The latest enterprise risk management news from around the world

Threat landscape: fraud is an increasing organizational threat that needs to be managed

Cyber crime tops the list of current threats facing businesses, while emerging risks from ESG-reporting fraud, and platform fraud could impact businesses in the future, according to PwC’s Global Economic Crime and Fraud Survey 2022. The report shows that organizations’ perimeters are vulnerable, and external fraudsters are becoming a bigger threat as attacks increase and become more sophisticated.

The survey of 1,296 business leaders from across 53 countries found that cyber crime, customer fraud, and asset misappropriation were the most common crimes experienced by organizations, regardless of revenue.
The report also showed that overall fraud and financial crime rates against business remained consistent since 2018 despite supply chain issues, environmental and geopolitical instability, an uncertain economy, and many emerging threats.

Larger companies are at greater risk for fraud

While just under half of organizations (46 percent) reported experiencing fraud or economic crime within the last 24 months, the impact of these crimes have been more substantial. Among companies with global annual revenues over $10 billion, 52 percent experienced fraud during the past 24 months. Within that group, nearly one in five reported that their most disruptive incident had a financial impact of more than $50 million. The share of smaller companies (those with less than $100 million in revenues) affected was lower; 38 percent experienced fraud, of which one in four faced a total impact of more than $1 million.

Cyber crime tops the list of threats

Cybercrime poses the biggest threat to small, medium, and large businesses, after the impact of hackers rose substantially over the last two years. The rise of digital platforms opens the door to myriad financial crime risks, and 40 percent of those encountering fraud experienced some form of platform fraud. In this year’s survey results, cyber crime came in ahead of customer fraud, the most common crime in 2020, by a substantial margin. 42 percent of large businesses reported experiencing cyber crime in the period, while only 34 percent experienced customer fraud.

Kristin Rivera, PwC Global Forensics Leader, PwC US, says: “Environmental, geopolitical, financial, and social pressures are creating a risk landscape that is more volatile than ever. At the same time, we're seeing an increase of threats from outside the organization as bad actors form fraudster groups to infiltrate digital platforms. Organizations need to be more agile than ever to respond to these converging threats, and adopt new approaches and technologies to predict and prevent fraud.”

Emerging risks

40 percent of organizations encountering fraud experienced digital platform fraud. The rise of digital platforms, such as social media, services (rideshare, lodging) and e-commerce, opens the door to fraud and economic crime risks.

Emerging risks, including ESG reporting fraud (the act of altering ESG disclosures so that they do not truly reflect the activities or progress of an organization) and supply chain fraud, have the potential to cause greater disruption in the next few years. For example, just 6 percent of organizations said they experienced anti-embargo fraud (participation in unsanctioned foreign boycotts) in the last 24 months. But that may change in the next 24 months as global sanctions rise to the highest levels in recent history.

Similarly, just 8 percent of those organizations encountering fraud in the last 24 months experienced environmental, societal and governance (ESG) reporting fraud. Yet, as ESG continues to increase in importance to stakeholders, the incentive to commit fraud in this area may grow.

Similarly, one in eight organizations experienced new incidents of supply chain fraud as a result of the disruption caused by COVID-19, and one in five sees supply chain fraud as an area of increased risk as a result of the pandemic.

Defence against external threats requires new thinking

The survey finds that threats from external entities are increasing, with perpetrators quickly growing in strength and effectiveness. Nearly 70 percent of organizations experiencing fraud reported that the most disruptive incident came via an external attack or collusion between external and internal sources.

Respondents indicated they are strengthening internal controls, technical capabilities, and reporting to prevent and detect fraud. However, defending against new external threats requires a different set of tools and a continuous focus on policies, training, controls and, increasingly, the use of sophisticated technology.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.