Most fraud is an inside job, says survey

Rates of fraud dipped slightly this year, according to a report, but it's increasingly committed by folks right under your nose

Fraud cost organizations 2.1 percent of earnings in the past 12 months, which is equivalent to a week of revenues over the course of a year, according to the Kroll Annual Global Fraud Report, a recent survey that polled more than 1,200 senior executives worldwide.

The research does contain some good news, however, and found a decline in the frequency of fraud over last year. Of the executives polled, 75 percent suffered some kind of fraud-related loss in the last 12 months, which is down from 88 percent the year prior.

[ 2011's top cyber security concerns were malicious code, employees run amok. | Prevent corporate data leaks with Roger Grimes's "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. ]

However, fraud remains predominantly an inside job, according to the report, and insider jobs increased this year. The 2011 figures show that 60 percent of frauds are committed by insiders, up from 55 percent last year.

[Also see: Social engineering: 4 ways criminal outsiders get inside]

"It's important to keep in mind these are only the cases in which the perpetrator is known," said Richard Plansky, senior managing director in Kroll's Business Intelligence and Investigations practice. "I think it's a fair inference that the percentage is actually significantly higher when we take into account all fraud cases. From what we are seeing her over the last seven years, this exact finding is a reflection of an economy that is increasingly information based."

And that translates into more concern among executives, said Plansky. Overall, fraud concerns among executives around the globe rose approximately 15 percent led by information theft and corruption and bribery. Half of all companies surveyed said they are moderately to highly vulnerable to information theft, up from 38 percent in 2010. IT complexity is the leading cause of increasing fraud exposure, cited by 36 percent of respondents compared with 28 percent last year.

[Also see: What security can learn from the $15M Sprint Breach]

"Compared to just 10 years ago, more and more the value of a company is not contained in tangible things, it's contained in the company's ideas, and those ideas tend to live on information systems in the form of digital data," said Plansky. "That's where the value of companies lives and insiders have tremendous access to that information. Here's a place where technology is truly a double-edged sword. These wonderful sophisticated IT systems make critical data easy to access for a wide range of employees. That's the upside. But the downside is also that it makes critical data easy to access for a wide-range of employees."

Indeed, information-based industries reported the highest incidence of theft of information and electronic data; including financial services (29 percent), technology, media and telecoms (29 percent), health care, pharmaceuticals and biotechnology (26 percent), and professional services (23 percent).

Roughly one in four companies were hit by physical theft of cash, assets and inventory or information theft, both down from 2010. Management conflict of interest (21 percent), vendor, supplier or procurement fraud (20 percent), and internal financial fraud (19 percent) all saw notable increases. The incidence of corruption and bribery nearly doubled over the past year from 10 to 19 percent.

Plansky said among some of the more surprising findings was that executives reported they felt unprepared to deal effectively with corruption. According to the survey, only 27 percent of respondents said they are well-prepared to comply with regulations, such as the Foreign Corrupt Practices Act and U.K. Bribery Act. Of those companies that are subject to one of these two laws, less than half, 43 percent, have trained senior management, agents, vendors and foreign employees to be compliant with one of these laws, and just 39 percent have assessed the risks arising from them. Only 37 percent of companies surveyed believe that their due diligence provides a sufficient understanding of a potential partner's or investment target's compliance with these acts.

"This is remarkable because the consequences of running afoul (of these laws) can be devastating," said Plansky. "These respondents are sophisticated business people. They understand these are issues and it's causing anxiety. I think as a result you care going to see increased attention to this."

This story, "Most fraud is an inside job, says survey" was originally published by CSO .

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies