Criminals and employees are more likely to be stealing information from companies rather than physical devices, according to a report examining fraud trends.
For the first time, companies are reporting more electronic data theft than
physical thefts, said London-based risk consultancy Kroll.
Kroll's "Global Fraud
Report," an annual report on international
fraud trends released on Oct. 18, surveyed more than 800 senior executives
worldwide and across a range of industries in July and August. The results in the
2010 study showed electronic and information theft at 27.3 percent of total
fraud losses, compared with 27.2 percent for physical theft of cash, assets and
inventory, Kroll said. Physical theft was the most widespread form of fraud by
a considerable margin in previous Global Fraud Reports.
"Much more work is done electronically, and that creates new
opportunities for fraud. It takes time for companies to catch up with
that," said Tommy Helsby, Kroll chairman for Europe,
Middle East and Africa, to
According to the report, fraudsters are not switching away from other forms
of fraud. Instead, information theft grew significantly to overtake physical
theft and other types. "Information-rich industries" were the most
vulnerable. Financial services had by far the highest level of electronic
theft, followed by professional services and then technology, media and
telecoms, according to the survey.
Criminals generally target physical assets because they are frequently
simple to steal and have a tangible monetary value associated with them. The
increasing prevalence of information technology means the same things apply to
data, making it a lucrative target.
Poorly defended systems are easy to exploit, whether it's by sophisticated
hackers or disgruntled employees walking out with the company's sensitive data
on a USB stick, the researchers said.
Businesses lost almost $1.7 million per billion dollars in sales worldwide
compared with the $1.4 million per billion dollars reported in 2009.
The company's own employees were a threat, with fraud more often being an
"inside job," according to the survey results. Junior employees and
senior management were the most likely perpetrators of fraud. Staff or agents
were the most common perpetrators of fraud in every region except Latin
America, where customers were the principal fraudsters, said the
Respondents were more likely to say their companies were more vulnerable to
information theft or attack than to other types, said the survey. This type of
crime was regarded as the greatest weak spot for financial services and
professional services firms.
Worries over fraud, namely corruption, deterred almost half of the companies
in the survey from expanding into some key markets, such as China
and Latin America, the surveyed executives said. The
most frequently named markets were China
and Africa, with 11 percent of the responders each
deciding not to expand there. Latin America was close
behind, named by 10 percent.
the highest level of fraud, with nearly 98 percent of businesses affected,
followed by Colombia
with 94 percent and Brazil
with 90 percent, according to the survey. While there have been many reports of
other countries or state-linked companies stealing intellectual property from
firms, Helsby said he could not say whether this was increasing or not.
American companies currently have a "benign" fraud environment,
the survey found, reporting less fraud across all types except for information
theft. Fraud in this area was 32 percent, according to the survey, exceeding
the survey average of 27 percent. Phishing
was the most frequently named form of attack in the survey.
However, only 34 percent of North American respondents considered themselves
to information theft, and IT
security budgets declined this year, confirming results from similar
Only 48 percent of companies in Kroll's survey were planning on spending
more on information security in the next 12 months, down from 51 percent last
In the survey, 88 percent reported being hit by at least one type of fraud
in the past year. This was fairly consistent across every region, Kroll said.
"There's a real range of dangers," said Helsby. "It can be
simple theft or the risk of reputational damage if your firm loses customer
data. That itself could be an existential threat to your business."