

13%

5%

33%

44%

75%

4%

40%

77%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Don't know

Other

Notified relevant regulatory authorities

Did nothing

Warning/reprimand

Transfer

Civil action was taken, including recoveries

Law enforcement informed

Dismissal

% of cases reported (multiple answers possible)

Thinking about the most serious economic crime your organisation experienced in the last 12 months, what actions, if any, did your organisation take against the main internal perpetrator?

Global

CEE

Hungary

44%

18%

4%

17%

1%

3%

“Unfortunately it seems, that Hungary, is the “country of no consequences” based on the survey as well. It is astonishing, that in 22% of cases reported the organisations did nothing against the main internal perpetrator. Even more concerning is that in many cases the internal perpetrator was only transferred within the organisation. A very important element of a transparent economy is that economic crime and perpetrators are dealt with properly by the organisation in all cases.”� Tamás�Lőcsei,�Partner,�Tax,�PwC

The results of the survey show that economic crime remains often without consequences in Hungary. In every 5th case reported (22%) the organization did nothing against the main internal perpetrator which is concerning compared to CEE (7%) and globally (4%). In CEE only 25% of internal fraudsters keep their jobs, in Hungary, our respondents tell us this is almost double, with 44% remaining employed.

The difference among organisations in Hungary is becoming more apparent in respect of how seriously they are treating the issues of economic crime. Internal perpetrators were transferred in one-fifth of cases (22%) in Hungary, which is very high both in regional (5%) and global (4%) comparison.

Internal perpetrators were dismissed in only half of the cases (56%) reported in Hungary which is a much lower percentage than regional (75%) and global responses (77%).

If organisations are only transferring perpetrators within the organisation rather than potentially dismissing them, the perpetrators will continue to remain within the organization and possibly find other ways to commit fraud and economic crime. It is important for organisations to demonstrate a “zero tolerance” level for fraud in order to set the right tone within the organisation. It is important that deterring actions are taken and consequences of fraud are clearly communicated to all employees.

0%

8%

15%

31%

46%

46%

54%

1%

6%

8%

37%

56%

53%

66%

3%

5%

7%

40%

43%

39%

63%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Don't know

Did nothing

Other

Notified relevant regulatory authorities

Civil action was taken, including recoveries

Cessation of the business relationship

Law enforcement informed

Thinking about the most serious economic crime your organisation experienced in the last 12 months, what actions, if any, did your organisation take against the main external

perpetrator?

Global

CEE

Hungary

% of cases reported (multiple answers possible)

In the case of external perpetrators law enforcement was informed (54%), cessation of business relationship (46%) commenced, and civil action was taken including recoveries (46%).

14 Global Economic Crime Survey

Our survey results show, that 17% of incidents were detected by accident in Hungary which is much higher than the result in CEE (10%) and globally (8%). Organisations cannot rely on chance in detecting fraud incidents if they would like to be confident that they will avoid the costly damages of economic crime.

At the same time, it is encouraging to see that there are responsible corporate executives who are not leaving the detection of economic crime to chance. They use proactive methods like fraud risk management (13%), effective internal audit (13%), and suspicious transactions reporting (13%). Proactive identification and detection of economic crime are the most powerful tools in the fight against economic crime.

The responses also show that nearly half of Hungarian organisations (45%) have not established and introduced whistle-blower mechanism. However, 85% of the organisations who have already implemented a whistle blowing mechanism consider it as an effective tool in prevention and detection of economic crime.

Our experience also shows that employees are more willing and likely to report fraud or suspicions if anonymity is granted. If organisations do not offer such mechanisms, it is much more likely that not all fraud cases will be detected, since employees do not feel safe to voice their information or suspicions.

How successful are Hungarian organisations in detecting and preventing economic crime?

4%

8%

17%

4%

4%

13%

0%

0%

13%

13%

13%

3%

6%

10%

5%

4%

8%

3%

11%

11%

9%

15%

6%

4%

8%

5%

7%

11%

2%

6%

18%

10%

14%

0% 5% 10% 15% 20%

Others

Law enforcement/ investigative media

By accident

Whistle blowing system

External tip-off

Internal tip-off

Change of personnel/duties

Corporate security

Fraud risk management

Internal audit

% of cases reported

Thinking about the most serious economic crime your organisation experienced in the last 12 months, how was the crime initially detected?

Global CEE Hungary

man

agem

ent

Bey

ond

the

influ

ence

of

Cor

pora

te c

ontr

ol

Cor

pora

te c

ultu

re

Electronic and automated suspicious transaction

reporting

15Global Economic Crime Survey

Fraud risk assessment – a powerful tool for detecting fraud

In order to successfully prevent fraud, it is important that organisations continuously assess and monitor fraud risks and identify gaps. Regular fraud risk assessment helps organisations to analyse their exposure to fraud. It is therefore concerning, that more than half of the respondents (61%) did not perform fraud risk assessment or performed it only once over the past 12 months within their organisations.

Hungarian organisations cited that the main reasons for not performing fraud risk assessments were the perceived lack of value (29%) from fraud risk assessment, despite the fact that, this would be a proactive approach to combat economic crime.

Two-thirds (67%) of respondents who indicated that their organisation did not perform a fraud risk assessment either did not know why a fraud risk assessment has not been performed at their organisations or indicated that they are unsure what this actually involves.

The more fraud risk assessment is performed the more likely organisations are to detect fraud. In difficult economic times, organisations should see the prevention of fraud as a major tool to save on costs. If economic crime and resulting financial damages can be prevented, direct savings can be achieved.

33%

28%

14%

12%

7% 6%

In the last 12 months, how often has your organisation performed a fraud risk assessment?

Once Not at all Quarterly Every six months Don't know More often

% of respondents in Hungary

16 Global Economic Crime Survey

Our survey discovered that in Hungary, only 14% of respondents perceived that cybercrime threats to the organisation increased over the past 12 months whilst globally the figure was 39%.

Cybercrime in Hungary. Is your organisation ready to deal with it?

80%

64%

57%

14%

30%

39%

6%

6%

4%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Hungary

CEE

Global

Has your perception of the risks of cybercrime to your organisation changed over the last 12 months?

Remained the same

Increased

Decreased

2 As defined in GECS 2011 by PwC in conjunction with our survey academic partner, Professor Peter Sommer.

“Emerging technologies present new challenges to organisations and internal audit professionals: mobile applications and devices, social media, cybercrime – all these risks need to be assessed and organisations need to be prepared.”

� Andrea�Major,�Partner,�Assurance/SPA,�PwC

What is cybercrime? The Global Economic Crime Survey (GECS) 2011 focused on the financial crime and fraud aspect of cybercrime and for the purposes of our survey questionnaire, Cybercrime was formally defined as follows:

The above definition may be considered a fairly common definition of Cybercrime, yet it would appear that many perceive this as a wider phenomenon which makes the definition open to different interpretations. There is no standard globally accepted definition of Cybercrime available and implications of not having a clear-cut definition could be that if organisations are not aware what the dangers are, where the dangers come from and how cybercrime can impact their business, then it is the harder to detect and combat cybercrime.

“Cybercrime, also known as computer crime, is an economic offence committed using the computer and internet. Typical instances of cybercrime are the distribution of viruses, illegal downloads of media, phishing and pharming and theft of personal information such as bank account details. This excludes routine fraud whereby a computer has been used as a by product in order to create the fraud and only includes such economic crimes where computer, internet or use of electronic media and devices is the main element and not an incidental one”2.

% of respondents

17Global Economic Crime Survey

Is your organisation’s reputation at stake?

Our survey also concluded that Hungarian respondents are a lot less concerned about damages and financial losses from cybercrime activity than regional and global survey participants. While globally the figure was 40%, in Hungary only 27% of respondents said they were very concerned about reputational damage. In Hungary only 18% of respondents said they were very concerned about actual financial losses from cybercrime activity. In CEE the figure was 28%.

The lack of concern may also be due to a lack of awareness. It is concerning to learn that 42% of respondents did not receive any cyber security training in the past 12 months – which would suggest that they are potentially unaware of the risks that cybercrime presents to their organisation.

27%

18%

28%

21%

34%

28%

34%

33%

40%

31%

35%

36%

0% 10% 20% 30% 40%

Reputational damage

Actual financial loss from cybercrime activity

IP theft, including theft of data

Theft or loss of personal identifiable information

% of respondents who indicated they were “Very Concerned”

How concerned are you about the effect of cybercrime activity on your organisation?

Global

CEE

Hungary

While globally 26%, and in CEE 22% of respondents believe that their organisation will likely face cybercrime in the following 12 months, in Hungary only 8% of respondents believe so. As today most people and business rely on the internet and other technologies, organisations are potentially opening themselves up to cyber criminals and organisations need to be prepared for cyber threats. In recent days even Facebook has been subject to such attacks.

Low cybercrime awareness does present risks for all organisations and industries. Organisations seem to be taking a reactive rather than a proactive approach towards cybercrime threats. Our survey shows that in Hungary:

• 36% of Hungarian respondents do not have or are not aware whether their organisation has in-house capabilities to prevent and detect cybercrime;

• 54% of Hungarian respondents do not have or are not aware whether their organisation has in-house capabilities to investigate cybercrime;

• 51% do not have or are not aware whether their organisation has controlled emergency network shut down procedures in place;

• 37% of respondents engage experts only when the incident has already occurred. Unfortunately at that stage, mitigation of damages is the only solution and not a proactive prevention.

18 Global Economic Crime Survey

Where does the cybercrime threat come from? Is it really an external threat to the organisation?

More than half of Hungarian respondents (58%) feel that cybercrime threats are mainly external to the organisation and only 21% perceived it as both internal and external threat. This is much lower than the CEE (43%) and global (42%) figures.

Experience has shown that to neglect internal threats can be very dangerous, particularly around internal hacking by employees for their own purposes. Such examples include:

• disgruntled employees accessing HR data to extract personal information (pay data, bonuses etc);

• an employee accessing other colleagues’ emails;

• extracting key information from accounts payable department, setting up dummy suppliers in the system, and/or extracting funds from the organisations;

• misuse of social media – sensitive information going public etc.

Management of cybercrime risks – Organisations monitoring social media sites?

Whilst social media sites such as Facebook or LinkedIn may not be the real source of Cybercrime, they can be used to social-engineer Cybercrime more effectively (phishing attacks). For example, social media sites can be used to collect information about a targeted individual, to research certain staff members or to install malware onto the user’s computer, making the cybercrime more effective.

73% of respondents in Hungary stated that their organisation either does not monitor the use of social media sites or that they are not aware of it. This is higher than in CEE (59%) and globally (60%). This also indicates that there is a lack of awareness of the cyber security risks these sites can present to the organisation.

Of those Hungarian respondents who said their organisation is taking measures to prevent the risks of social media and networking, 65% said they monitor internal and external electronic traffic including web pages, which is lower than the CEE (82%) and globally (85%).

5%

13%

13%

58%

43%

46%

16%

30%

29%

21%

13%

12%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Hungary

CEE

Global

Where do you see the greatest cybercrime threat to your organisation coming from?

Internally

Externally

Both internally and externally

Don't know

% of respondents

“Social�media�is�a�revolution�in�the�way�in�which�people communicate. Also businesses are engaging with social media for numerous reasons including marketing, communicating with customers, and collecting information. But there is a wide range of commercial risks related to their usage. In addition to increasing unproductive time by employees, they create security risks for the company – they are another channel where sensitive data can leak or malicious code can get into the company.”� Lee�Coles,�Director,�Forensic�Services,�PwC

19Global Economic Crime Survey

Reducing the risks – What actions should organisations take to defend themselves against cyber security attacks?

1. Get the CEO involved – the CEO and Board needs to be aware of the cyber threats. They need to understand the risks and opportunities of the cyber world.

2. Reassess the security function and preparedness of the organisation should a cybercrime occur – unlike traditional ‘economic crimes’, cybercrime is fast paced with new risks emerging which means an organisation need to continually adapt its procedures to reflect these.

3. Awareness – organisations need to have a clear awareness of its current and emerging cyber environment. If this is in place, well informed and prioritised decisions and actions can be taken.

4. Create a cyber incident response team – which needs to act with speed and agility. A well functioning cyber response team means an incident is spotted anywhere in the business will be tracked, risk assessed and escalated.

5. Educating all employees – an organisation needs to embed a ‘cyber awareness’ culture, through recruiting those with the relevant skills so that this knowledge can be shared with all employees creating a cyber aware organisation which is better able to protect itself.

6. Take a more active and transparent stance towards cybercrime – take action by pursuing cybercrime perpetrators through legal means, and communicate more publicly regarding the actions the organisation is taking regarding the threats, incidents and responses.

PwC firms help organisations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com.

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

© 2011 PwC. All rights reserved. Not for further distribution without the permission of PwC. “PwC” refers to the network of member firms of PricewaterhouseCoopers International Limited (PwCIL), or, as the context requires, individual member firms of the PwC network. Each member firm is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of any other member firm nor can it control the exercise of another member firm’s professional judgment or bind another member firm or PwCIL in any way.

Contacts

Miklós Fekete

Partner, Advisory

E-mail: miklos.fekete@hu.pwc.com

Tel.: +36 1 461 9242

George Surguladze

Senior Manager, Forensic Services

E-mail: george.surguladze@hu.pwc.com

Tel.: +36 1 461 9127

www.pwc.com/crimesurvey