More than a quarter (28 percent) of public sector workers expect to suffer a cybercrime attack in their organisation in the next 12 months, according to a global survey from PricewaterhouseCoopers (PwC).
This is on top of the finding that public sector workers are significantly more aware of cybercrime this year, than PwC has found in its previous global economic crime surveys.
The report, 'Fighting fraud in government', found that this year, 14 percent of respondents from the public sector reported having experienced a cybercrime attack in the past 12 months. Previously, the response was so low that cybercrime was not counted as a separate category.
PwC also found that more than 40 percent of respondents perceived risk of cybercrime to be on the rise, although over half said the risk had stayed the same.
In addition, most public sector workers believed that the internal cybercrime threat was just as strong as the external threat. The IT department was perceived to pose the highest risk, closely followed by physical security, operations and finance.
"It is, however, important to ensure that all departments are sufficiently protected, including those viewed as low risks, such as HR and legal, especially given the confidential nature of information to which they have access," PwC said.
In terms of resources for dealing with cybercrime, PwC found that although more than half of respondents have the in-house capabilities to detect cybercrime, many were dependent on external investigators.
In addition, nearly half of public sector organisations did not have, or are not aware of having, emergency shut-down procedures in the case of a cyber attack.
Although PwC expects that the CEO and board should take responsibility of a cybercrime programme - which think tank Chatham House also argued last year - as they would the overall anti-fraud programme, the consultancy was surprised to find that only 20 percent of respondents believed that cybercrime was a board-level issue.
Nearly half of respondents believed that it was the CIO who was responsible.
"The most senior people within organisations are not placing enough emphasis on the importance of managing the real threats that cybercrime frauds present to their organisaitons, with nearly half of boards not reviewing the threat more frequently than annually.
"It is vital that executives accept more responsibility for managing and mitigating cybercrime risks and set an appropriate tone at the top. Leadership by a management team which instils a cyber risk-aware culture and ensures that all departments are aligned in the fight against fraud is key in order to succeed in today's environment," PwC said.
The 2011 Global Economic Crime Survey was completed by 184 respondents from the public sector from 36 countries. Thirty-one respondents were from the UK and Ireland.