Recent research by PwC has revealed that half of all UK companies have suffered financial losses due to economic crimes or fraud in the last two years, in line with the global average of 49 percent of all firms.
Economic crime and fraud not only cause financial losses to UK companies, but also damage their reputation, employee morale, and business relations.
Out of 146 UK companies who were surveyed by PwC as part of a global study, half of them suffered financial losses of £72,000 or more in the past couple of years. More worryingly, one in every four such firms lost £720,000 or more to cyber attacks in the same period.
PwC’s 2018 Global Economic Crime and Fraud Survey also revealed that globally, 49 percent of organisations have been a victim of fraud and economic crime, 52 percent of all frauds were perpetrated by people inside the organisation, and 64 percent of organisations lost up to $1 million to their most disruptive fraud attempts.
Even though the overall number of UK companies that experienced fraud fell from 55 percent to 50 percent between 2016 and 2018, fraud is continuing to run at high levels and organisations have noticed a shift owards technology-enabled crime, bribery and procurement fraud.
While 55 percent of frauds were committed by external actors, half of all frauds committed by internal perpetrators were committed by those holding senior management posts. Almost half of those surveyed said that such frauds took place because of opportunities presented to perpetrators.
The survey also revealed that while 19 percent of frauds were detected through fraud risk management, 15 percent of them were detected by internal audit measures. As many as 82 percent of CISOs in the UK also reported incidents of fraud to the board, compared to a mere 61 percent globally.
Out of all incidents of fraud, cybercrime continues to rule with 49 percent of all frauds with asset misappropriation, discrepancies in procurement, bribery and corruption and business misconduct taking up the remaining share.
"While the majority of organisations are using technology to monitor or detect fraud in some way, the overall percentage of frauds detected by technology has decreased since 2016. Survey indicates that the UK is lagging behind much of the rest of the world in harnessing technology to prevent and detect fraud," PwC noted.
However, financial loss isn't the only factor that UK companies, who have been victims of fraud, have to worry about. According to those surveyed by PwC, repeated incidents of economic crime and fraud also damage their reputation, employee morale, and business relations.
“Times of uncertainty and change often help fraudsters to exploit weaknesses in an organisation’s systems, so in this current period of rapid business change, understanding the risks and possible avenues for attack is more crucial than ever,” said Fran Marwood, forensics partner at PwC.
COmmenting on the eye-opening results of the survey, Robert Capps, vice president of business development at NuData Security, said: "The magnitude of these losses can't help but have a dampening effect on the UK economy and on those businesses who are experiencing losses of over £72,000. It's also bad news for customers, who often bear the brunt of many direct costs (especially in account takeover and identity theft).
"To detect out-of-character and potentially fraudulent transactions before they can create a financial nightmare for consumers – and for companies – we must adopt new authentication methods that hackers can't deceive. Solutions based on passive biometrics and interactional signals are leading the way to provide more safety for consumers and less fraud in the marketplace.
"These solutions identify machines from humans, then separate good machines from bad, selects known humans from unknown humans, and finally sorts unknown humans demonstrating low-risk signals from unknown humans demonstrating high-risk signals. This process lets organisations fast-track the known and low-risk users for an optimal experience, saving the friction and traditional authentication methods for the highest risk users. These layers validate the user through information that hackers can't replicate, securing the good user's transaction at every step," he added.