- In the last two years, nearly half of surveyed respondents reported a fraud committed against them.
- Fraud is on the rise — U$S42B in the last two years lost in total — and with COVID-19 changing business patterns, opportunities for threats to take hold are very real.
- There are significant threats in companies’ ability to prevent and respond to incidents, but they can help protect themselves with three key actions.
Fraud and economic crime were already at record highs before the COVID-19 pandemic hit. Nearly half of the more than 5000 respondents that PwC surveyed for this year’s PwC Global Economic Crime and Fraud Survey reported that they had experienced a fraud event in the past two years, losing a total of US$42billion.
Many businesses were still getting their heads around the threats they were exposed to, the technology that could help them and the actions to take. In the wake of a pandemic that has affected almost every aspect of business, coupled with a subsequent economic downturn, efforts have met with an added layer of complexity.
To emerge stronger from the disruption and uncertainty of COVID-19, organisations will, more than ever, need to avoid creating inadvertent opportunities for fraudsters and put in place measures to minimise risk.
Fraud is a complex issue and one where losses (from financial to fines, brand to market position) are varied and difficult to tally. It can come from inside and outside a company’s walls, takes many forms and can be hard to predict. It’s also costly. Roughly 13 percent of global respondents who experienced fraud in the last 24 months lost more than US$50 million. In Australia, 40 percent of respondents lost more than AU$1.4 million and 22 percent over AU$7.1 million.
In this year’s survey, 47 percent of participants said they had experienced fraud in the last two years. In Australia that number was 35 percent, and while Australian businesses do seem to be experiencing less fraud than their global counterparts, this figure may reflect a lower maturity in detecting fraud. Adding weight to this theory, only 38 percent of Australian organisations surveyed indicated they conducted an investigation into their worst fraud event, compared with the global figure of 56 percent.
While variations exist across industries, customer fraud was the most frequent threat faced by global businesses at 35 percent, followed by cybercrime at 34 percent, asset misappropriation at 32 percent, bribery and corruption at 30 percent and accounting/financial statement fraud at 28 percent.
In Australia, the top four frauds were similar, with cybercrime, customer, accounting/financial statement and asset misappropriation topping the most frequent list. And while bribery was not in the top four, almost one in five Australian respondents reported that they were asked to pay a bribe in the last 24 months.
Notably, Australians reported that over half of their incidents were perpetrated by external actors, significantly higher than the global result of 39 percent — with special note of its high rate of occurrence in financial services. This appears to reflect the fact that the opportunities for third-parties to commit fraud have increased in recent years, as more Australian companies have outsourced non-core competencies to contain costs. These frauds, committed by vendors and suppliers, are some of the most disruptive external fraud incidents, yet despite this, 21 percent of global companies said they had no third-party due diligence or monitoring.
Responding to the threat in uncertain times
With the average financial impact of incidents of fraud trending upwards worldwide, the ability to respond effectively is becoming more critical. Yet there are gaps in fraud prevention — six in ten companies have no program to address bribery and corruption risk, and nearly half aren’t performing formal risk assessments (up to 63 percent for Australian businesses). Only 8 percent of Australian companies said that they have dedicated anti-fraud resources with expertise, compared with 14 percent globally, and 32 percent said they had no budget, governance or resources to address fraud, compared to 15 percent globally.
But there are actions that businesses can take that are effective in helping to combat fraud. Three in particular will, with the right technology, help to fill the gaps in preparation.
- Identify risks and address by priority — Gather internal information from all organisational stakeholders and geographies to identify risk. Reassess regularly.
- Back-up technology with governance, expertise and monitoring — One technology tool alone won’t detect or protect from all kinds of fraud. Expert resources, data management and visibility, robust controls and regular monitoring should back up any technology used.
- Pay attention so that you can escalate, triage and respond — Once fraud has been detected, the ability to react quickly and effectively is critical and needs the right people, processes, and technology to limit damage. Disruptive fraud can also be a trigger for broader organisational transformation, so be ready.
Though these three actions are important, the underlying technology is also important. Unfortunately, even those who have invested in anti-fraud technology have revealed concerns about deploying it to best effect. Over one in four Australian respondents identified cost as the biggest barrier to implementing prevention technology, similar to the global percentage.
Additionally, the proportion of Australian companies with no plans to use AI is higher than the global average across all forms, including machine learning and biometric authentication. There’s an opportunity for companies in Australia to differentiate and elevate their anti-fraud capabilities to a new level by increasing their use of AI and other disruptive technologies.
The good news is that there is a clear link between investment made upfront, from technology such as anti-fraud programs and capabilities, to resources and programs, and reduced cost when fraud strikes. For instance, globally, companies with dedicated fraud programs reportedly spent 42 percent less on response and 17 percent less on remediation than those with no program in place.
For businesses, no matter where they reside, now is the time to develop incident response capabilities or to assess and refine those already in place. Cyber risks bought by the COVID-19 pandemic and state-based actors are exposing organisations to untold risk. Being prepared to detect, manage and respond to them needs to be a priority.
For further insights into how fraud is affecting companies and information on how to protect your business value, download the Australian or global insights from the PwC Global Economic Crime and Fraud Survey.