Fraud is increasing in cost and complexity
Fraud is increasing in cost and complexity, according to the latest report from PricewaterhouseCoopers (PwC).
The PwC Global Economic Crime and Fraud (GECF) survey, published biannually, highlights that half of UK organisations questioned have been the victim of fraud and/or economic crime in that period.
More than half (51%) of the most disruptive crimes resulted in losses over $100,000 (£72,000) compared to 37 per cent globally. Nearly a quarter of UK victims (24%) lost more than $1 million (£720,000) as a result.
More than half of UK frauds – 55 per cent - were committed by external fraudsters such as hackers, customers and intermediaries, versus a global average of 40 per cent.
Despite this, not enough is being done by UK organisations to actively prevent fraud. Only half of respondents to the PwC study reported having carried out a fraud risk assessment in the last two years.
These findings, taken from PwC’s ninth biennial GECF survey, are based on input from more than 7,000 business decision-makers across 123 countries, including 146 from the UK.
Fran Marwood, forensics partner at PwC, said: “The cost of fraud to UK business continues to rise, due at least in part to the increasing threat from cyber fraud. While the direct losses are quantifiable, the wider effects can be far more damaging. UK organisations told us that the cost and disruption of sorting out the aftermath, as well as the effects on employee morale, business relations and brand are big hidden costs. Times of uncertainty and change often help fraudsters to exploit weaknesses in an organisation’s systems.
“In this current period of rapid business change, understanding the risks and possible avenues for attack is more crucial than ever. Against this backdrop, only half of UK businesses are currently analysing the risks posed to them by fraud.”
This year’s study shows a shift towards technology-enabled crime, bribery and corruption as well as procurement fraud. Cyber-crime was the most prevalent (overtaking asset theft as the top fraud for the first time since the survey began back in 2002) and was experienced by nearly half (49%) of economic crime victims (global: 31%). 42% of respondents expect this to continue to be the most serious type of fraud in terms of business impact over the coming two years.
Marwood added: “Much of the cyber-crime in the UK comes from external overseas threats. As the world’s fifth largest economy, it’s no surprise that the resources of UK organisations are seen as an attractive target by global fraudsters. Over half of respondents reported suffering phishing attacks, which are transacted on a large scale to play the odds. Ultimately, cyber defence relies on people understanding the threat. On that basis, training, awareness and escalation routes are just as important as defensive technology.”
Despite being faced with an ongoing flow of fraudulent activity, the research suggests UK organisations are relying heavily on people with the skills to detect it, rather than employing more advanced technologies. General anti-fraud controls were reported to be the most successful detection method (uncovering 19% of frauds), followed by tip-offs/whistleblowing (16%) and internal audit (15%).
While the majority of organisations are using technology to monitor or detect fraud in some way, it’s not always performing particularly well. Suspicious activity monitoring spotted 10% of fraud, while data analytics detected only 1% (the latter down from 8% according to the same study two years ago).
Anti-fraud technology has much more to offer, but UK organisations are behind the global average in its uptake. Around one-in-five firms have no plans to look at more advanced techniques, such as predictive analytics (19%) or machine learning (22%), in order to combat or monitor fraud in future.
Marwood stated: “Technology is opening up more avenues for fraudsters, but also providing new and innovative ways of protecting against it. As economic crime continues to remain high, it underlines the need for new approaches. UK organisations are missing out on opportunities to detect anomalies in their data that might indicate fraud. It’s not about just plugging in a new piece of technology and hoping that solves the problem alone. Rather, it’s about harnessing the combined power of skilled people and the right technologies to stand the best chance of tackling the problem.”