Most fraud is an inside job, says survey

Fraud cost organizations 2.1 percent of earnings in the past 12 months, which is equivalent to a week of revenues over the course of a year, according to the Kroll Annual Global Fraud Report, a recent survey that polled more than 1,200 senior executives worldwide.

The research does contain some good news, however, and found a decline in the frequency of fraud over last year. Of the executives polled, 75 percent suffered some kind of fraud-related loss in the last 12 months, which is down from 88 percent the year prior.

However, fraud remains predominantly an inside job, according to the report, and insider jobs increased this year. The 2011 figures show that 60 percent of frauds are committed by insiders, up from 55 percent last year.

[Also see: Social engineering: 4 ways criminal outsiders get inside]

“It’s important to keep in mind these are only the cases in which the perpetrator is known,” said Richard Plansky, Senior Managing Director in Kroll’s Business Intelligence and Investigations practice. “I think it’s a fair inference that the percentage is actually significantly higher when we take into account all fraud cases. From what we are seeing here over the last seven years, this exact finding is a reflection of an economy that is increasingly information based.”

And that translates into more concern among executives, said Plansky. Overall, fraud concerns among executives around the globe rose approximately 15 percent, led by information theft and corruption and bribery. Half of all companies surveyed said they are moderately to highly vulnerable to information theft, up from 38 percent in 2010. IT complexity is the leading cause of increasing fraud exposure, cited by 36 percent of respondents compared with 28 percent last year.

[Also see: What security can learn from the $15M Sprint Breach]

“Compared to just ten years ago, more and more, the value of a company is not contained in tangible things. It’s contained in the company’s ideas, and those ideas tend to live on information systems in the form of digital data,” said Plansky. “That’s where the value of a company lives and insiders have tremendous access to that information. Here’s a place where technology is truly a double-edged sword. These wonderful, sophisticated IT systems make critical data easy to access for a wide range of employees. That’s the upside. But the downside is also that it makes critical data easy to access for a wide range of employees.”

Indeed, information-based industries reported the highest incidence of theft of information and electronic data; including financial services (29 percent), technology, media and telecoms (29 percent), healthcare, pharmaceuticals and biotechnology (26 percent) and professional services (23 percent).

Roughly one in four companies were hit by physical theft of cash, assets and inventory or information theft, both down from 2010. Management conflict of interest (21 percent), vendor, supplier or procurement fraud (20 percent) and internal financial fraud (19 percent) all saw notable increases. The incidence of corruption and bribery nearly doubled over the past year from 10 to 19 percent.

Plansky said among some of the more surprising findings was that executives reported they felt unprepared to deal effectively with corruption. According to the survey, only 27 percent of respondents said they are well-prepared to comply with regulations, such as the Foreign Corrupt Practices Act and UK Bribery Act. Of those companies that are subject to one of these two laws, less than half, 43 percent, have trained senior management, agents, vendors and foreign employees to be compliant with one of these laws, and just 39 percent have assessed the risks arising from them, the report said. Only 37 percent of companies surveyed believe that their due diligence provides a sufficient understanding of a potential partner’s or investment target’s compliance with these acts.

“This is remarkable because the consequences of running afoul (of these laws) can be devastating,” said Plansky. “These respondents are sophisticated business people. They understand these are issues and it’s causing anxiety. I think as a result you are going to see increased attention to this.”