Incident Response, Network Security, TDR

E&Y: Cyberthreats the No. 2 driver of forensic data analytics deployments

Businesses are expanding their use of forensic data analytics (FDA) to investigate and combat fraud, especially as fears of cyberattacks and internal data threats spike. Still, widespread investment in the most cutting-edge FDA solutions may be hampered by negative perceptions surrounding return on investment, according to a report issued late last week by Ernst & Young's Fraud Investigation & Dispute Services (FIDS) team.

The biannual report details findings from a survey of 655 executives in charge of their organizations' anti-fraud programs. Since Ernst & Young (EY) released its last FDA survey in 2014, there has been a 22 percent-point increase in companies actively deploying an FDA solution in-house, from 45 percent to 67 percent. This surge in deployments can be partly ascribed to mounting concerns over internal threats and cyber breaches—the report's fastest growing risk category. Sixty-two percent of executives confirmed that their fear of such an incident occurring has increased at least slightly in the last two years, while 32 percent said their concerns increased “significantly.”

Nine out of nine surveyed industries pinpointed data threats and cyber breaches as the threat whose risk has most noticeably increased, while 70 percent of respondents confirmed that their companies actively use FDA tools to investigate these kinds of incidents—second only to conventional internal fraud incidents (77 percent).

Moreover, “responding to growing cybercrime risks” was the most commonly cited reason for investing in FDA tools (53 percent), beating out “increased regulatory scrutiny” (43 percent).

However, survey-takers noted that it is still difficult to secure adequate investment in FDA solutions, especially as cyberattacks and other threats to finances grow even more challenging to address. In fact, only 55 percent of executives believe their companies' current investment in FDA is sufficient—a marked drop from the 2014 edition of the survey, when 64 percent said spending was sufficient.

For the purposes of its report, EY defines FDA solutions as any tool that collects and analyzes structured or unstructured data in order to detect and investigate improper financial transactions and regulatory noncompliance. While some companies are investing in cutting-edge solutions specializing in data visualization, social media and web monitoring, and voice searching and analysis, others are still relying on basic spreadsheet-based tools. The report suggests this may be because executives are still finding it difficult to demonstrate return on investment on FDA technology.

“C-suite executives are faced with many competing priorities for resources and funding, and sometimes risk-management-related activities, such as FDA, can get pushed down the list until an adverse event, such as a cyber breach or regulatory investigation, occurs,” David Remnitz, FIDS global and Americas FTDS (Forensic Technology and Discovery Services) leader at Ernst & Young, told SCMagazine.com. “That is why it is important to take proactive steps to improve the company's anti-fraud program, which includes making the business case for FDA.”

According to the report, only nine percent of respondents said they have fully harnessed FDA's ability to reduce the cost of anti-fraud programs, while 22 percent said their FDA solutions had no measurable impact on cost savings.

Still, other benefits are more tangible—56 percent of executives confirmed that they have generated “positive results” from implementing FDA, while only 21 percent disagreed with this sentiment. Moreover, executives whose companies spent a larger portion of their anti-fraud program budget on FDA technologies were more likely to see positive results. On average, those whose FDA experiences have been positive spent 33 percent of their total anti-fraud program budget on FDA, while those who have not seen encouraging results spent only 26 percent.

“We are seeing some tremendous innovations to enhance companies' anti-fraud [activities], including insider threat and cyber fraud,” said Remnitz. “Particularly around text analytics to identify corrupt or malicious intent; statistical analysis to help build predictive models based on known bad behaviors; and data visualization, including pattern and link analysis, to help identify hidden relationships or patterns between disparate data sources.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.