- Today’s companies face a ‘perfect storm’ of fraud-related risks – internal, external, regulatory and reputational.
- Over half of Australian companies surveyed were affected by economic crime in the last two years.
- Organisations must use new technologies and new ways of thinking to stay ahead of economic criminals.
Over half of businesses say they’ve been the victim of economic crime, Australian statistics from PwC’s Global Economic Crime and Fraud Survey 2018 reveal.
The survey, which quizzed 7,200 respondents across 123 territories, seeks to pull fraud from out of the shadows and shed light on the strategic challenges confronting organisations today.
What’s clear from the results is that many companies under-utilise available technology that can catch – as well as predict – fraudulent activity. It is time for a change in mindset to one that encompasses a holistic view of fraud, and to treat it with a respect for the scale and impact that it has.
It’s time to treat fraud as the biggest competitor you didn’t know you had.
Continuing a trend that has been developing over the last eight years of the survey, the threat of criminal activity is increasingly originating from outside Australian organisations. In 2018, this accounted for 64% of fraudulent crimes experienced, an 11% increase since 2016, and far above the global average of 50%.
Australian companies have quite a different fraud profile than the global average. Consumer fraud (that is, credit card, insurance, mortgage and identity fraud), cybercrime and business misconduct make up the top three types of economic crimes experienced in the last two years. Globally, it is misappropriation of assets that is most prevalent.
Unlike the global profile, local businesses seem to have far fewer incidents of fraud occurring from inside company walls; in 2018 amounting to 29%. This is close to the UK’s 33%, but pleasingly, far lower than the United States’ 43% and global average of 53%.
Less happily however, the majority of external crimes perpetrated against Australian businesses (60%) are from ‘frenemies’ – people close to the organisation but not direct competition/enemies. A large part of this is fraud perpetrated by customers, but vendors, service providers and consultants are also in the mix.
Regardless of where it’s coming from, today’s cybercriminals are as savvy and professional as the businesses they attack. And it isn’t just the impact of the stolen assets that has to be considered. Reputational risk is increasing in step with society’s growing demands for transparency. Over the next 24 months, Australian organisations expect cyber to be the most disruptive type of economic crime.
Because of the complexities of fraud, not just technologically, but also as a result of conditions and human motivations, a perfect storm is developing. Businesses face economic crime on multiple fronts – internally, externally and reputationally – and addressing that requires a new way of thinking.
The survey suggests that organisations need to develop a mindset that “recognises the true shape of the threat: not merely a cost of doing business, but a shadow industry which can impact every territory, every sector and every function.” This thinking acknowledges that, at some level, fraud is already affecting your business; it is not a case of when, but how.
A focus on prevention should be key, not just detection. Just 60% of Australian businesses surveyed had conducted a general risk fraud assessment in the last two years. This means that 40% of companies do not know even the basics of where they stand when it comes to their vulnerabilities. Given the intricate ecosystem of suppliers and organisations that make up our economic landscape, these numbers, though better than the global averages, are not good enough.
And while external fraud is on the rise with the increased sophistication of cyber attacks, almost a third of economic crime is coming from employees, particularly lower to middle management. Addressing this is, in part, a matter of understanding and appealing to human behaviour alongside changes to organisational culture.
While the vast majority of Australian organisations know that digital technologies improve real-time monitoring and actionable insights, only 40% are using, or even planning to use, techniques such as advanced analytics or artificial intelligence.
But to stay ahead of the curve, advanced technology is imperative to generating timely insights that may not be possible by human analysis alone, nor in time to implement a solution. Not only can such digital solutions alert to fraud as it happens, they can also be used to illuminate connections between incidents, provide clues and corroborating data for investigations, compliance or remediation, and alert to potential blind spots within and without of the organisation.
Machine learning, natural language processing/generation, voice recognition and predictive analytics are just some of the methods that emerging technology can use to more successfully fight crime. Companies have thus far derived the most value from monitoring – such as email monitoring, transaction testing or anomaly detection – but the majority are yet to have seen as much value from employing data scientists and leveraging big data for predictive insights. In part, this may be due to an investment in technology that is not then implemented to its full potential.
Ironically, it is companies in developing nations that are investing in advanced technologies at the fastest rates. Using such cutting-edge technology may indeed allow these countries to catch-up to developed nations that have already invested considerably, yet not made the most of their investments.
Cyber in particular needs a response program that addresses threats at all levels and in all areas of the business. But only 56% of Australian companies surveyed said they had such a program in place, 3% lower than the global average.
Technology is a double edged sword. And while it is expensive, sometimes prohibitively so, there is a strong business case for investing in areas such as detection, authentication and the reduction of customer friction. It needs to be used not just to monitor, but to analyse, learn and predict human behaviour.
As the report summarises, “the business case for investment in anti-fraud technology goes beyond protecting the organisation from reputational, regulatory and/or financial damage. It also includes reducing the cost of fraud prevention through efficiencies.”
Internally, technology will not always catch fraud – in particular this is true as regards the global rise in fraud occurring at higher management levels, where there is the ability to circumvent or override controls. But by addressing fraud as a whole of business problem – which includes aspects of technology, culture, incentives and access – companies can ensure that they are ahead of the curve, and the fraudster.
With thanks to Warren Brown, a senior manager in PwC Australia’s Cyber & Forensics unit.