Ruslan Grumble - Fotolia

Fraud rises but Australian businesses fail to heed data

Fraud is costing Australian businesses billions of dollars, but many are failing to address the threats from insiders

Fraud costs Australia $8.5bn a year – almost a third of the total cost of crime in the nation, according to the Australian Institute of Criminology – but a report from Deloitte suggests business is still failing to properly protect itself.

Analysing fraud in Tasmania, which provides a single state snapshot of the national problem, Deloitte found that total fraud rates have risen by 18% since 2011/12, with computer fraud now accounting for 15% of all incidents.

More than half of all frauds were perpetrated by insiders, the exception being in financial services, where 67% of frauds were external, compared with 33% having an internal genesis.

Although 27% of organisations reported being victims of fraud in the past two years, only 29% of respondents said they were using any form of data analytics to detect and prevent fraud – 69% were not.

Deloitte's Tasmania-based managing partner, Carl Harris, said although the majority of incidents involve losses of less than A$5,000 (£2,304), the largest reported fraud was above A$200,000. Raw financial losses, however, are just the tip of the iceberg, he said.

“In today's business environment, where an incident has the potential to cause reputational damage, revenue pain, loss of market opportunities, severe penalties and greater regulatory scrutiny, the costs can often far exceed the dollar value of the fraudulent act,” said Harris.

Read more about IT security in Australia

The dollar costs, however, cannot be overlooked.

Tim Tribe, a forensic expert brought to Australia by financial systems software supplier BlackLine to speak to its Asia-Pacific user group about the threat and cost of fraud, said it was important companies do more to limit the opportunities for fraud, which was currently costing companies the equivalent of 5% of revenues.

He said that just as fires required three factors – fuel, oxygen and a spark – fraud was dependent on a triangle of pressure on an individual, their ability to rationalise the act and opportunity.

“You can control the opportunity – that's where you get the bang for your buck,” said Tribe. A combination of process and systems monitoring would help, he said.

Disturbingly, Tribe said that generally companies were blind to a fraud for 18 months. Small businesses were particularly vulnerable and suffered the highest median costs.

Even when a fraud was detected, it was often a case of good luck rather than good management. Tribe said that in Asia-Pacific, the majority of frauds (53.9%) were uncovered when a fraudster was dobbed in. Management review only uncovered 11.7% of frauds, audit 10.9% and account reconciliation 6.3%, with “dumb luck” responsible for identifying the rest.

Read more on Application security and coding requirements