- The number of fraud and cybersecurity incidents keeps climbing, according to the Kroll Annual Global Fraud and Risk Report. The percentage of companies worldwide experiencing a fraud incident reached 84% in 2017, up from 82% in the year before, according to a press release. Fraud levels have increased every year since 2012, when 61% of companies reported such incidents.
- There is an escalating threat to confidential information as well, with 86% of executives saying their companies experienced a cyber incident or information theft, loss, or attack over the past 12 months, slightly up from 85% in 2016. Seventy percent reported they had sustained at least one security incident during the past year, compared to 68% the previous year.
- Survey respondents said they are experiencing a heightened sense of vulnerability to fraud, cyber and security risks. Information-related risks are now the area of greatest concern. Criminals and other threat actors keep finding new ways to monetize confidential data, and personal data and data assets are becoming increasingly valuable and attractive targets.
This was the first time in the 10-year history of the Kroll Report when information theft, loss or attack was the most prevalent fraud, according to a press release. It was cited by 29% of respondents, up 5 points from the 2016 report, and surpassed the theft of physical assets or stock, the most common type of organizational loss in the past, which this year ranked second, at 27%.
Cyber attacks are one of the most persistent threats to confidential data, but the occurrences of every type of cyber incident included in the survey increased.
In addition to the high incidence levels, survey respondents said the consequences of fraud, cyber and security events were also costly and wide-ranging. They affected employees and customers, as well as the organization's reputation and bottom line.
There are mounting concerns among executives in the sample about their companies' potential exposure to fraud, cyber and security risks. Information-related risks are the top worries for respondents across every risk category, and 57% of respondents said their companies are highly or somewhat vulnerable to information theft, loss, or attack, which is a 6% increase from the previous survey.
Former employees and insiders pose the greatest threat. Respondents reported that fraud, cyber, and security incidents are often inside jobs committed by management or current, former, or temporary and/or freelance employees. Of those who reported an incident of fraud, 81% said one or more insiders were perpetrators. Among those reporting cyber incidents, 58% said the perpetrator was an insider.
Nearly all of the anti-fraud measures listed in the survey were widely adopted by over 70% of respondents. Information controls was the most widely implemented anti-fraud measure, by 78%.
The top three cyber risk mitigation measures that executives expect their companies to implement in the next 12 months all address the problem of intrusions, including device-based intrusion detection systems (57%), endpoint threat monitoring tools (55%) and network-based intrusion detection systems (54%).
"In the face of these mounting threats, organizations seeking to manage and mitigate the possibility of loss must take a holistic approach to enterprise risk management and implement diverse and layered measures that can enhance their ability to anticipate, detect, and respond to threats rooted not only in human error or intentional misconduct, but also in technological or internal control gaps,"David Fontaine, chief executive officer of Kroll, said in a statement.