Endpoint
10/16/2012
03:54 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Significant Spike In Internal Fraud Over Past Year, Kroll Global Fraud Report Reveals

Information theft is widespread; U.S., Indonesia, and Russia report highest levels worldwide

NEW YORK, Oct. 16, 2012 – Internal fraud increased significantly, according to the 2012/2013 Kroll Advisory Solutions' Global Fraud Report released today. This year's study shows that over two-thirds of corporate frauds are committed by insiders, up for the second year in a row from 60% last year and 55% in 2010. Fraud continues to hit many global companies with more than six in 10 companies reporting they were affected by fraud last year. The findings are contained in a study commissioned by Kroll Advisory Solutions with the Economist Intelligence Unit of more than 800 senior executives worldwide.

Information theft remains one of the most widespread frauds facing companies. Its slight decline --21 percent of companies are affected this year compared with 23% in the last survey--shows that it is more resilient than some other frauds, which saw much greater declines. Moreover, it remains the fraud to which respondents feel most vulnerable. Thirty percent say they are moderately or highly so and cite IT complexity as the leading cause of increased exposure to fraud risk. Surprisingly, it is employees, rather than hackers, who are more to blame for the loss of information. Where there has been a loss, 35% of the time the issue is employee malfeasance, more than twice the rate at which external hackers are to blame (17 percent).

This year's study sheds new light on how fraudsters interact when perpetrating frauds. Despite a decline in the overall prevalence of fraud from 75% to 61% globally, there is a continued rise in insider fraud; a key finding is that fraudsters tend either to act alone or cooperate with peers rather than with members of outside groups such as vendors or suppliers. Those acting alone tended to be insiders – junior employees, senior managers, or agents of the company. The study also found that when a fraud involves more than one type of perpetrator, external parties are more often involved. More than four in ten companies (43 percent) affected by multi-perpetrator fraud reported that suppliers were involved, while 37% of the same group reported that vendors participated.

"The fact that overall fraud is down globally reflects the focus and consideration that major corporations are paying to the issue," said Robert Brenner, Senior Managing Director and Practice Leader Americas, Kroll Advisory Solutions Investigations & Disputes Group. "However, most of those efforts have been directed at external threats. The results this year demonstrate that companies must turn their attention inward. In particular, firms need to make protection of confidential information and electronic data a top priority."

The study shows that the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act are having an impact on reducing corruption. More than half (52 percent) of companies said they conducted a thorough assessment of risks to their organization, up from 26% last year, and more (55 percent) also trained senior managers appropriately and integrated corruption issues into their due diligence activities (50 percent). The marked rise in compliance activity has coincided with a fall in the prevalence of corruption from 19% to 11% during the past year. Such compliance regimes may also be opening up investment opportunities for companies. Of the companies that took all of the above steps, 20% were dissuaded by fraud from investing abroad, while the figure was 31% for those companies who have not taken those steps.

Other key findings include:

· Concern about fraud is dropping faster than fraud itself. Consistently and across all industries and geographies, fraud concerns have abated. In particular, the number of respondents saying that they were moderately or highly vulnerable to information theft has fallen from 50% to 30%, even though only two percent fewer companies reported being hit by this fraud. These findings suggest many companies have become overconfident about their vulnerability to fraud, which likely increases their risks. Companies that lose the most to fraud are those that are less likely to have fraud controls in place.

· Emerging markets continue to report high levels of fraud: Africa retains its position as the region with the largest fraud problem. Despite some improvement in the fraud environment, the decline in overall fraud prevalence, from 85% to 77%, was less marked than in other regions. Outside of Africa, India has the highest number of companies affected by fraud of any region or country (68 percent), followed by Indonesia (65 percent). Eight of the 10 frauds covered in the survey were more widespread in India than they were globally. Indonesia experienced the highest rate of information theft (35 percent) among countries surveyed.

· Developed markets also report significant levels of fraud. Following Indonesia, the U.S. and Russia tied at 26% for the highest rates of information theft compared with the global average of 21%. Even though the overall prevalence of fraud has decreased in Europe, the percentage of companies affected by at least one fraud, 63%, is slightly higher than the global average. And while the number of businesses in the United States hit by at least one fraud was down (to 60% from 65% last year), the decline was significantly less than the global average.

· Fraud varies across industries: Companies in the manufacturing sector saw a substantial increase in the incidence of fraud, with 87% affected. Moreover, eight of the 10 frauds tracked for this survey became more common this year among manufacturers. Manufacturing also experienced the highest levels of theft of physical assets (50 percent), corruption and bribery (29 percent), management conflict of interest (27 percent), vendor or procurement fraud (23 percent) and IP theft (13 percent). The financial services sector had the highest level of internal financial fraud (25 percent) and regulatory or compliance breach (16 percent) of any industry, and the second largest rate of IP theft (10 percent). Of all the companies surveyed, those in the consumer goods sector recorded the second lowest overall number of companies affected by fraud (51 percent) and the lowest average losses (0.4 percent of revenue).

The sixth Kroll Annual Global Fraud Report includes a full detailed industry analysis across a range of fraud categories and regions. To obtain a copy please visit www.kroll.com/fraud

Notes to editors

Please click 2012/2013 Kroll Global Fraud Report fact sheetfor key findings and graphics, including a detailed look at the industries, regions and types of fraud covered in the report.

Methodology

Kroll commissioned The Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2012. A total of 839 senior executives took part in this survey. Over one quarter of the respondents were based in North America (26 percent) and Europe (28 percent), 24% from the Asia-Pacific region, 13% from Latin America, and 10% from the Middle East & Africa.

Ten industries were covered, with no fewer than 50 respondents drawn from each industry. The highest number of respondents came from the financial services industry (17 percent). One half of the companies polled had global annual revenues in excess of $500 million.

Contacts

Europe North America

Meredith Foster Mary McCeney

Kroll MSL Group

T: + 44 (0)20 7029 5168 T: + 1 646 500 7738

E: mfoster@kroll.com E: mary.mcceney@mslgroup.com

Latin America Asia

Amy Malsin Vanessa Frida

Kroll Kroll

T: + 1 212 833 3363 T: + 65 6645 4947

E: amalsin@kroll.com E: vfrida@kroll.com

About Kroll Advisory Solutions

Kroll Advisory Solutions, a global leader in risk mitigation and response, delivers a wide range of solutions that span investigations, due diligence, compliance, cyber security and physical security. Clients partner with Kroll Advisory Solutions for intelligence and insight to drive confident decisions about protecting companies, assets and people.

Kroll Advisory Solutions has 40 years of experience meeting the demands of businesses around the world. Headquartered in New York with offices in 29 cities across 17 countries, Kroll Advisory Solutions has a multidisciplinary team of 700 employees. Kroll Advisory Solutions is an Altegrity company. Learn more at www.krolladvisory.com.

About The Economist Intelligence Unit

The Economist Intelligence Unit (EIU) is the world's leading resource for economic and business research, forecasting and analysis. It has provided accurate and impartial intelligence for companies, government agencies, financial institutions and academic organizations around the globe, inspiring business leaders to act with confidence since 1946. The EIU is headquartered in London, UK, with offices in more than 40 cities and a network of some 650 country experts and analysts worldwide. It operates independently as the business-to-business arm of The Economist Group, the leading source of analysis on international business and world affairs. More information is available at www.eiu.comor follow us on twitter.com/theeiu

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.