Start of main content

The invisible wave of online fraud

| News | Ciberseguridad

María Jesús Hernández, Partner at Andersen, and Vicente Moret, Of Counsel at the firm, analyse the wave of criminal acts affecting companies and individuals in the digital sphere in Expansión

Data and our own feeling suggest that we are witnessing a significant crime wave affecting businesses and individuals in the digital domain.

Online fraud, in its various forms, has become an epidemic affecting thousands of people every year, yet it does not yet seem to have been prioritised by the authorities responsible for protecting us, nor does it even generate interest in the media with the importance it deserves.

Cybersecurity, especially at this time, should be the focus of everyone's attention given the seriousness of cybercrime levels, which are driven by the criminal activities of highly sophisticated organised schemes in some cases and, in others, by insiders within the companies themselves. The data speaks for itself. The latest Ministry of the Interior Cybercrime Study for 2020 clearly points to the magnitude of the data. In 2020, of the total number of known offences related to cybercrime, 89.6% corresponded to online fraud, i.e., a total of 257,907. If we compare this with the 70,178 in 2016, we obtain an increase in these offences of 367% in just four years. If we add to this the fact that it is clear that a difficult to estimate number of criminal acts go unreported for various reasons, the result is worrying.

Given this situation, it is worth noting that, compared to other areas of digital security such as cybersecurity or cyber defence, the prosecution of cybercrime receives less attention, effort and budgets for various reasons. Of relevance is the urgent need to increase the capacities of those who apply the law: judges, prosecutors, police and Civil Guard. More technological, material and human resources are needed, as well as more technological training for citizens in general, all initiatives that should be addressed as a priority by the competent authorities and governments. However, it is not only public administrations that must make efforts, but companies must also contribute to this effort to prevent and combat crime, given that the damage it causes them is multiple: on the one hand, the damage to the business and operations themselves, on the other, reputational damage and, finally, possible liabilities with respect to third parties and suppliers.

In the new paradigm of technological risk that is being established for companies, digital security is an essential part and, without prejudice to the technology that will always be there as an essential part, it is now time for people and processes, central aspects in the governance of digital security in companies. This must be supported by internal policies and protocols that allow for proper regulatory compliance and demonstrate control and due diligence. But above all, it is about protecting the business from threats that compromise its viability and preventing the multiple costs associated with cyber insecurity. It is necessary to invest in technological safeguards, but also in organisational, regulatory, procedural and behavioural safeguards. Most online scams are perpetrated precisely because the human element fails, and these are crimes that could be avoided in many cases by establishing a robust digital security governance framework within the company, which would also allow compliance with the growing EU-driven regulatory framework for digital security. It is necessary to prevent the activity of company insiders, minimise management errors and regulate the handling of information. This preventive task is as important as the implementation of procedures and tools for detecting and responding to cyber incidents.

Preventing and combating crime in cyberspace should be a priority for governments and companies. From the point of view of companies, taking into account that, as criminally liable legal persons, they risk not only being called to testify as investigated persons, but also being held criminally liable and exposed, in addition to heavy fines that can lead to a criminal record, to the closure of their establishments, to the decision - either as a precautionary measure or as a firm penalty - to have their companies placed under judicial intervention, to the suspension of their activity and even to the dissolution of the legal person itself. There can be no room for impunity in the prosecution of crime because it is an eternal experience that where there is impunity there is crime, and the digital sphere must not become a space in which the rights and freedoms of citizens are unprotected. Authorities, companies and individuals must prioritise the various types of action that must be taken to combat this veritable wave of crimes that jeopardise the security of companies and individuals.

At stake is the full development of the potential of the digital economy and commerce that has come to bring us closer to an infinite "world", and not allowing the threats that come from crime, now digitised, to run rampant in a context called to be an absolutely essential vector of development and economic activity for any society that aims not only to be at the forefront of the digital revolution, but not to be left behind in the increased digital disruption we are experiencing.

End of main content