evievee09 - Fotolia
This represents a 22% increase in the number of online crimes reported to Action Fraud compared with the previous year.
On average, each police force in the UK recorded more than £19.5m in losses by businesses in their area, but police say the true figure could be even higher as not all cyber crimes are reported.
Garry Lilburn, detective inspector at the Metropolitan Police's cyber crime unit, said that although current reporting mechanisms are “clunky” and there plans to replace them, businesses can in the meantime make direct contact with the cyber divisions of the National Crime Agency (0370 496 7622) UK-wide, or the Met Police for cyber crime in London (0207 230 8129).
Get Safe Online, a government-backed cyber security awareness initiative, said it is evident from the data that businesses need to do more to ensure staff have appropriate online fraud awareness training, so that everyone understands their role in keeping the business secure.
A substantial amount of attempted fraud against businesses is successful due to lack of knowledge or poor security practices by their employees, according to Get Safe Online.
Analysis of data shows that mandate fraud is becoming an increasingly worrying issue for businesses, where fraudsters trick employees into changing a direct debit or standing order by pretending to be a supplier.
Mandate fraud is extremely targeted and has seen a significant increase of 66% in the past year with 2,323 reported cases.
Other types of fraud which have increased dramatically include CEO fraud, also known as a whaling attack or business email compromise – where an employee is tricked into making a payment by means of an email purporting to be from a senior manager – and extortion, where files on a computer or entire network are rendered inaccessible by ransomware until a release fee is paid.
Corporate employee fraud – where employees or ex-employees obtain property or compensation through fraud, or misuse corporate cards and expenses – is also on the rise, with 1,440 cases recorded in 2015 – 2016. Listed in the top 10 most reported crimes by businesses in the past 12 months, this demonstrates how fraud is not just an external threat, but can also affect a business from the inside.
It is therefore vital, said Get Safe Online, for all businesses to provide their staff with the right tools and training to be able to identify signs of fraud or suspicious activity, before it is too late, as well as having guidelines in place on whistleblowing.
Hacking is perhaps one of the main issues facing businesses. A fraudster can hack into a business's server, an employee’s personal computer, or access email and social media accounts to obtain private information. In its various forms, hacking is one of the most widely reported types of fraud in the past 12 months, with 1,314 reported cases.
Other types of fraud committed against specific industry sectors such as retail and insurance also accounted for a substantial proportion of crimes reported by businesses, owing mainly to the typical transaction values involved.
Retail fraud – defined as fraud committed against retailers through refund fraud, label fraud or when goods are ordered with no intention of paying – has risen by 71% to 8,163 cases in the past year. This topped the list as the most reported type of online crime in the past 12 months, accounting for almost a quarter of the total recorded crimes.
A substantial increase in retail fraud reports came between November 2015 to January 2016, possibly connected to the increased spending in retail over the Christmas and winter sale period.
Insurance-related fraud, where policy holders obtain money or replacement goods through false insurance claims or obtain policies by submitting false details, showed a marked increase of 68% to 986 cases in the past year.
In terms of the areas worst affected, the London Metropolitan and Essex police forces received the largest volume of reports, with 5,742 and 2,505 cases of online crime. This is followed by Thames Valley (1,335), Kent (1,185) and West Midlands (1,158).
The Metropolitan Police area had the highest reported loss of £240m, followed by Essex (£196m) and Leicestershire (£188m).
Although still one of the most widely reported crimes affecting businesses, reports of cheque, plastic card and online bank account fraud decreased by 21% in the past year.
Advanced fee fraud – where a payment is made to fraudsters who claim to be in a position of authority, such as a foreign government official – decreased by 37%, while other consumer non-investment fraud – where victims are shown or test a product that is not received, is fake, or is stolen – decreased by 31%.
“These latest figures show the enormous, and quite frankly daunting impact online crime can have on a business, its reputation, its employee and even its continued operation,” said Get Safe Online CEO Tony Neate.
“It also highlights the abundance of ways a business can be targeted, both externally, and from within,” he added. “To tackle this issue head on, businesses need to review their own skills and knowledge, determine if they need outside help, and then create measures to prevent, detect and respond to potential security threats. It’s all about education, and staff must be aware of this plan and trained where necessary.”
With the new European Union General Data Protection Regulation in place, Neate claimed an increasing number of businesses will report online crime and realise that the right staff training can go a long way to helping prevent this growing problem.
According to the City of London Police’s commander Chris Greany – the police national co-ordinator for economic crime – businesses are a major target for fraudsters.
“These figures illustrate the significant rise in Action Fraud reports. The true figure will be much higher and businesses need to take steps as many of these crimes could be prevented. Fraudsters look for soft targets and we can all help protect individuals and business by following the advice at Get Safe Online,” he said.
Get Safe Online recommends all businesses ensure that at least the following basic measures are in place to protect their organisation from online crime:
- Structured, regular, updated employee education and awareness training
- Internet security software on all systems, including mobile devices
- Regular security updates for all operating systems, application, mobile and browser software
- Strict and enforced password policy for all employees and contractors