Fraud, cyber and insider threats plague businesses as incidents reach all-time high
- The number of fraud and cybersecurity incidents keeps climbing, according to the Kroll Annual Global Fraud and Risk Report. The percentage of companies worldwide experiencing a fraud incident reached 84% in 2017, up from 82% in the year before. Fraud levels have increased every year since 2012, when 61% of companies reported such incidents.
- There is an escalating threat to confidential information as well, with 86% of executives saying their companies experienced a cyber incident or information theft, loss, or attack over the past 12 months, slightly up from 85% in 2016. Another 70% reported they had sustained at least one security incident during the past year, compared to 68% the previous year.
- Survey respondents said they are experiencing a heightened sense of vulnerability to fraud, cyber and security risks. Information-related risks are now the area of greatest concern. Criminals and other threat actors keep finding new ways to monetize confidential data, and personal data and data assets are becoming increasingly valuable and attractive targets.
This was the first time in the 10-year history of the Kroll Report when information theft, loss or attack was the most prevalent fraud, according to a press release. It was cited by 29% of respondents, up 5 points from the 2016 report, and surpassed the theft of physical assets or stock, the most common type of organizational loss in the past, which this year ranked second, at 27%.
Cyberattacks are one of the most persistent threats to confidential data, but the occurrences of every type of cyber incident included in the survey increased. There are mounting concerns among executives in the sample about their companies' potential exposure to fraud, cyber and security risks.
Former employees and insiders pose the greatest threat. Respondents reported that fraud, cyber, and security incidents are often inside jobs committed by management or current, former or temporary and/or freelance employees.
Cyberthreats can often emerge from a negligent approach to technology. If a company does not invest in modernizing technology systems and improving internal cyberthreat response, it is doomed to experience consistent flaws and potentially crippling data breaches.
And whether an insider threat stems from malicious behavior or naiveté, business stakeholders and C-suite members could still be held liable.
The answer for many companies is to carry a healthy dose of skepticism when it comes to cyberthreats. Understanding just how severe impacts of cybersecurity incidents can be on a business will help organizations mature technology portfolios.
Follow Naomi Eide on Twitter