Continuous Monitoring , Cybersecurity , Fraud

Report: Cyber Risk, Insider Fraud Major Concerns

Annual Survey Finds Organizations Vulnerable to Information, IP Theft
Report: Cyber Risk, Insider Fraud Major Concerns

Corporate investigations and risk consulting firm Kroll is out with its Annual Global Fraud Report for 2015-16, which finds that cyber risk is increasingly being highlighted as a major threat by organizations globally, with 51 percent of respondents saying they are vulnerable to information theft. In the same vein, the report notes that IP theft (37 percent), and regulatory and compliance breaches (40 percent) are also being cited by participating organizations as areas where they believe themselves to be highly or moderately vulnerable.

See Also: Faster Payments, Faster Fraud?

The report, which is in its eighth year, is based on a survey carried out by Kroll's economic intelligence unit, with organizations having an annual revenue of a minimum of $500 million. Only private sector companies were polled in the survey. Of the participating organizations, 23 percent were from APAC, and 40 of the total 768 senior executives polled were from large Indian conglomerates.

Kroll says 80 percent of participating Indian organizations say that they were affected by fraud in the past 12 months - higher than the global sample average at 75 percent.

"India has one of the highest incidence of fraud in four out of the eleven fraud types assessed by the survey," says Mumbai-based Reshmi Khurana, Managing Director and Head of South Asia for Kroll Advisory Solutions. "Further, 92 percent of Indian respondents have confirmed that their firms have seen an increased exposure to fraud in the last year. This is consistent with our experience on-the-ground in India." (Also See: India's Growing Breach Potential)

Furthermore, the insider threat - for all kinds of fraud, including cyber - is on the rise, with 81 percent of all respondents having suffered fraud at the hands of an insider in the past 12 months.

According to the report, India leads the BRIC countries in insider fraud. Participating organizations say that over 45 percent of all fraud is committed by junior employees, as against 25 percent by senior and middle management. "Overall, this suggests that close to 70 percent of all fraud [incidents] are insider jobs, instigated and perpetrated internally," Khurana says.

What's Driving Fraud?

Commenting on the drivers of fraud in India, Khurana says high staff turnover (28 percent), complex IT infrastructure (27 percent), and cost restraint over pay (21 percent), emerge as the top three drivers quoted by Indian entities participating in the survey.

Technology use is especially an issue in the BFSI vertical, where business is increasingly technology driven, and technology changes every two years. Organizations are having to constantly retrain personnel to keep pace. The further the gaps in training and awareness on complex IT, the higher the possibility of it being exploited for fraud, she says.

Despite these rising concerns, companies in India are not investing in the appropriate anti-fraud strategies, she believes. Companies must continue to create strong and well-organized fraud detection systems to prevent, respond to, and investigate fraud when it arises. Khurana notes that most enterprises that she consults with are still restricted to a reactive stance when it comes to fraud, and this needs to change.

Per the survey numbers, only 55 percent of Indian companies invested in vendor due diligence, and 28 percent in staff background screening. While companies in India are willing to spend to improve their level of anti-fraud protection, it appears that such funds are not being invested appropriately, the report finds. Greater attention to employees and reputation-focused due diligence might significantly bolster fraud efforts, the report says.

Fraud, when linked to reputation, is dangerous, but it is not always quantifiable in money terms, says Khurana. It could be brand damage, loss of customers, action by regulators, slow erosion of market share, and this paradigm applies to technology-based fraud as well, she says.

Market Scenario

Enumerating the environmental factors contributing to fraud, Khurana says that largely, the speed of policy initiatives to fight fraud remains slow, despite stronger political mandates. Weak global markets and muted domestic growth are also impacting corporates and putting pressure on employees, partners and vendors to stretch themselves; which, when coupled with the with restraint in pay growth, may be contributing to increased incentive for fraud.

Khurana believes the domestic market in India suffers from poor segregation of duties within organizations and an absence of clears codes of conduct. Whistle-blower mechanisms are limited, and internal audit functions are relatively weak. "Bad Faith" and dubious accounting practices abound, hiding the real health of businesses, increasing potential for fraud, she says.

Khurana notes that the report suggests corporate governance standards in the country remain poor, and that organizations and employees may be routinely manipulating the poor control environment. Inadequate judiciary and regulatory oversight may also be putting additional responsibility on managers to rely on their own due diligence, she says.

Technology and Fraud

The flipside of the technology-fraud coin is the potential use of new tools to fight fraud and improve governance. For instance, just a lack of robust ERP systems increases the potential for fraud considerably, she says.

"I see technology playing a key role in the area of financial reporting and financial management - this has nothing to do with protecting IP or hacking - simply technology being used effectively to measure business and performance, which links directly to governance." Analytics technology is big today, because it is a non-intrusive and cost-effective way of understanding vulnerability to risk, Khurana says, adding that she expects this trend to continue going forward. (Also See: Tapping Analytics In CyberSec, Fraud)

About the Author

Varun Haran

Varun Haran

Principal Correspondent, ISMG

Haran has been a technology journalist in the Indian market for close to six years, specializing in information security. He has driven industry events such as the India Computer Security Conference (ICSC) and the Ground Zero Summit 2013. Prior to joining ISMG, Haran was a correspondent with TechTarget and InformationWeek, where he covered enterprise technology-related topics for the CIO and IT practitioner.

Around the Network