By Matthew Allen
Swiss companies are slowly waking up to the realisation that their businesses could be dramatically affected by cyber fraudsters, according to a survey.
Cybercrime ranked as the second biggest threat of fraudulent activity for Swiss firms this year and is forecast to be the biggest security problem they face in the next 12 months.
While Switzerland is no more exposed to corporate criminal attacks over the internet than any other comparable country, it is particularly sensitive given the strength of the financial industry and the banking secrecy laws that surround the sector.
A corporate crime survey by accountancy and auditing firm PricewaterhouseCoopers (PwC), published on Tuesday, found that 18 per cent of Swiss firms were the victim of some sort of fraud this year. Cybercrime was ranked as second most common type of activity, making up a fifth of reported cases.
More than a third of the 140 companies surveyed believed that cybercrime would overtake asset misappropriation as the most common corporate crime next year.
However the technical and evolving nature of internet-based fraud, such as hacking and phishing, has left many senior managers befuddled and has hampered efforts by firms to implement effective controls.
“Awareness of cybercrime is increasing, but effective controls to combat the problem are lagging far behind,” PwC head of forensics Gianfranco Mautone told swissinfo.ch. One in every five cyber attacks is detected by pure chance or the intervention of external policing, the report found.
Swiss managers appear to have lagged behind their foreign counterparts in their awareness of cybercrime. The PwC survey found that half of Swiss firms saw an increased threat this year compared to 39 per cent of companies in other countries.
And too many companies only shut the stable door after the horse had bolted. While not classified as a cybercrime, the theft of CDs containing banking data in the last few years serves as an example of how easy it can be to get around static security controls.
“It was not until the CDs started to be sold in other countries that the banks started to really contemplate the problem,” Mautone said. “Sometimes it needs a major incident to make things happen.”
The cyber attacks on the New York Stock Exchange, that forced the bourse to temporarily shut down last month, should serve as ample warning about the danger of such crime, Mautone added.
But it is not just financial giants that are at risk from internet scams, the PwC report warned. Switzerland’s myriad of small and medium-sized enterprises (SMEs) could just as easily find themselves compromised by a determined hacker.
“The lifeblood of many of these companies is innovative designs that give their product a competitive advantage,” said Mautone. “Losing these secrets could spell disaster for any SME.”
Cybercrime does not just affect businesses, with scammers also targeting individuals. Between 6,000 and 7,500 cases of internet crime are reported to the authorities every year, according to official statistics.
Most of the cases involve pornography, but the Swiss Coordination Unit for Cybercrime Control also received 370 reports of economic crime, such as hacking bank accounts, last year (up from 254 in 2009).
Cybercrime of all varieties cost victims in Switzerland some SFr924 million ($1 billion) in 2010, according to a September report by security software company Symantec.
In an effort to combat the growing threat, the Swiss authorities have brought in new laws that will come into force from the start of next year.
The new laws will speed up the exchange of information with other countries, introduce tougher penalties for hacking and set up a new 24/7 police hotline to report suspicious activities.
The changes will make it possible for Switzerland to achieve its goal of signing up to the European Council’s convention on cybercrime.
But not all measures aimed at tackling cybercrime have been welcomed. Government plans to introduce surveillance on postal and telecommunications services have been criticised as a step towards a “big brother” state.
While the surveillance would be designed to catch perpetrators of human trafficking and paedophilia, watchdog groups have complained the measures could infringe privacy rights.