For the first time, companies are reporting more electronic data theft than physical thefts, said London-based risk consultancy Kroll.
Kroll’s “Global Fraud Report,” an annual report on international fraud trends released on Oct. 18, surveyed more than 800 senior executives worldwide and across a range of industries in July and August. The results in the 2010 study showed electronic and information theft at 27.3 percent of total fraud losses, compared with 27.2 percent for physical theft of cash, assets and inventory, Kroll said. Physical theft was the most widespread form of fraud by a considerable margin in previous Global Fraud Reports.
“Much more work is done electronically, and that creates new opportunities for fraud. It takes time for companies to catch up with that,” said Tommy Helsby, Kroll chairman for Europe, Middle East and Africa, to Reuters.
According to the report, fraudsters are not switching away from other forms of fraud. Instead, information theft grew significantly to overtake physical theft and other types. “Information-rich industries” were the most vulnerable. Financial services had by far the highest level of electronic theft, followed by professional services and then technology, media and telecoms, according to the survey.
Criminals generally target physical assets because they are frequently simple to steal and have a tangible monetary value associated with them. The increasing prevalence of information technology means the same things apply to data, making it a lucrative target.
Poorly defended systems are easy to exploit, whether it’s by sophisticated hackers or disgruntled employees walking out with the company’s sensitive data on a USB stick, the researchers said.
Businesses lost almost $1.7 million per billion dollars in sales worldwide compared with the $1.4 million per billion dollars reported in 2009.
The company’s own employees were a threat, with fraud more often being an “inside job,” according to the survey results. Junior employees and senior management were the most likely perpetrators of fraud. Staff or agents were the most common perpetrators of fraud in every region except Latin America, where customers were the principal fraudsters, said the report.
Respondents were more likely to say their companies were more vulnerable to information theft or attack than to other types, said the survey. This type of crime was regarded as the greatest weak spot for financial services and professional services firms.
Worries over fraud, namely corruption, deterred almost half of the companies in the survey from expanding into some key markets, such as China and Latin America, the surveyed executives said. The most frequently named markets were China and Africa, with 11 percent of the responders each deciding not to expand there. Latin America was close behind, named by 10 percent.
China had the highest level of fraud, with nearly 98 percent of businesses affected, followed by Colombia with 94 percent and Brazil with 90 percent, according to the survey. While there have been many reports of other countries or state-linked companies stealing intellectual property from firms, Helsby said he could not say whether this was increasing or not.
North American companies currently have a “benign” fraud environment, the survey found, reporting less fraud across all types except for information theft. Fraud in this area was 32 percent, according to the survey, exceeding the survey average of 27 percent. Phishing was the most frequently named form of attack in the survey.
However, only 34 percent of North American respondents considered themselves vulnerable to information theft, and IT security budgets declined this year, confirming results from similar studies recently.
Only 48 percent of companies in Kroll’s survey were planning on spending more on information security in the next 12 months, down from 51 percent last year.
In the survey, 88 percent reported being hit by at least one type of fraud in the past year. This was fairly consistent across every region, Kroll said.
“There’s a real range of dangers,” said Helsby. “It can be simple theft or the risk of reputational damage if your firm loses customer data. That itself could be an existential threat to your business.”