Accountancy firms thriving in volatility
November 30, 2016
The strategic partner: Dennis Tan
December 14, 2016
Show all

Cybersecurity: Identify the weakest link

Fraud is a persistent and rising threat to businesses in Ireland according to PwC’s Irish Economic Crime Survey 2016. 34% of Irish respondents reported economic crime in the last two years, up from 26% in 2014 and 2012.

Of the economic crime reported, asset misappropriation remained the top type of economic crime in Ireland (52%) followed by cybercrime (44%) and accounting fraud (18%). Asset misappropriation decreased in the period from 75% down to 53% this year, while cybercrime remained at a very high level.

Of the 35% of Irish respondents who had experienced economic crime in the last two years, 44% confirmed that their organisation had been the victim of cybercrime compared with only 25% in 2012. This is very concerning as we must also consider that those who did not report a cybercrime may also have suffered an event, perhaps without knowing about it.


Cybercrime is an economic offence committed using a computer and the internet. Typical examples include the distribution of viruses, illegal downloads of media, phishing and pharming, and the theft of personal information such as bank account details. This excludes routine fraud whereby a computer has been used as a by-product to create the fraud and only includes such economic crimes where computer, internet or use of electronic media and devices is the main element and not an incidental one.

There has been a significant increase in awareness and sophistication in the types of cybercrime threatening businesses today. Cybercrime has evolved to a point where it could be classified by two distinct categories: the kind that steals money and damages reputations; and the kind that can lay waste to an entire business.

While profitable cybercrime – such as identity and credit card theft – can have a significant impact on their victims, they rarely pose an existential threat to companies. However, international cyber-espionage involving the theft of critical intellectual property, trade secrets, product information and so on pose ‘extinction-level’ threats to businesses.

Although forensic accountants are well-known for investigating the more traditional types of economic crime such as asset misappropriation and accounting fraud, does a forensic accountant have a role to play in investigating this new and rapidly growing type of crime?


Forensic accounting probably came into prevalence about 10 years ago due to a rapid increase in financial fraud and white-collar crime. “Forensic” means “relating to courts of law” and it is to that standard and potential outcome that forensic accountants are required to work.

A forensic accountant has accountancy, investigative, audit and legal experience and skills. Quite often, forensic accountants were trained or have a background in audit which, in itself, is investigative in nature. The work of an auditor and a forensic accountant couldn’t be more different, however.

In the 1896 Kingston Cotton Mills Company case, Lord Justice Lopes said of auditors: “He is a watchdog, but not a bloodhound. Auditors must not be made liable for not tracking out ingenious and carefully laid schemes of fraud, when there is nothing to arouse their suspicion… so to hold would make the position of an auditor intolerable.” Forensic accountants on the other hand have been described as bloodhounds.

While auditors may not approach their work on the presumption that a fraud has taken place, forensic accountants approach their work in this very way. Forensic accountants are typically called upon when there is a real suspicion that a fraud has occurred, or the fraud has already been detected or uncovered. They are required to dive into the detail to find out the answers to who, what, when, where, how and why. They are required to question everything and piece together a jigsaw of information to ensure that they fully understand the fraud and quantify the financial impact the fraud has had on the company. This is done with the knowledge that, ultimately, the results of their work could end up with litigation. Their work therefore needs to be able to stand up in court and to scrutiny from others, including scrutiny from others in the same profession.

The traditional work of a forensic accountant in investigating what you might call ‘traditional’ fraud has involved careful capture and chain of custody of evidence, interviewing skills, legal knowledge, investigating and interrogating accounting systems, accounting records, bank statements, invoices, emails and other such information in order to report on the crime and quantify the losses. But how would a forensic accountant go about investigating a cybercrime?


A cyber corporate crisis can be one of the most challenging and complicated that any organisation will face. They require strategies around investigation and communication, as well as significant forensic and analytical capabilities.

With data volumes and network traffic generated by organisations on the rise, there is a real challenge for organisations to quickly identify key facts while ensuring they correctly address legal, reputational and regulatory enforcement issues – often across the multiple jurisdictions in which they operate. A sound cybersecurity strategy and incident response plan is therefore essential.

While there are many things organisations can do to prevent a cyber incident, it is more likely than not that they will be affected by a cyber incident at some point in the future so they need to be ready.

The results of PwC’s Irish Economic Crime Survey 2016 indicate that most companies are still not adequately prepared, however. While the threat of cybercrime is a major issue for businesses in Ireland, only 41% of survey participants have a fully-trained first response team to mobilise should a technology or data breach occur. These first response teams were comprised principally of IT and senior management personnel.

While, understandably, IT and senior management have a critical role to play, only 25% of Irish first response teams had legal representatives, 13% had human resource representatives and 11% had digital forensic investigators. These results suggest that organisations are too reliant on IT and require a more balanced mix of skills to deal with cyber incidents.

So what role, if any, is there for a forensic accountant in a cyber response team? While forensic accountants can bring their accountancy, legal and investigation skills to the table, they need to adapt in the same way and at the same pace as the fraud they are required to investigate. They must upskill and ensure they can incorporate digital forensic techniques and data analytics in cybercrime investigations.


Forensic accountants have a raised awareness of the need to increase their skills in this particular area, as evidenced by the fact that most major accountancy firms now have a dedicated cybersecurity team. Both cyber skills and cyber incident response methodologies will inevitably become the de facto standard for forensic accountants in the future.

Rachel Richardson ACA is a Senior Manager in PwC’s Forensic Advisory Practice.

Paul Kelly ACA is a Manager in PwC’s Cyber Security and Forensic Advisory Practice.


This article was published in the August 2016 edition of Accountancy Ireland which you can download from here.