GO
Loading...

Companies still blasé over cybercrime: EY

Rwasserman | iStock /360 | Getty Images

International companies remain blasé about the threat of cyberattacks, despite a number of high-profile and costly breaches, according to a major survey out on Wednesday.

Several well-known companies have reported cyberbreaches in recent months, including eBay, retailers Target and Neiman Marcus, and credit information provider Experian.

However, nearly half of top executives still view cybercrime as a low risk, an annual survey by professional services firm EY found. This was based on phone interviews with 2,700 managers across 59 countries in the Americas, Asia-Pacific, Europe, the Middle East and Africa.

"It may be that the nature of the threat is misunderstood, with 48 percent of respondents being most concerned with the risks posed by hackers, compared with significantly lower proportions concerned by potentially more damaging threats such as organized crime or 'advanced persistent threats,'" said David Stulb, head of fraud investigation and dispute services, in EY's 13th global fraud report.

Read MoreCybercrime costs world $400 billion

Stulb told CNBC Wednesday that his division's work had quadrupled over the last 18 months, due to the increase in cyberbreeches.

"In the post-Snowden environment, Snowden is now famous. But as opposed to focusing on state-sponsored espionage, really for us, the story is about activism, organized crime and individuals that make breeches," he said morning.

Some markets showed a higher level of concerns, with 70 percent of U.S. respondents and 72 percent of Japanese respondents viewing the risk as high.

However, in other countries the levels were unexpectedly low: in Singapore, the Netherlands and Canada less than 35 percent perceived the risk as large.

"Japan has very good cyberbreech technology on the defensive side. Economies that are technologically orientated tend to be better protected," Stulb told CNBC.

Read MoreReputation.com: Apple could revolutionize privacy

The lackadaisical attitude displayed by some businesses contrasted with the stern messages from global regulators and governments.

In a speech in March, Mary Jo White, the chair of the U.S. Securities and Exchange Commission, said the international cyberthreat was of "extraordinary and long-term seriousness".

In the same month, Francis Maude, U.K. minister for the Cabinet Office, said 93 percent of large corporations had suffered a cyberbreach in the past financial year, at an average cost of between £450,000 ($755,145) and £850,000 ($1.43 billion).

More recently, the Bank of England on Tuesday publically launched CBEST, a voluntary framework for improving banks' cyber defenses. The Bank urged financial institutions to hire hackers to test their vulnerability to cybertheft and other crimes.

"There is not a government in the world that is not providing advice to corporates on how they can better protect intellectual property," said Stulb.

Read MoreStories about cybersecurity

In addition, the report warned of signs that companies were suffering from "compliance fatigue". For instance, the number of respondents who had completed anti-bribery and corruption training had declined since 2013 to below 50 percent.

"These results show that compliance efforts may be at risk of losing momentum and of not having the lasting impact that they need to have to protect organizations from the clear threats of fraud, bribery and corruption," Stulb wrote.

Contact Cybersecurity

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More

Squawk Alley