Three quarters of companies (75%) have fallen victim to a fraud incident in the past year, a rise of 14 percentage points in just three years, according to Kroll.
The findings reveal the biggest fraud threat to companies comes from within. Of those companies where fraud occurred and the perpetrator was identified, four in five (81%) suffered at the hands of at least one insider, up from 72% in the previous survey.
More than one in three victims (36%) experienced fraud at the hands of a member of their own senior or middle management, 45% at the hands of a junior employee, and for 23%, the fraud resulted from the conduct of an agent or intermediary.
Similarly, among companies that experienced information/data loss, theft or attack over the past 12 months, the most common cause was employee malfeasance, involved in 45% of incidents, with vendor/supplier malfeasance involved in 29% of incidents. By comparison, only a small minority involved an attack by an external hacker on the company itself (2%) or on a vendor/supplier (7%).
One in three (33%) executives responding to the survey cite high staff turnover as the main driver of increased exposure to fraud. This is more than twice as many who named the next highest driver of vulnerability to fraud, greater outsourcing (16%).
“One of the most telling results from this year’s report is how vulnerable to fraud companies are feeling. In one form or another, the specter of fraud arises in virtually every business relationship. What our report drives home is that fraud is often an “inside job” and that companies must address both internal and external relationships if they are to most effectively protect their money, property and private data,” said Daniel Karson, Chairman, Kroll.
Overall, 69% of businesses suffered a financial loss as a result of fraud, up from 64% in the previous survey. Theft of physical assets was the most common fraud experienced (22%), followed by vendor, supplier or procurement fraud (17%) and information theft (15%).
Increase in vulnerability to fraud
Four in five respondents (80%) believe their organizations have become more vulnerable to fraud in the past year. Executives expressed particular concern around areas such as cyber risks, with more than half of respondents (51%) believing they are highly or moderately vulnerable to information theft. This increased awareness level has led to growth in the number of companies proactively looking after their information security requirements, with two-thirds (67%) reporting that they regularly conduct data and IT infrastructure assessments. A majority of respondents report they have an up-to-date information security incident response plan (60%) and have tested it in the past six months (59%).
The globalization of businesses increases fraud risk
In a global marketplace where many international businesses have thousands of companies in their supply chain, risks become more difficult to identify and keep under control. Executives say their companies are particularly at risk of threats such as vendor, supplier or procurement fraud, with half of respondents (49%) feeling highly or moderately vulnerable to this type of incident.
Some 40% of respondents felt highly or moderately vulnerable to corruption and bribery, another type of fraud that has the propensity to increase as companies expand geographically into new territories.
Indeed, in the past year, 72% of companies were dissuaded from operating in a particular country or region because of the heightened exposure it would bring to fraud. Latin America (cited by 27% of all respondents) was the region which saw most businesses turn away, but the other perennial region of concern, Africa, was not far behind (22%).
Whistleblowers: key defense against insider fraud
In the past year, a whistleblower was at least partially responsible for exposing 41% of cases of fraud that were uncovered. This is well ahead of the next two most frequent sources of discovery, external audits (31%) or internal audits (25%).
The findings show that anti-fraud efforts can have an impact on the threat from within. Of those firms hit by fraud where the perpetrator was known, only 20% of those with management controls in place suffered at the hands of a senior or middle manager, compared to 31% of firms without such controls.
In an environment where insiders are the source of the problem, other employees who observe or become aware of what fraudsters are doing are the company’s strongest defense.
Daniel Karson observed: “While technology has enabled new ways to perpetrate fraud, our daily work with clients confirms what the report also reveals — that old fashioned theft, bribery and kickbacks are still amazingly effective and pervasive. Human nature being what it is, fraud will always be with us, whether it occurs in a company’s corner office or a world away in its supply chain. However, there are numerous strategies, resources and best practices available to companies that can go a long way toward helping them protect themselves and their investments.”