16 - 22 August 2001

KPMG study on system breaches

by David Kelleher

Over 90 per cent of global CEOs and chief information officers believe a breach of e-commerce systems would be perpetrated through the Internet or other external means, said survey of 1,283 companies by the accounting firm KPMG.
And while the breach could come from outside the company walls, it is highly likely that the electronic fraudster will be an employee or consultant, as is the situation with more traditional forms of fraud, said Norman Inkster, President of KPMG Investigation and Security Inc.
“Most security breaches are committed by individuals who possess intimate knowledge of the systems they are attacking,” said Inkster.
KPMG studies over the past eight years have shown that 70 per cent of traditional fraud, or the type where “I have to meet you and convince you”, is conducted by insiders, said Inkster.
“So only eight to nine per cent of companies said the risk is internal, but I think we are going to see that migrate over time,” said Inkster, a former Commissioner for the Royal Canadian Mounted Police.
At risk is intellectual property or customer information residing on a database, including credit card numbers or health details.
Furthermore, KPMG said, the vast majority of electronic fraud goes unreported to police, and in many cases to the top brass in the organisation itself.
“Fraud generally goes unreported to authorities and in the context of e-business, I suspect some intrusions which are successful are not even being reported high in the company,” added Inkster.