For the seventh year running, The Economist Intelligence Unit, commissioned by Kroll, surveyed senior executives from around the world across a wide variety of sectors and functions. This year’s 901 respondents report that fraud remains a widespread problem regardless of the industry or region in which their businesses operate. It is also as protean, and hence unpredictable, as ever. The results of our 2013 report reveal a number of key insights:
1. The incidence and costs of fraud rose markedly in the past year, in turn driving up companies’ sense of vulnerability.
According to this year’s survey, the level of fraud increased by every measure in the past 12 months, reversing recent trends. Overall, 70% of companies reported suffering from at least one type of fraud in the past year, up from 61% in the previous poll. Individual businesses also faced a more diverse range of threats: on average, those hit in the past year suffered 2.3 different types of fraud each, compared with 1.9 in 2012. Finally, the economic cost of these crimes mounted, increasing from an average of 0.9% of revenue to 1.4%, with one in ten businesses reporting a cost of more than 4% of revenue.
The damage occurred in a wide variety of ways. Every kind of fraud covered in the survey saw an increase in incidence, with vendor, supplier or procurement fraud and management conflict of interest seeing the biggest growth.
The survey offers little hope for relief on the immediate horizon. Of those surveyed, 81% believe that their firm’s exposure to fraud has increased overall in the past 12 months, up from 63% in the previous survey. Respondents attribute this increase to the complexity of information technology (IT) infrastructure, high staff turnover and entry to new, riskier markets.
Just as striking, the share of respondents perceiving a high threat from individual types of fraud has more than doubled in every case. As previous reports have discussed, recent experience with fraud tends to raise feelings of vulnerability, but the sharp growth in the latter this year far outpaces even that of fraud incidence. This suggests that companies are becoming increasingly sensitised to the threats they face and their (sometimes) inadequate protection.
Perhaps the most worrying finding in this year’s survey is that, for six of the 11 types of fraud covered by the survey—corruption, money-laundering, regulatory breach, misappropriation of company funds, IP theft and market collusion—the percentage of executives admitting that their firms are highly vulnerable to fraud was higher than the proportion of companies that have been hit in the past year. This indicates that fraud has fertile soil in which to grow.
2. Information-related fraud is common and evolving, but many companies are not prepared if things go wrong.
Information theft remains the second most common fraud, affecting more than one in five companies over the past year, and three-quarters of respondents describe their businesses as at least moderately vulnerable. Looking ahead, complex IT structures are the most commonly cited reason for an increase in overall fraud exposure (named by 37% of respondents), suggesting that there will be no quick diminution of the threat.
Information theft, like most types of fraud, is typically an inside job: of those hit in the past year in which the attacker is known, 39% say it was the result of employee malfeasance, roughly unchanged from the 37% in last year's survey. Nevertheless, greater exposure to fraud from IT complexity is being exploited increasingly by outsiders. In this year’s survey, 35% of information-theft victims who know the source of the attack report that it was an external hacker, up from 18% in 2012. In addition, 17% of this group suffered as a result of a hacker attack on a vendor or supplier, compared with 5% in the previous survey.
Despite growing concern about information theft and the evolving nature of the threat, preparedness is far from universal. Of those surveyed, 68% say that they currently invest in some sort of IT security, which raises the question of how exposed the other one-third might be.
Looking more closely at these investments, although 66% of respondents say that their firms regularly assess the security of their data and IT infrastructure, only around one-half have a current information security incident response plan [see table]. For professional services, the equivalent figures are particularly low, at 51% and 33% respectively, despite sensitive client data being central to many of their activities. Given the breadth of the problem, giving more attention to this is area is something worth considering.
3. Fraud remains an inside job, but so does its discovery.
As reported in our earlier surveys, fraud is typically carried out by employees within the company. For the firms that had suffered fraud and the perpetrator was known, 32% had experienced at least one crime where a leading figure was in senior or middle management, 42% in which the incident involved a junior employee, and 23% where it was an agent or intermediary. Similarly, as noted above, employee malfeasance remains the most common driver of information theft. Overall, 72% of those surveyed say that their company has been hit by a fraud involving at least one insider in a leading role, slightly up from 67% last year.
However, this year’s survey also shows that most types of fraud are discovered internally. Management's discovery of the crime was the most common reason for it coming to light, playing a role 52% of the time when a fraud was exposed, followed closely by internal audits (51%). Only in 10% of such cases did an external audit play a role.
Although senior employee alertness and audits are essential to combating fraud, these mechanisms can be weaker when senior employees themselves are the culprits. For example, according to the survey results, internal audits are slightly less likely to be involved in the uncovering of crime when senior or middle management is involved. Whistle-blowers are therefore an important means to expose wrongdoing. Of those hit by fraud, 32% report that whistle-blowers were responsible for its discovery at their company. More striking, such a tip-off played a role in 41% of the cases in which senior or middle management was involved in the fraud.
Surprisingly few companies, however, are cultivating whistle-blower programmes. Only 52% of those surveyed report that they have already invested in staff training about fraud and the creation of whistle-blower hotlines, and just 43% say they intend to increase their investment in this area in the coming year. This may be short-sighted. With most fraud conducted by insiders, helping employees to recognise and report red flags will have clear benefits for companies.
4. Global business practices often increase fraud exposure.
Globalisation has changed the way business operates. Companies have for some years now been in search of bigger international markets, while at the same time striving to become leaner. The latter typically involves becoming more focused on areas where they have a strategic advantage, while finding ways for others to do the rest through outsourcing or partnerships.
Less appreciated is that these shifts, however profitable, lead to a higher risk of fraud in a variety of ways. For example, 30% of respondents report, that entering new, riskier markets has increased their exposure to fraud in the past year. In the same period greater levels of outsourcing and offshoring raised fraud risk for 28% of those surveyed, and increased collaboration in the form of joint ventures and partnerships for 20%. Overall, 54% of respondents report increased exposure owing to at least one of these factors.
The dangers of new business norms are feeding into other fraud figures. Of the companies that were hit in the past year and where the perpetrator was known, 30% suffered at the hands of vendors or suppliers and 11% at those of their joint-venture partners. Similarly, procurement fraud was the fourth most common type of those covered in the survey this year (19%) and saw the biggest increase compared with last year.
Given the high level of risk, a surprisingly small proportion of companies are taking action. Only 43% intend to invest in greater due diligence for partners or vendors over the next 12 months. One of the reasons may be that, in the search to reduce costs—a permanent feature of global competition—fraud prevention can get left to the side: 20% of respondents report that a lack of resources or an insufficient budget to support compliance infrastructure is increasing their exposure to fraud. Companies need to be prepared for the dangers of fraudsters operating in the same global marketplace as they do.
5. Those with local knowledge see fraud risks everywhere.
Certain regions have a reputation for high levels of fraud. It comes as no surprise, therefore, that 13% of all respondents were dissuaded in the past year from operating in Africa, and 11% in Latin America, from their experience or perception of fraud.
More striking is the degree to which fraud is keeping companies from making local investments, even in regions where the problem is thought to be relatively well controlled, particularly North America.
Even in a globalised world, companies typically invest closer to home. These figures therefore suggest that both the existence or appearance of fraud is a substantial drag on possible new investment and that outsiders coming in need to be aware of risks even in regions with a reputation for low levels of fraud.