Cyber security and fraud risks

BDO New Zealand Risk Landscape Report 2024

Cyber attacks and fraud will continue to increase as emerging technologies like artificial intelligence (AI) grow in scope and become more accessible. The 2023 BDO Global Risk Landscape Report shows cyber attacks and fraud were ranked as one of the top three combinations of risk multipliers posing a threat to organisations worldwide.

AI as a weapon

Disruptive technology is amplifying cyber and fraud risks faced by companies globally and we’re starting to see this trickle into the local market. The National Cyber Security Centre’s 2022-2023 Cyber Threat Report revealed there were record-high levels of financially-motivated cyber activity in 2022-2023, with cyber criminals adopting new techniques and technologies to challenge orthodox detection methods.

Generative AI is one of the biggest risks for organisations to take note of. While AI presents countless opportunities for businesses, it can also be exploited. Examples include the use of AI to produce derivative malware that evades detection software, or simply using AI applications to launch cyber attacks. Criminals can also use AI to steal or manipulate data to commit credit card fraud and identify theft.

Organisations making use of AI and other disruptive technologies to advance their operations must be aware of the risks posed by these technologies, including phishing and hacking internal systems. A fine balance must therefore be struck between utilising AI and having it used against you.

Cash theft and financial crime

Investment scams are one of the leading instances of financial crime throughout the country, often involving vulnerable victims lured in by promises of high financial returns. These schemes are becoming more sophisticated and harder to spot; as Kiwis look for ways to make their money go further in the current economic conditions, they must also be on heightened alert for scams and scenarios that sound too good to be true.

Cryptocurrencies remain one to watch, adding a new dimension to financial crime. The anonymity offered by these digital assets can be harnessed by fraudsters and money launderers, making it important for regulatory bodies to quickly establish regulatory oversight in this space. Regulating digital and decentralised organisations is extremely challenging, and the Reserve Bank of New Zealand has expressed concerns about several risk factors, including the challenges that some crypto assets pose for managing money laundering and preventing cyber risks.

Cascading risk from cyber crime

The impacts of fraud and cyber crime can be extremely wide-ranging, including the obvious financial damage and business interruptions posed by phishing, hacking, ransomware attacks, and internet fraud. Reputational damage is a significant risk which can be triggered by these types of events, particularly in the case of data leaks and insecure systems which compromise customer or supplier data. Sensitive ESG-related information can be vulnerable to data breaches and other fraud, which can have an enormous knock-on effect when it comes to reputational damage.

Tips for business leaders

  • Be ready: Proactively prepare for a breach or fraud event. When it comes to fraud and cyber crime, it can be a matter of “when,” not “if.” Knowing how you will respond can help to stem the issue quickly and regain control.
  • Stay on top of AI: Look at the AI tools within your organisation and consider how these could be used against you. Ensure you have robust privacy and security measures in place and your employees are trained on the appropriate use of modern technologies.
  • Make it everyone’s concern: Put fraud prevention on the radar of those at the highest levels of a company, including the Board and audit committee. Conduct regular employee training on fraud prevention and detection, financial processes, and cyber security.
  • Use technology: Investigate how technology and security measures, including firewalls, access controls, and encryption, can assist you in detecting and investigating anomalies.
  • Assess your controls: An independent review of internal controls across key processes is an effective way of identifying opportunities for improvement – be that the design of controls, or the consistent application of those controls.
  • Don’t just ‘set and forget’: Think of your approach to cyber security as being ever-evolving. Get regular assurance that the controls you have in place are robust and fit for purpose.
  • Ask for assistance: Consider seeking external advice on your fraud prevention strategies. An independent fraud risk assessment is a great way to tease out areas where you may be exposed in a controlled, no-risk way.

For more assistance, reach out to your BDO adviser or learn about how BDO's Risk Advisory service can help you here

Contact our team

Get in touch with Taurnesh to talk about Risk Advisory services.