The Case for a Data Governance Framework: Part 1

This statistic alone is pause for thought, particularly since this rate only relates to ‘reported’ cyber incidents. It is more likely that a cyber incursion strikes every two or three minutes in Australia when ‘unreported incidents’ are included. 

More opaque to business leaders making annual judgements about cybersecurity investments, is the scale and sophistication of the global cybercrime industry. Online scams are no longer just small-time frauds carried out by lone criminals in dark corners of the internet. Instead, they have evolved into a vast, organised and highly sophisticated global enterprise, stealing over US$500 billion annually from victims worldwide, according to a recent report in The Economist. 

This cybercrime industry is comparable in size and complexity to the illegal drug trade, but in many ways, it’s even worse. Unlike drugs, which require physical transactions and distribution networks, online scams can target anyone, anywhere, anytime – with just a message, an email or a fake social media profile. 

Scammers prey on human emotions and vulnerabilities, using psychological manipulation, advanced technology, and even AI-driven deception to trick businesses and individuals out of their money. And worse still, many scammers themselves are victims, forced into cybercrime operations under conditions akin to modern slavery.

One of the most devastating scams is known as “pig-butchering” or ‘sha zhu pan’, in Chinese criminal slang. The process is methodical and ruthless designed to exploit trust and manipulate victims into financial ruin. They begin by building the sty, creating fake social media profiles and online personas to lure unsuspecting individuals. Next, they select the pig, identifying vulnerable targets – whether emotionally fragile, financially unstable, or simply seeking companionship. Over weeks or months, they fatten the pig, building deep trust by posing as romantic partners, mentors or financial advisors. Finally, they slaughter the pig, convincing victims to invest in fraudulent crypto platforms or fake financial schemes, draining their funds before vanishing completely.  

The level of deception is staggering. Victims have included highly educated professionals, scientists and business leaders. Scammers use detailed scripts, emotional manipulation and psychological tricks to keep victims hooked until every possible cent has been extracted. 

Cyber scams have now become the most common crime in countries like Singapore, where cases have skyrocketed in recent years. According to The Economist, the United Nations estimates that in 2023, nearly 250,000 people were working in cybercrime operations in Cambodia and Myanmar alone. Some estimates put the global number of scammers at 1.5 million, spread across call centres, fake investment firms, and cybercrime hubs. Victims have lost millions, including a Minnesota man who lost $9.2 million and a rural Kansas bank CEO who pilfered $47 million under the influence of a fake online persona named “Bella.” A part-time pastor, he also stole from his church. 

Many of the scammers themselves are victims. Thousands of people – often young workers from Southeast Asia, Africa, and South Asia – are trafficked, imprisoned and forced to scam others under threat of violence. These compounds operate like prison camps, with dormitories and gambling dens, and even torture areas for those who refuse to comply. 

The cybercrime machine is arguably more dangerous and harder to combat than the illegal drug trade because anyone can be a target. Unlike drugs, which require users to actively seek out and purchase substances, scamming can happen to anyone, anywhere. You don’t have to be “reckless” or “greedy” to fall for a scam – many victims are cautious professionals who simply trust the wrong person. Scammers are experts at manipulation, targeting loneliness, grief, greed, or fear. Financial fraud is often untraceable, leaving victims with little to no recourse. 

Additionally, cybercrime operations are beyond the law’s reach. According to The Economist, many scammers operate from lawless zones in Cambodia, Myanmar, Laos and the Philippines, where corrupt politicians and law enforcement turn a blind eye. In some cases, crime syndicates have infiltrated local governments. For example, Alice Guo, a Chinese national, became mayor of a small Philippine town and used it to build a massive scamming complex there with about 30 buildings where over $400 million passed through her bank accounts between 2019 and 2024. Unlike the drug trade, which has international task forces and clear legal frameworks, cybercrime laws are often weak, outdated or unenforceable across borders. 

Advanced technology and AI are supercharging scams. Malware and spyware allow criminals to harvest sensitive data from victims’ devices. Deepfake technology is making scams even more convincing. In one case, an employee in Hong Kong was tricked into paying $25 million after a deepfake video call perfectly mimicked his colleagues and boss. AI-driven voice cloning allows scammers to impersonate family members, business executives or government officials with chilling accuracy. With AI-driven analytics, criminals will soon be able to scan massive data sets to find ideal targets such as wealthy, lonely or recently bereaved individuals who are statistically more likely to fall for scams. 

Fighting cybercrime is an uphill battle, but some strategies can help curb the crisis. On a macro level, law enforcement globally must treat online scams as a major transnational crime, not just a minor nuisance. Singapore has pioneered a real-time “nerve centre” where police, banks and e-commerce platforms collaborate to track and freeze scam transactions instantly. Countries must share intelligence, enforce cybercrime laws more aggressively and target the criminal networks behind these operations.  

Additionally, financial institutions, tech companies and social media platforms must take a more proactive role in fighting cybercrime. Stronger identity verification can prevent scammers from creating fake profiles. AI-driven fraud detection systems can help banks flag suspicious transactions in real time. Social media platforms must crack down on scam-related ads and fake accounts that lure victims into fraudulent schemes. 

Countries like Singapore are rolling out scam alerts in public transport systems and banking apps. People need to recognise the warning signs of scams, such as unsolicited investment advice, online romantic interests who push financial schemes, or ‘too-good-to-be-true’ job offers. Victims must be encouraged to report scams rather than feeling ashamed – stigma only protects criminals. 

Just as scammers are using AI to enhance fraud, businesses and governments must use AI to counteract cybercrime. Machine learning algorithms can detect scam patterns before they cause major damage. AI-powered voice authentication can prevent deepfake-based fraud attempts. 

Cybercrimes are not just financial crimes – they are human tragedies. People lose life savings, homes, and even loved ones due to these sophisticated frauds. The mental and emotional toll on victims can be devastating. Unlike the drug trade, there is no way to regulate or “legalise” cybercrime – the only solution is to fight it head-on with global cooperation, advanced technology, and aggressive law enforcement. Governments, businesses and individuals must wake up to the scale of cybercrime before it becomes even more unstoppable.

Given the frequency of cyber breaches in Australia, the scale and sophistication of the cybercrime industry globally and the vulnerability of businesses and individuals to be scammed, it is now imperative that businesses put in place an effective data governance framework to keep data safe and private. But, what does an effective Data Governance Framework look like? In part 2, we outline the fundamentals of a Data Governance model that will set a productive cultural tone for data in your business.  

Bill Owens, Managing Director of Veracity, has decades of experience in global business consulting and technology and is committed to raising digital literacy levels of business leaders across Australia. Bill often presents to Boards and senior leaders on data governance, privacy, AI, and cybersecurity to help leaders feel at ease discussing and making decisions about tech and IT.

Continue the conversation on LinkedIn at Digital Literacy for Leaders.