Fraud rates dipped slightly this year, according to figures from the Kroll Annual Global Fraud Report. But, increasingly, it is being committed by the folks right under your nose at work Fraud cost organizations 2.1 percent of earnings in the past 12 months, which is equivalent to a week of revenues over the course of a year, according to the Kroll Annual Global Fraud Report, a recent survey that polled more than 1,200 senior executives worldwide. The research does contain some good news, however, and found a decline in the frequency of fraud over last year. Of the executives polled, 75 percent suffered some kind of fraud-related loss in the last 12 months, which is down from 88 percent the year prior.However, fraud remains predominantly an inside job, according to the report, and insider jobs increased this year. The 2011 figures show that 60 percent of frauds are committed by insiders, up from 55 percent last year. [Also see: Social engineering: 4 ways criminal outsiders get inside]“It’s important to keep in mind these are only the cases in which the perpetrator is known,” said Richard Plansky, Senior Managing Director in Kroll’s Business Intelligence and Investigations practice. “I think it’s a fair inference that the percentage is actually significantly higher when we take into account all fraud cases. From what we are seeing here over the last seven years, this exact finding is a reflection of an economy that is increasingly information based.” And that translates into more concern among executives, said Plansky. Overall, fraud concerns among executives around the globe rose approximately 15 percent, led by information theft and corruption and bribery. Half of all companies surveyed said they are moderately to highly vulnerable to information theft, up from 38 percent in 2010. IT complexity is the leading cause of increasing fraud exposure, cited by 36 percent of respondents compared with 28 percent last year. [Also see: What security can learn from the $15M Sprint Breach]“Compared to just ten years ago, more and more, the value of a company is not contained in tangible things. It’s contained in the company’s ideas, and those ideas tend to live on information systems in the form of digital data,” said Plansky. “That’s where the value of a company lives and insiders have tremendous access to that information. Here’s a place where technology is truly a double-edged sword. These wonderful, sophisticated IT systems make critical data easy to access for a wide range of employees. That’s the upside. But the downside is also that it makes critical data easy to access for a wide range of employees.” Indeed, information-based industries reported the highest incidence of theft of information and electronic data; including financial services (29 percent), technology, media and telecoms (29 percent), healthcare, pharmaceuticals and biotechnology (26 percent) and professional services (23 percent). Roughly one in four companies were hit by physical theft of cash, assets and inventory or information theft, both down from 2010. Management conflict of interest (21 percent), vendor, supplier or procurement fraud (20 percent) and internal financial fraud (19 percent) all saw notable increases. The incidence of corruption and bribery nearly doubled over the past year from 10 to 19 percent. Plansky said among some of the more surprising findings was that executives reported they felt unprepared to deal effectively with corruption. According to the survey, only 27 percent of respondents said they are well-prepared to comply with regulations, such as the Foreign Corrupt Practices Act and UK Bribery Act. Of those companies that are subject to one of these two laws, less than half, 43 percent, have trained senior management, agents, vendors and foreign employees to be compliant with one of these laws, and just 39 percent have assessed the risks arising from them, the report said. Only 37 percent of companies surveyed believe that their due diligence provides a sufficient understanding of a potential partner’s or investment target’s compliance with these acts. “This is remarkable because the consequences of running afoul (of these laws) can be devastating,” said Plansky. “These respondents are sophisticated business people. They understand these are issues and it’s causing anxiety. I think as a result you are going to see increased attention to this.” Related content feature What’s a cyber incident response retainer and why do you need one? Whether you need to hire a team to respond to any and all cyberattacks or just some hired guns to boost your capabilities, incident response retainers can ensure you’re covered. By Linda Rosencrance Sep 27, 2023 8 mins Cyberattacks Cyberattacks Cyberattacks brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe