Fraud, cyber, and security risks are at an all-time high, according to senior corporate executives surveyed worldwide for the 2017/18 Kroll Annual Global Fraud & Risk Report. Respondents in the UK reported the highest incidence of fraud of all countries in this year’s survey at 97pc, surpassing last year’s figure of 90pc and this year’s global average (84pc). It’s inside jobs; often by members of management or current, former, or temporary or freelance employees.
Most executives surveyed (94pc) said their companies had experienced a cyber incident or information theft, loss, or attack over the past 12 months, up from 92pc in 2016. Just over seven in ten respondents (71pc) reported the occurrence of at least one security incident during the past year.
The risk consultants and investigators Kroll suggest from respondents that information-related risks now being the area of greatest concern. As criminals and others continue to find new ways to monetise confidential data, including personal data, data assets are becoming increasingly valuable and attractive targets.
Information theft, loss, or attack was one of the most prevalent types of fraud experienced, cited by 32pc of respondents. This was marginally edged out by money laundering and theft of physical assets or stock, both at 35pc.
Cyber attacks represent one of the most persistent threats to confidential information. In fact, the reported level of occurrence for every type of cyber incident included in the survey increased in the last 12 months.
In the year when major viruses such as WannaCry and Petya hit the world, over four in ten (41pc) executives surveyed said their companies had been impacted by a virus or worm attack, an increase of 8 percentage points year-over-year. Near four in ten, 38pc of respondents said they had suffered an email-based phishing attack (up 20 percentage points from the last report), 35pc had suffered a data breach, and 18pc were affected by data deletion. Beyond digital threats, information was highly susceptible to loss through other means: 32pc of executives surveyed said equipment with sensitive data was stolen, while 21pc said equipment was “lost.”
Physical theft or loss of intellectual property (IP) was by far the most prevalent type of security incident. Of those executives whose company experienced a security incident this past year, 44pc said their organisations fell victim to IP theft or loss.
Jason Smolanoff, Senior Managing Director and Global Cyber Security Practice Leader for Kroll, said: “In a digitised world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats. Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetise confidential information, including personal data.
“People instinctively think about data being targeted by cyber attacks, but not all threats to information are confined to the digital realm. There is a convergence between physical and digital threats, with issues arising from equipment with sensitive data being stolen or lost, for example, or employees with access to highly sensitive information accidentally or intentionally causing a breach.”
And Kroll CEO David Fontaine said: “Senior executives are becoming acutely aware that threats to their organizations can arise at any time and originate from any place. Insiders and ex-employees continue to pose a significant threat and have, together with external criminals and threat actors, more tools at their disposal than ever before with which to target and exploit companies.
“In the face of these mounting threats, organizations seeking to manage and mitigate the possibility of loss must take a holistic approach to enterprise risk management and implement diverse and layered measures that can enhance their ability to anticipate, detect, and respond to threats rooted not only in human error or intentional misconduct, but also in technological or internal control gaps.”
