Despite drop in fraud, businesses told to remain vigilant

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.networkworld.com/news/2013/102313-despite-drop-in-fraud-businesses-275157.html?source=nww_rss

Lower fraud rates are giving many companies a false sense of security and
U.S. organizations are particularly good at ignoring trends that point to
the need for vigilance, a global study found.

The number of companies reporting at least one incident of fraud fell to 61
percent from 75 percent the previous year, according to the annual Global
Fraud Report released Monday by Kroll Advisory Solutions, a security
consulting firm. The drop was the second in as many years.

Less fraud meant the average cost to businesses fell to 0.9 percent of
revenues from 2.1 percent. These two trends made companies feel much safer
with the number saying their exposure to fraud had increased falling to 63
percent from 80 percent.

Despite the encouraging numbers, Kroll warned that that "letting down one's
guard can have dire consequences."

"Companies must remain vigilant as the methods and tools employed by
fraudsters continue to evolve," Tom Hartley, president and chief executive
of Kroll, said in the report.

U.S. companies experienced similar trends, the study found. However, half
the frauds covered in the survey were more prevalent in the U.S. than the
global average and the amount of money lost was also higher at 1.1 percent
of revenue. However, that number was less than the prior year's cost of 1.9
percent.

U.S. companies were also less like than the rest of the world to have
anti-fraud strategies in places and the number of companies planning to
spend more in the coming year to combat fraud was also lower.

"If businesses in the United States want to address their ongoing fraud
issues, they will need to get more active," the report said.

Information theft was the most common fraud in the U.S. with 26 percent of
companies surveyed reporting at least one incident. That number was largely
unchanged from the previous year, yet the proportion of companies
describing themselves as highly or moderately vulnerable to information
theft fell nearly 20 percentage points to 33 percent.

Theft of physical assets, the most common fraud for the rest of the world,
was second in the U.S.

The complexity of information technology within U.S. companies was cited as
the biggest driver of fraud. In addition, American businesses were the most
likely in the world to report an attack from an outside hacker.

Nevertheless, insiders were by far the most likely to commit fraud. More
than two thirds of all the companies surveyed that reported at least one
incident of fraud said an insider was the key perpetrator or at least one
of the lead culprits. That number was up from 60 percent the prior year.

Insiders tended to either act alone or with peers. Those acting alone were
usually junior employees, senior managers or agents of the company.

The global study, conducted by the Economist Intelligence Unit in July and
August 2012, was based on a poll of 839 senior executives from a wide
variety of industries, ranging from financial services, retail and
telecommunications to healthcare, pharmaceuticals and manufacturing. More
than half of the respondents represented companies with more than $500
million in revenue.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.