freshidea - stock.adobe.com
UK organisations failing to take action against fraud
UK organisations are facing increasingly complex and costly incidents of fraud partly due to increasing cyber fraud, yet few are making use of the anti-fraud technologies available, a survey has revealed
Half of UK organisations say they have been the victim of fraud and/or economic crime in the past two years, the PwC’s ninth biennial Global Economic Crime & Fraud Survey shows.
More than half (51%) of the most disruptive instances of fraud in the UK resulted in losses of more than £72,000, compared with just 37% globally, while nearly a quarter of UK victims (24%) lost more than £720,000, according to the poll of more than 7,000 business decision-makers across 123 countries, including 146 from the UK.
Despite these losses, the survey report said not enough is being done by UK organisations to actively prevent fraud, with only half of respondents carrying out a fraud risk assessment in the past two years – which is an important first step in the process to allow for the right prevention measures to be put in place.
“The cost of fraud to UK business continues to increase, due in part to the increasing threat from cyber fraud,” said Fran Marwood, forensics partner at PwC.
“While the direct losses are quantifiable, the wider effects can be far more damaging,” she said. “UK organisations told us the cost and disruption of sorting out the aftermath, as well as the effect on employee morale, business relations and brand, are big hidden costs.”
Times of uncertainty and change, said Marwood, often help fraudsters to exploit weaknesses in an organisation’s systems. Therefore, in this current period of rapid business change, understanding the risks and possible avenues for attack is more crucial than ever.
“But, against this backdrop, only half of UK businesses are currently analysing the risks posed to them by fraud,” she said.
Untapped technology potential in tackling crime
This year’s study shows a shift towards technology-enabled crime, bribery and corruption, and procurement fraud. Cyber crime was the most prevalent, affecting 49% of UK of economic crime victims and 31% globally.
Cyber crime overtook asset theft (32%) as the top fraud for the first time since the survey began in 2002, followed by procurement fraud and bribery and corruption (bot at 23%), and business misconduct and money laundering (both at 21%).
More than four in 10 respondents expect cyber crime to continue to be the most serious in terms of business impact in the coming two years.
“Much of the cyber crime in the UK comes from external overseas threats, and as the world’s fifth-largest economy, it’s no surprise the resources of UK organisations are seen as an attractive target by global fraudsters,” said Marwood.
“Over half of respondents reported suffering phishing attacks, which are done on a large scale to play the odds. But ultimately, cyber defence relies on people understanding the threat, and therefore training, awareness and escalation routes are just as important as defensive technology,” she said.
Relying on people over technology
Despite being faced with an ongoing flow of fraudulent activity, the research suggests UK organisations are relying heavily on people with the skills to detect it, rather than employing more advanced technologies. General anti-fraud controls were reported to be the most successful detection method (uncovering 19% of frauds), followed by tip-offs and whistleblowing (16%), and internal audits (15%).
While the majority of organisations are using technology to monitor or detect fraud in some way, it is not always performing particularly well. Suspicious activity monitoring spotted 10% of fraud, but data analytics detected only 1%, down from 8% according to the same study two years ago.
Anti-fraud technology has much more to offer, according to the report, which said UK organisations are behind the global average in its uptake, with around one in five saying they had no plans to look at more advanced techniques, such as predictive analytics (19%) or machine learning (22%), to combat or monitor fraud in future.
“Technology is opening up new avenues for fraudsters, but also providing new and innovative ways of protecting against it. As economic crime continues to remain high, it underlines the need for new approaches, and UK organisations are missing out on opportunities to detect anomalies in their data that might indicate fraud,” said Marwood.
“It’s not about just plugging in a new piece of technology and hoping that solves the problem alone. It’s about harnessing the combined power of skilled people and the right technologies to stand the best chance of tackling the problem,” she said.
External actors
The survey also found that more than half (55%) of UK frauds were committed by external actors, compared with a global average of 40%, and of the fraud carried out by internal parties (33%), half were committed by senior management, up from 18% in 2016, and double that of the global average (24%).
The data shows a sharp increase in reported bribery and corruption in the UK, up from 6% in 2016 to 23% in this year’s study. This is more likely to be as a result of the positive stance the UK has taken on anti-bribery measures, including the Bribery Act introduced in 2010, leading to increased transparency rather than an actual rise in cases, the report said.
Read more about fraud
- UK business urged to do more as ID fraud continues to rise.
- The UK fraud prevention service is calling for better education about fraud and financial crime as identity fraud, which is often cyber-enabled, hits the highest levels ever recorded.
- Banking malware, DDoS, ransomware and CEO fraud top UK cyber threats.
- UK fraud prevention service Cifas is calling on the government to make tackling cyber and other financial crime a priority.
UK organisations are spending more than ever on compliance, the survey found, with 54% reporting an increase in their compliance spend in the last two years, compared with 42% globally.
“The increase in reported bribery is of particular interest, coming at a time when UK business is ahead of most global territories from a compliance perspective, largely as a result of measures required by the UK Bribery Act.
“The effectiveness of these measures, the additional ethical due diligence being done and the huge compliance resources introduced over the last few years are clearly succeeding in flushing out historic cases,” said Marwood.
“While increased levels of reported crime can’t always be directly equated to the actual crimes increasing, the study certainly shows a greater awareness and understanding of the various types, perpetrators, impacts and costs of fraud amongst UK organisations.
“However, there’s still more business can do, particularly in understanding and acting on the specific risks they face from fraud, cyber threats and bribery, as well as investing in people and technology to combat the evolving threat.”
Read more on Hackers and cybercrime prevention
-
What do the home secretary’s policing reforms mean for the future of the Police Digital Service?
-
Police Digital Service staff arrests: Everything you need to know
-
Europol offers law enforcement agencies data on Europe’s most threatening crime networks
-
Two-thirds of UK organisations defrauded since start of pandemic