The sixth annual Economist Intelligence Unit Global Fraud Survey

1,483 views
1,357 views

Published on

The sixth annual Economist Intelligence Unit Global Fraud Survey, commissioned by Kroll, polled more than 830 senior executives worldwide from a broad range of industries and functions. As in previous years, the survey tells the story of a changing fraud environment, with dangers ebbing and flowing in often unpredictable ways. This year, the data reveal five key insights.
- Prevalence and cost of fraud are down from last year, but more than six in every ten companies were still hit at least once.
- Concern about fraud is dropping faster than fraud itself.
- The biggest danger still comes from inside the business.
- Information theft remains a significant, multi-faceted threat.
- Taking anti-corruption compliance more seriously is paying dividends for companies.

Published in: Business
1 Comment
3 Likes
Statistics
Notes
  • Thanks for posting.
    The overviews of the different geographical regions is particularly interesting. As we operate whistleblowing hotlines globally, we are always keen on learning about and understanding trends.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
1,483
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
28
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

The sixth annual Economist Intelligence Unit Global Fraud Survey

  1. 1. Annual Edition 2012/13Global Fraud ReportEconomist Intelligence Unit Survey ResultsThe biggest threat comes from withinThe battle against information theft remains a leading focusComplacency may be the next biggest dangerAnti-corruption measures are reaping rewards
  2. 2. About the researchThe Annual Global Fraud Survey, commissioned by Kroll AdvisorySolutions and carried out by the Economist Intelligence Unit, polled839 senior executives worldwide from a broad range of industriesand functions in July and August 2012. Where Economist IntelligenceUnit analysis has been quoted in this report, it has been headlinedas such. Kroll also undertook its own analysis of the results.As in previous years, these represented a wide range of industries,including notable participation from Financial Services andProfessional Services; as well as Retail and Wholesale; Technology,Media, and Telecommunications; Healthcare and Pharmaceuticals;Travel, Leisure, and Transportation; Consumer Goods; Construction,Engineering, and Infrastructure; Natural Resources; andManufacturing. Respondents were senior, with 53% at C-suite level.Over half (52%) of participants represent companies with annualrevenues of over $500m. Respondents this year included 28% fromEurope, 26% from North America, 24% from the Asia-Pacific region,13% from Latin America and 10% from the Middle East/Africa.This report brings together these survey results with the experienceand expertise of Kroll and a selection of its affiliates. It includescontent written by the Economist Intelligence Unit and other thirdparties. Kroll would like to thank the Economist Intelligence Unit,Dr. Paul Kielstra and all the authors for their contributions inproducing this report.Values throughout the report are US dollars.
  3. 3. ContentsGlobal Fraud ReportContents Introduction regional analysis: Asia-Pacific Tom Hartley, President and Chief Executive Officer............................................. 4 China overview........................................................................................................................ 35 Proving staff kickback allegations: How to gather evidence efficiently..... 36 Economist Intelligence Unit Overview Preventing IP fraud: The better option....................................................................... 38 Survey results......................................................................................................................... 5 India overview.......................................................................................................................... 40 fraud at a glance Procurement fraud in India: Overcoming a widespread problem.............. 41 Beware the enemy within................................................................................................... 9 Challenges facing emerging market corporations expanding abroad...... 42 A geographical snapshot.................................................................................................... 10 Indonesia overview............................................................................................................... 44 Dealing with trade secret issues.................................................................................... 45 regional analysis: Americas United States overview....................................................................................................... 12 regional analysis: emea Securing your company from cyber crime............................................................... 13 Europe overview..................................................................................................................... 47 Straight talk on due diligence......................................................................................... 16 Bank collapses amidst mismanagement & fraud................................................ 48 Preparing for new US AML rules: Organized crime penetration in Italian and European businesses............. 50 Know your customers and who owns them........................................................... 17 Russia overview....................................................................................................................... 52 Canada overview.................................................................................................................... 19 Russia’s undisclosed silent partners: Knowing who you’re dealing with......53 Due diligence is essential and can be more The Gulf States overview.................................................................................................... 54 time and cost efficient than you think....................................................................... 20 Kingdom of Saudi Arabia: Time to bridge the perception gap..................... 55 Latin America overview...................................................................................................... 22 Africa overview........................................................................................................................ 57 Risk factors in Latin American agribusiness............................................................. 23 African fraud: Understanding the risks....................................................................... 58 Brazil overview......................................................................................................................... 25 The case for strengthening internal controls.......................................................... 26 sector summary Mexico overview..................................................................................................................... 28 Summary of sector fraud profiles.................................................................................. 61 Mexico’s anti-money laundering challenges........................................................... 29 Contacts Top executives: A culture of fraud on the rise....................................................... 31 Key regional contacts at Kroll Advisory Solutions................................................ 62 Colombia overview................................................................................................................ 32 Vendor and procurement fraud in Colombia........................................................... 33 Economist intelligence unit Industry analysis Technology, Media & telecoms............................................................... 15 Natural resources................................................................................................ 24 Manufacturing........................................................................................................... 27 Consumer goods....................................................................................................... 37 Retail, Wholesale & Distribution...................................................... 43 Professional services........................................................................................ 46 Financial Services................................................................................................... 49 Construction, Engineering........................................................................ 56 & infrastructure Healthcare, Pharmaceuticals................................................................ 59 & Biotechnology Travel, leisure & transportation.................................................... 60 Annual Edition 2012/13  |  3
  4. 4. IntroductionIntroduction On the one hand, fraud is down globally. » Complacency may be the next biggest The proportion of companies that suffered danger. Our survey suggests that any an incident declined from 75 percent last company can be a victim of fraud, however year to 61 percent in the current survey. the data show that concerns about fraud This surely reflects the efforts of companies are abating as the prevalence declines. to actively manage their fraud risk. However, In our experience, letting down one’s fraud is anything but defeated, with the guard can have dire consequences. most common frauds, theft of physical Companies must remain vigilant as the assets and information theft (reported by methods and tools employed by fraudsters 24 percent and 21 percent of companies continue to evolve. respectively), remaining stubbornly persistent » Anti-corruption measures are reaping and widespread. rewards. Companies are making gains The data we collected this year highlight through robust efforts to combat bribery some points of particular note: and corruption. Half of our respondents have monitoring and reporting systems to » The biggest threat comes from within. assess risks on an ongoing basis; train Fully two-thirds of firms in our survey that their senior managers and other were hit by fraud during the past year representatives to become familiar and cited an insider as a key perpetrator, rising compliant with the US Foreign Corrupt from 60 percent last year and 55 percent inThis sixth edition of Kroll Advisory 2010. Partly, this reflects the ease with Practices Act and UK Bribery Act; and include a review of these laws in their dueSolutions’ Global Fraud Report, which employees, agents or other company diligence, when considering an acquisition, representatives can access confidentialprepared in cooperation with corporate information. But it also suggests joint venture or providing financing.the Economist Intelligence Unit, that anti-fraud energies have been Throughout the 40-year history of Kroll, our directed to putting up fences to protect mission has been to help clients achieve aprovides both heartening and from external threats which can sometimes deeper understanding of the underlying factssobering news for businesses be easier to address than facing the reality in a range of situations and to assist with of the threat from within. solutions. Increasingly, fraud exhibitsaround the world. » The battle against information theft industry-specific and regional characteristics, remains a leading focus. The menace of which require detailed knowledge of a information theft is becoming more global. market, sector, business process or culture New technologies make financial or to unearth, redress and prevent. Our global precious intellectual assets easier to team, on the ground in 17 countries, has transmit and store, but also easier to steal the experience in fraud prevention and and resell. According to our survey, 30 detection to deliver that mission today. percent of companies say they are most I hope this report provides some useful insights vulnerable to information theft and cite IT and helps you identify emerging threats and complexity as the leading cause of opportunities for your own business. heightened risk exposure. Tom Hartley President and Chief Executive Officer Kroll Advisory Solutions4  |  Kroll Global Fraud Report
  5. 5. Economist Intelligence Unit OverviewEconomist Intelligence UnitOverview A changing fraud environment… The sixth annual Economist Intelligence Unit Global Fraud Survey, commissioned by Kroll, polled more than 830 senior executives worldwide from a broad range of industries and functions. As in previous years, the survey tells the story of a changing fraud environment, with dangers ebbing and flowing in often unpredictable ways. This year, the data reveal five key insights. Annual Edition 2012/13  |  5
  6. 6. Economist Intelligence Unit Overview 1. Prevalence and cost of fraud Chart 1. Percentage of companies affected by the following frauds are down from last year, but more than six in every ten companies 2012 2011 were still hit at least once. Theft of physical assets 24% 25% The most striking result of this year’s survey Information theft 21% 23% is that there has been a notable decline in Management conflict of interest 14% 21% the level of fraud overall. The proportion of Vendor, supplier or procurement fraud 12% 20% companies reporting that they were affected by at least one incidence of fraud in the past Internal financial fraud 12% 19% year has dropped for the second year in a row, Corruption and bribery 11% 19% from 75% to 61%. The average cost of fraud Regulatory or compliance breach 11% 11% to businesses has declined even more, from 2.1% of revenues to 0.9%, and the number of IP theft 8% 10% companies saying that their exposure to Market collusion 3% 9% fraud has increased in the past year is also Money laundering 1% 4% down, from 80% to 63%. The picture is similar across regions and industries. Of course, change never happens evenly. Chart 2. roportion of all companies describing themselves as highly or P A look at the specific frauds covered by the moderately vulnerable to the following frauds, this year and last year survey shows that the theft of physical assets and information remains nearly as widespread 2012 2011 as ever. The big drops came instead in Information theft 30% 50% procurement fraud and corruption, the latter probably due to increased vigilance (see chart 1). Regulatory or compliance breach 28% 41% Theft of physical assets 26% 46% This improvement, though, should not obscure the fact that, for companies, Internal financial fraud 26% 38% suffering from fraud remains very much the Vendor, supplier or procurement fraud 24% 42% rule rather than the exception. More than six Corruption and bribery 24% 47% in 10 companies were affected last year and a similar number saw their risk of being hit Management conflict of interest 23% 44% by fraud increase. More importantly, the IP theft 21% 40% overall picture contains signficant trouble Market collusion 15% 31% spots. Manufacturing, for example, experienced a substantial jump in the Money laundering 13% 25% number of companies suffering from fraud, going from 74% to 87%. Chart 3. roportion of companies describing themselves as highly or moderately P 2. Concern about fraud is dropping vulnerable to the following frauds this year, differentiated by whether they faster than fraud itself. Companies suffered a fraud in the last 12 months or not need to avoid becoming complacent. Suffered a fraud Did not One concern arising from this year’s survey is suffer a fraud that companies’ sense of vulnerability to fraud is decreasing even faster than its incidence. Information theft 39% 16% In particular, the number of respondents Regulatory or compliance breach 36% 14% saying that they were moderately or highly Theft of physical assets 36% 11% vulnerable to information theft has fallen Internal financial fraud 35% 12% from 50% to 30%, even though only 2% Vendor, supplier or procurement fraud 34% 8% fewer companies reported being hit by this fraud. Moreover, the percentage of companies Corruption and bribery 33% 10% concerned about the theft of physical assets Management conflict of interest 31% 11% is now only a little higher than the IP theft 27% 11% proportion that has actually suffered from such a crime in the past year. Market collusion 22% 5% Is this change in perception simply an Money laundering 19% 4% understandable, if perhaps excessive, reaction to lower fraud levels? The survey data6  |  Kroll Global Fraud Report
  7. 7. Economist Intelligence Unit Overviewsuggests something more: a sense of the risk Chart 4. Percentage of companies that have fraud controls in placeof fraud is often based not on a dispassionateassessment of the environment, but on recent Companies that lost Alldirect experience. Companies that suffered more than 4% of otherany sort of fraud in 2012 are more likely to revenues to fraud companiessee themselves as vulnerable. Financial (financial controls, fraud detection, internal 61% 82%This tendency for risk assessment to be audit, external audit, anti-money laundering policies)reactive can lead to dangerous complacency Assets (physical security systems, stock inventories, 57% 75%when luck, more than diligence, may be the tagging, asset register)reason for avoiding fraud. In an environment Information (IT security, technical countermeasures) 55% 80%where a majority of companies have suffered Management (management controls, incentives, 45% 73%from a fraud in the last year, becoming external supervision such as audit committee) over-confident presents a substantial risk.A lack of attention can be costly: companies Staff (training, whistleblower hotline) 43% 65%that lose the most to fraud are those that are Partners, clients and vendors (due diligence) 43% 62%less likely to have fraud controls in place. Staff (background screening) 37% 65% Reputation (media monitoring, 37% 62%3. The biggest danger still comes compliance controls, legal review) from inside the business. Risk (risk officer and risk management system) 31% 68%Increasingly, fraud is being perpetrated by Incident response plan for data breach 29% 58%company insiders. Previous surveys haveconsistently indicated that insiders are IP (intellectual property risk assessment 25% 54% and trademark monitoring programme) responsible for most frauds. More thantwo-thirds (67%) of firms that have sufferedat least one incidence of fraud in the past Chart 5. Percentage of companies affected by multi-perpetrator frauds year cited an insider as the key perpetrator reporting the following types of perpetrators (2012)or one of the leading culprits, up from 60%last year and 55% the in 2010. Suppliers 43%The findings also shed light on how fraudsters Vendors 37%interact by asking companies about all the Junior employees of our own company 29%perpetrators involved, not just the mostsignificant one. From the data it was possible Customers 26%to isolate a large group of companies—more Agents and/or intermediaries 23%than 200—that reported being affected byjust one type of fraud. Members of this group Government officials 20%are the most likely to have suffered a single Regulators 17%fraud or series of frauds by the same Senior management employees of our own company 11%perpetrator or perpetrators. Partners 6%Looking at who committed these frauds, the Other 3%most obvious finding is that fraudsters tendeither to act alone or to co-operate withpeers rather than with members of other When a fraud involves more than one type that, although insiders can often find ways togroups. Respondents cited just one type of of perpetrator, though, outsiders are much defraud the company by themselves, externalleading perpetrator in 84% of cases. These more involved and, except for junior fraudsters tend to look for accomplices.were, as expected, usually an insider. Those employees, insiders are much less so.acting alone in this way tended largely to be 4. Information theft remains ainsiders—junior employees, senior managers, There is insufficient data to examine the significant, multi-faceted threat.or agents of the company. types of combinations in great detail but it is worth noting that 37% of these multi- As in previous years, information theft is oneIn the smaller number of cases where different perpetrator frauds involve a combination of of the most widespread frauds facingtypes of perpetrators co-operated, the insiders and outsiders, and that only rarely companies. Its modest decline – 21% oftendency was again to bring in as few people (11% of the time) do insiders of different companies are affected this year comparedas possible: 83% of such cases involved only types work together. Of the outsiders, with 23% in the last survey – shows that ittwo types of perpetrators, presumably vendors and suppliers frequently work is more resilient than some other frauds.because secrecy is easier to maintain with together, doing so in 29% of all multi- Moreover, it remains the fraud to whichfewer participants in a scam. perpetrator cases. The broader message is respondents feel most vulnerable – 30% say Annual Edition 2012/13  |  7
  8. 8. Economist Intelligence Unit Overviewthey are moderately or highly so. It is alsoa problem which has the potential to grow:IT complexity is the leading cause ofincreased exposure to fraud risk, accordingto 30% of respondents.The popular perception of information thefttypically involves hackers stealing reams ofcustomer data. This is certainly an issue butthe threat is not one-dimensional. To beginwith, a range of information is being soughtby different fraudsters, with customer dataan important, but not the most frequent,target: one-third of all those suffering aninformation attack lost such data in the lastyear. On the other hand, 46% have hadeither company financial data or strategicdata stolen. And the focus of attacks varieswidely by industry. In the professionalservices sector, for example, 49% of attacks Information theft remains ainvolved a search for financial or strategic significant, multi-faceted threat.data, while only 33% sought customer data.In financial services, on the other hand, theequivalent figures were more equal – 46% Chart 6. Percentage of companies agreeing with the followingand 50% respectively. The broader messageis that a wide range of information is 2012 2011valuable and therefore under threat in the We have made a thorough assessment of risks to our 52% 26%era of ‘Big Data’. organisation arising from the UK Bribery Act and/orEmployees – either as culprits or as a point US FCPA and their enforcement, and set in placeof weakness – are far more to blame for the a monitoring and reporting system to assess risks onloss of information than hackers. Where an ongoing basis. there has been a loss, 35% of the time theissue is employee malfeasance, more than We have trained our senior managers, vendors 55% 29%twice the rate at which external hackers are and foreign employees to become familiar andto blame (17%). Moreover, in 51% of cases, compliant with the UK Bribery Act and/or US FCPA. the theft of an employee’s technology (suchas a computer or mobile phone) or an When entering into a joint venture, making an 50% 26%employee mistake was involved. As ever, acquisition or providing financing, our due diligencethough, these are average pictures and includes a review of UK Bribery Act and/or US FCPA risks. individual countries can have distinct risk Our internal compliance regime is becoming more 56% 26%environments: Indonesia saw the mostcompanies affected by information theft global because of the extraterritorial reach of the(35%) while outside hacker attackers were UK Bribery Act and/or US FCPA. the most common in the United States,affecting 10% of all companies. This still leaves room for improvement. More anti-corruption legislation, conducted a risk5. Taking anti-corruption than 20% of respondents say that although assessment and integrated corruptioncompliance more seriously is they are subject to the UK Bribery Act or US considerations into their due diligencepaying dividends for companies. FCPA, they have not made a thorough risk processes, only 7% reported suffering from assessment, trained the right people or an incidence of corruption compared withThe impact of the US Foreign Corrupt Practices amended their due diligence process. The 13% of all other companies.Act (FCPA) and UK Bribery Act is growing,with companies taking steps to improve their survey data suggest that in failing to take Just as importantly, such compliance regimescompliance. Compared with last year, far these steps, companies may be missing out. may also be opening up investmentmore have done a risk assessment relating The marked rise in compliance activity has opportunities for companies. Of theto these pieces of legislation, trained senior coincided with a fall in the prevalence of companies which had taken all of the abovemanagers appropriately and integrated corruption from 19% to 11% during the past steps, only 20% were dissuaded fromcorruption issues into their due diligence year. Companies with active compliance investing abroad because of fraud, but foractivities. As a result, anti-corruption policies seem to have benefitted more. Of those those who have not taken these steps theare becoming more widely embedded in respondents who say that they have trained figure was 31%. Better anti-corruption effortsmany businesses. employees and others to comply with seem to bring substantial benefits.8  |  Kroll Global Fraud Report
  9. 9. Fraud at a Glance inclined to report possible issues if the automatic result is an aggressive and Beware the disruptive internal investigation. Establishing effective internal investigation procedures is vital. With most business enemy within processes now being electronic, there will be much preliminary work that can be done with little disruption, such as email reviews and data mining (although beware of any applicable privacy laws). Some basic checking can establish whether an issue is a problem heading towards something bigger, and prompt action can often head it off if it is serious. As important as the practical skills are, it is also vital to think through the context, By Tommy Helsby purpose, and consequences of an internal investigation. Who is affected by the issueThis year’s Global Fraud Survey reinforces last year’s result: senior – just the company or third parties such asexecutives do not perceive an increasing risk of fraud. Newspaper customers or suppliers? Will the results need to be shared with a regulator, eitherheadlines seem to tell a different story: LIBOR-fixing in London; immediately or at some later date? Could thebribery and money laundering in Mexico; accounting fraud in Tokyo; results lead to litigation for financial recovery, or to a criminal complaint? Are the scopebank fraud in, well, almost everywhere. Why the discrepancy? and terms of reference appropriate?The frauds that excite the newspapers are than perhaps by getting a better bonus, but For example, I have had calls from clientsessentially frauds by the company rather the company has benefited, in the short term, who want to identify the sender of a poisonthan on the company. When corporate and will be held responsible, by regulators, pen letter – a reasonable task, but oneexecutives think about fraud, the natural law enforcement and the media. man’s poison pen letter writer is another’sresponse is to consider ways in which their whistleblower. Such a project needs to be There is no water-tight defense against thisbusinesses could be victims, and not how handled with care, and it may be important problem. Perhaps it’s possible to avoid in atheir companies could be committing fraud. to first address the issues raised in the letter small business, where the boss knows everyBut a moment’s reflection shows that most in order to establish whether there is a employee and can see every action, but in afirms that have, in newspaper terms, genuine issue, however maliciously raised. modern multinational corporation there will“committed a fraud” are also victims of always be some level of vulnerability to what Thinking through these issues will help inthe fraud’s consequences. we call “corporate hero fraud.” There are two deciding whether, and at what point, to bringAt best, the fraud creates a short term gain – mitigating strategies: effective compliance in external help. If you need to demonstratea contract won through a bribe, a commercial and independent internal investigation. to third parties, whether regulators oradvantage through collusion with a competitor, customers, that a thorough investigation has To be effective, compliance needs to operateor concealment of a financial problem been conducted, doing everything in-house on a series of levels and cannot be thethrough accounting fraud. But the long term may lack credibility. In other cases, leaning responsibility only of the complianceconsequences are invariably bad for the on the experience of a team that has dealt department: compliance is a core managementbusiness – worse if the fraud is discovered duty that crosses all corporate functions. with similar cases before can be critical (andand the company has to pay the penalties, It needs involvement from human resources, reassuring). An intimate understanding of thebut bad even if they “get away with it.” finance, legal, internal audit and, ultimately, company may be equally important, and soAs I commented in last year’s Report, business senior management. Employees need training a combined team may be the best approach.based on bribery, uncompetitive practices, or in what is and is not acceptable practiceunethical practice is unsustainable in the Thinking that fraud can’t happen to you means within the company; no one can be allowedlong term: it lacks integrity in the commercial that it probably will, or already has. The best to get away with saying, “I didn’t know itas well as the moral sense. attitude is to be prepared: spot it early, respond was wrong.” Practices need to be reviewed effectively, and learn from the experience.A prevailing concern among our clients is against legal and regulatory developments.that there may be someone within their Activity needs to monitored and, since it’sorganization who is breaking the law as generally impractical to monitor everything Tommy Helsby is Chairman, Eurasiapart of their job; perhaps believing that they all of the time, it will involve testing and of Kroll Advisory Solutions based inare simply doing the right thing; possibly developing systems to pick up improper London. Since joining Kroll in 1981, Tommy has helped found and developunaware that their actions are illegal. behavior: you need a defense against an the firm’s core due diligence business,The common reaction when such activity is accusation of “turning a blind eye” to and managed many of the corporatediscovered is that “everybody does it,” or “it’s illegality. There need to be robust procedures contest projects for which Kroll becamemarket practice,” or “that’s the only way to in place to respond to potential issues, but in well known in the 1980s. Tommy plays a strategic role both for the firm and for many of its major clients insurvive in business here,” or “I was doing a nuanced and proportionate way. Heavy- complex transactions and disputes. He has a particularit for the company.” In many cases, the handed and hair-trigger responses can be interest in emerging markets, especially Russia and India.offending employee does not benefit, other counter-productive: people will be less Annual Edition 2012/13  |  9
  10. 10. Fraud at a GlanceA geographical snapshot Information Management conflict We compared the results of the theft, loss or of interest 14% attack 26% Global Fraud Survey findings with Prevalence 47% Transparency International’s Prevalence 60% Compliance Corruption Perceptions Index (CPI). breach 13% Management Theft of The CPI measures the perceived conflict of interest 16% physical assets Theft of physical assets or stock 24% Kroll findings or stock 24% levels of public sector corruption Kroll findings Canada United States Canadian companies continue to as seen by business people and U.S. companies shared in very little enjoy the lowest levels of fraud of the global improvement in fraud compared to the other regions and country analysts; ranging levels over the past year. Despite a countries. While fewer than half of modest decline in overall prevalence, businesses were hit in the past year, between 10 (very clean) and the four most common frauds three fraud types increased in remain persistently widespread. frequency over the past year: theft 0 (highly corrupt). The comparison Information theft, loss or attack of physical assets or stock, continues to pose the greatest management conflict of interest and clearly demonstrates that danger for companies in the region, compliance breach. Moreover, affecting 26% of respondents. Canadian respondents are among fraud and corruption frequently Companies also reported high levels the most likely to report heightened of theft of physical assets or stock, risk exposure from increased go hand in hand. management conflict of interest and collaboration between firms. vender, supplier or procurement fraud. Information Corruption theft, loss or and bribery Information attack 26% 15% theft, loss or The panels on the map summarize: attack 14% K he percentage of respondents per region t Prevalence Prevalence 59% or country suffering at least one fraud in the 54% last 12 months Vendor, supplier, Theft of K he areas and drivers of most frequent loss t or procurement physical assets Management conflict of Theft of fraud 19% physical assets or stock 19% interest 23% or stock 17% Kroll findings Vendor, supplier, Kroll findings Mexico or procurement fraud 19% Brazil Mexico, in line with the rest of the Brazilan companies reported a drop in Transparency International world, saw a reduced prevalence of fraud levels consistent with the fraud in the last year. However, for Corruption Perceptions Index 2009 Mexican companies, the nature of the Prevalence decline in the global average. 49% However, respondents continue to see problem may be changing. This year, Very Clean the greatest threats from within their 9.0 - 10.0 information theft, loss or attack has Regulatory or organizations. For the second year in a become the most widespread fraud, compliance Theft of row, management conflict of interest 8.0 - 8.9 affecting 26% of companies - a figure breach 14% physical assets was the most widespread problem, well above the survey average of 21%. or stock 19% 7.0 - 7.9 affecting nearly one-quarter (23%) of Mexican companies also reported Kroll findings companies, a figure well above the above average levels of vendor, Colombia 6.0 - 6.9 supplier or procurement fraud. Despite reporting a lower than global survey average and second only to Africa. 5.0 - 5.9 average faud prevalence during the past year, Colombian companies 4.0 - 4.9 experienced widespread problems Information with vendor, supplier or procurement theft, loss or 3.0 - 3.9 fraud. Nineteen percent of attack 16% respondents were affected, 2.0 -2.9 exceeding the survey average of 12% and equal to Mexico for the highest Prevalence 1.0 - 1.9 level for any country or region other 56% than India. Another problem area for 0.0 - 0.9 Colombian companies is theft of Vendor, supplier, Theft of Highly Corrupt No data physical assets or stock, reported by or procurement physical assets 19% of survey respondents. fraud 16% or stock 19% Kroll findings Latin America While Latin America saw a marked drop in the prevalence of fraud overall, more than half of companies suffered from at least one fraud in the last 12 months. Nearly one in five firms in the region were hit by theft of physical assets, and one in six hit by information theft or vendor, supplier or procurement fraud. Moreover, six in ten Latin American companies say their exposure to fraud has increased.Map image by permission Transparency International.All analysis Kroll/Economist Intelligence Unit.10  |  Kroll Global Fraud Report
  11. 11. Fraud at a Glance Information Information theft, loss or theft, loss or Information theft, attack 21% attack 26% loss or attack 18% Prevalence Prevalence Prevalence 61% 65% 63% Corruption and Corruption and bribery 16% Theft of bribery 19% Theft of Theft of physical physical assets physical assets assets or stock 23% Kroll findings or stock 26% or stock 27% Russia Kroll findingsKroll findings Although the overall prevalence of ChinaEurope China’s fraud landscape has improvedThe rest of the world’s fraud figures fraud in Russia (61%) is identical to the survey average, a number of individual significantly in the last 12 months,have improved faster than Europe’s, showing a considerable drop in overallso that operating on the continent frauds are markedly more common than in the rest of the world. These prevalence compared to last year.now represents an average rather Nevertheless, the number ofthan a low fraud risk. The number of include information theft (26% Theft of physical companies hit by at least one fraudcompanies affected by at least one compared to 21% globally), corruption assets or stock 18% (65%) is still higher than the globalfraud (63%) is slightly higher than and bribery (16% compared to 11%), and IP theft (13% compared to 8%). average (61%). Moreover, thethe global average (61%) and, for incidence of certain individual frauds,seven of the ten frauds covered by Russian respondents, however, do not Prevalence seem to appreciate the risk. For all notably theft of physical assets (27%)the survey, the European incidence 49% and corruption (19%), either rose oris within one percentage point of the three of the above frauds, the proportion who consider their stayed the same. Corruption in Chinaoverall figure. Furthermore, the also remains well above the globalcontinent’s two most common companies moderately or highly Management conflict vulnerably is markedly below the average.frauds, theft of physical assets of interest 15%(23%) and information theft (18%), global average.have remained at a fairly constant Kroll findingslevel for the last three years. The Gulf States Respondents from the Gulf States, including Saudi Arabia, report a lower prevalence of fraud than the global average (61%), with just fewer than half of companies being affected by at least one such crime in the last year. The prevalence Theft of physical levels of three particular frauds, assets or stock 27% though, are within one percent of Information theft, the global average: management loss or attack 23% Internal conflict of interest (15%), financial Information theft, corruption (10%), and regulatory fraud or loss or attack 35% breach (10%). Moreover, these are theft 22% often linked, with most cases of Regulatory or Information theft, compliance corruption also involving loss or attack 34% Prevalence Internal breach 23% Theft of management conflict of interest. 68% financial physical assets fraud or or stock 32% Internal theft 19% financial fraud or Vendor, supplier theft 30% Corruption and Prevalence or procurement 65% bribery 20% fraud 20% Prevalence Kroll findings 77% INDIA India, despite some improvements, Vendor, supplier Theft of remains a challenging fraud or procurement physical environment. Outside of Africa, fraud 16% assets or Corruption it has the highest number of Kroll findings stock 16% and bribery 20% Management companies affected by fraud Indonesia conflict of of any region or country (68%). Indonesian companies experienced Kroll findings interest 25% And its average loss to fraud a comparatively high overall AFRICA (1.2% of revenues) is higher than incidence of fraud (65% were Africa retains its position as the the global average (0.9%). affected at least once in the last region with the largest fraud Moreover, eight of the 10 frauds year, compared to 61% globally). problem. It did see some covered in the survey were more Moreover, they have significant improvement in the fraud widespread in India than they problems with information theft (at environment, but the decline in were globally. These include 35% the highest geographic figure overall fraud prevalence, from internal financial fraud (22% of in the survey and well above the 85% to 77%, was less marked Indian companies were affected global rate of 21%. Other problem than in other regions. As a result, compared to 12% overall) and areas include regulatory and it has not only the greatest overall vendor or procurement fraud (20% compliance breach and internal fraud figure, but also the highest compared to 12%). financial fraud. The latter two regional prevalence for eight of frauds are also among the three the 10 frauds covered in this threats to which Indonesian index: information theft (34%); respondents feel most vulnerable. theft of physical assets (32%); internal financial fraud (30%); and management conflict of interest (25%), among others. Annual Edition 2012/13  |  11
  12. 12. Regional Analysis: Americas UNITED STATES OvervieW Moreover, the prevalence of the four most common frauds – information theft (26%), theft of physical assets (24%), management conflict of interest (16%), and procurement fraud (13%) – are largely unchanged from last year. Information theft remains the biggest threat and the complexity of information technology the biggest driver of increased fraud in the country. American companies are among the most likely in the world to report an attack by an outside hacker – with 10% of all US respondents hit in this way within the last 12 months. However, despite a threat which saw little change in prevalence in the last year, the number of companies thinking that they are moderately or highly vulnerable to information theft dropped from 52% to just 33%. In fact, for all the four leading frauds listed above, despite static prevalence figures, the sense of vulnerability dropped markedly. Proportion of US companies describing themselves as highly or moderately vulnerable to the following frauds. 2012 2011American companies shared in comparatively little of the global Information theft 33% 52%improvement in fraud levels over the last year. The number of USbusinesses hit by at least one fraud was down (to 60% from 65%) Theft of physical assets 20% 36%and the average loss also dropped (to 1.1% of revenue from 1.9%),but these declines were much less than the global average. Management conflict 25% 34% of interest 2011-2012 2011-2010 Prevalence: Vendor, supplier or 60% 65% 27% 31% Companies affected by fraud procurement fraud Information theft, loss, or attack (26%) Information theft, loss, or attack (27%) Areas of Frequent Loss: Percentage of firms reporting loss to this Theft of physical assets or stock (24%) Theft of physical assets or stock (24%) American companies may need to challenge type of fraud Management conflict of interest (16%) Management conflict of interest (16%) any assumptions about living in a low-fraud environment. For half of the frauds covered in Information theft, loss or attack (33%) Areas of Vulnerability: Information theft, loss or attack (52%) the survey, the prevalence in the United States Percentage of firms considering Regulatory or compliance breach (29%) IP theft (39%) this year was higher than the global average. themselves moderately or highly vulnerable Vendor, supplier or procurement Theft of physical assets or stock (36%) Moreover, the average amount lost to fraud, fraud (27%) 1.1% of revenues, is now higher than the global Increase in Exposure: average of 0.9%. On the other hand, for all but Companies where exposure to fraud has 66% 79% increased one of the anti-fraud strategies covered in the survey, the percentage of American companies Biggest Drivers of Increased Exposure: Most widespread factor which have them in place is lower than the global IT complexity (35%) IT complexity (35%) leading to greater fraud exposure and average and, for every strategy, the proportion percentage of firms affected of companies planning to invest further in the Loss: coming year is also lower. If businesses in the Average percentage of revenue lost 1.1% 1.9% United States want to address their ongoing to fraud fraud issues, they will need to get more active.12  |  Kroll Global Fraud Report
  13. 13. Regional Analysis: Americas Securing your company from cyber crime Expert QA with Mike DuBose and Tim RyanUndetected malware, a misplaced mobile device, a hacker taking sensitive data hostage – cybersecurity threats today are increasing in variety, frequency, and sophistication. This endless range ofvulnerabilities makes it nearly impossible to predict the location of your organization’s next securitybreach. The Global Fraud Report spoke with Mike DuBose and Tim Ryan, cyber investigations andsecurity experts with Kroll Advisory Solutions, about this complex threat to critical business assets suchas intellectual property, financial and customer data, and trade secrets.Q. What are the most serious cyber including the CEO, CFO, and the Board – fails communications and financial documents –threats that companies face? to appreciate the magnitude of the cyber virtually any digital asset that can be used threat and gives it inadequate prioritization for market advantage. Some of the newestMike: The list keeps growing, unfortunately, and resources. and fastest growing targets for thesebut some of the top ones come from criminal groups are mobile computingorganized crime groups in Eastern Europe Q. Which cyber crime trends should devices [see box overleaf].and Asia. Many of these groups control especially worry businesses?botnets that exploit the machines of hundreds Q. What are these hacking groups after?of thousands of innocent computer users, Tim: Cyber-based data destruction events Is there specific information about whichincreasing the reach and scale of their are increasingly common. In these events, companies should be especially concerned?criminal enterprises to unprecedented attackers destroy or ransom a corporation’sdimensions. They employ whatever hacking data. In other words, rather than stealing Mike: As much as I hate to give thismethodology works, often tailored to specific a corporation’s intellectual property, response, it depends. There are variationstargets of opportunity. Phishing schemes, these attackers forensically destroy data, among industries, but generally hackersmobile device exploits, advanced persistent making its recovery difficult. This causes are after almost any type of data or digitalthreats, social engineering, SQL injections – enormous injury to companies, including business asset that can be used to obtainall are attack modalities that companies need significant disruption to the continuity financial gain or competitive advantageto prepare for and address expeditiously. of business operations that can lead to lost in the marketplace. The exceptions are the production, lost revenue, remediation costs, so-called hacktivist groups which disruptTim: The internal cyber threat is also severe. and reputational damage. networks or publish sensitive internal dataIt may come from a disgruntled employee in the name of a cause.who steals trade secrets before leaving for Mike: We are also seeing more economicanother job or a vengeful systems espionage, much of it again originating Tim: Attackers engage in hacking for aadministrator who sabotages the network in Eastern Europe and Asia. Some is variety of reasons. The same motives thatafter hearing about his termination. It is state-sponsored. These cyber attacks target exist in the real world also exist inmade worse when a company’s leadership – a company’s trade secrets, confidential cyberspace – only the venue has changed. Annual Edition 2012/13  |  13

×