PwC’s latest study highlights that half of those UK organisations questioned have been the victim of fraud and/or economic crime in the last two years. More than half (51%) of the most disruptive crimes resulted in losses of over $100,000 (£72,000) compared to 37% globally. Nearly a quarter of UK victims (24%, to be precise) lost more than $1 million (£720,000) as a result.
Despite this, not enough is being done by UK organisations to actively prevent fraud. Only half of respondents to the PwC study reported having carried out a fraud risk assessment in the last two years. This is an important first step in the process to allow for the right prevention measures to be put in place.
These findings are taken from PwC’s ninth biennial Global Economic Crime and Fraud Survey, which is based on input from more than 7,000 business decision-makers across 123 countries, including 146 from the UK (32% C-Suite, 46% heads of department/business units).
Fran Marwood, forensics partner at PwC, said: “The cost of fraud to UK business continues to rise, due at least in part to the increasing threat from cyber fraud. While the direct losses are quantifiable, the wider effects can be far more damaging. UK organisations told us that the cost and disruption of sorting out the aftermath, as well as the effects on employee morale, business relations and brand are big hidden costs. Times of uncertainty and change often help fraudsters to exploit weaknesses in an organisation’s systems. In this current period of rapid business change, understanding the risks and possible avenues for attack is more crucial than ever. Against this backdrop, only half of UK businesses are currently analysing the risks posed to them by fraud.”
Untapped technology’s potential in tackling crime
This year’s study shows a shift towards technology-enabled crime, bribery and corruption as well as procurement fraud (see Figure 1 below). Cyber crime was the most prevalent (overtaking asset theft as the top fraud for the first time since the survey began back in 2002), and was experienced by nearly half (49%) of economic crime victims (global: 31%). 42% of respondents expect this to continue to be the most serious type of fraud in terms of business impact over the coming two years.
Marwood added: “Much of the cyber crime in the UK comes from external overseas threats. As the world’s fifth largest economy, it’s no surprise that the resources of UK organisations are seen as an attractive target by global fraudsters. Over half of respondents reported suffering phishing attacks, which are transacted on a large scale to play the odds. Ultimately, cyber defence relies on people understanding the threat. On that basis, training, awareness and escalation routes are just as important as defensive technology.”
Figure 1: Most commonly reported types of economic crime/fraud in the UK
Despite being faced with an ongoing flow of fraudulent activity, the research suggests UK organisations are relying heavily on people with the skills to detect it, rather than employing more advanced technologies. General anti-fraud controls were reported to be the most successful detection method (uncovering 19% of frauds), followed by tip-offs/whistleblowing (16%) and internal audit (15%).
While the majority of organisations are using technology to monitor or detect fraud in some way, it’s not always performing particularly well. Suspicious activity monitoring spotted 10% of fraud, while data analytics detected only 1% (the latter down from 8% according to the same study two years ago).
Anti-fraud technology has much more to offer, but UK organisations are behind the global average in its uptake. Around one-in-five firms have no plans to look at more advanced techniques – such as predictive analytics (19%) or machine learning (22%) – in order to combat or monitor fraud in future.
Marwood stated: “Technology is opening up more avenues for fraudsters, but also providing new and innovative ways of protecting against it. As economic crime continues to remain high, it underlines the need for new approaches. UK organisations are missing out on opportunities to detect anomalies in their data that might indicate fraud. It’s not about just plugging in a new piece of technology and hoping that solves the problem alone. Rather, it’s about harnessing the combined power of skilled people and the right technologies to stand the best chance of tackling the problem.”
Additional findings of the study
More than half (55%) of UK frauds were committed by external actors (eg hackers, customers and intermediaries were most common) versus a global average of 40%.
Of those frauds carried out by internal parties (33%), half were committed by senior management, which is up from 18% in 2016 and double that of the global average (24%).
There’s a sharp increase in reported bribery and corruption in the UK from 6% in 2016 to 23% in this year’s study. This is more likely to be as a result of the positive stance the UK has taken on anti-bribery measures (including the Bribery Act introduced in 2010) leading to increased transparency rather than an actual rise in cases.
UK organisations are spending more than ever on compliance. Over half (54%) have witnessed an increase in their compliance spend in the last two years compared to 42% globally.
In conclusion, Marwood told Risk UK: “The increase in reported bribery is of particular interest, coming at a time when UK business is ahead of most global territories from a compliance perspective, largely as a result of measures required by the UK Bribery Act. The effectiveness of these measures, the additional ethical due diligence being done and the huge compliance resources introduced over the last few years are clearly succeeding in flushing out historic cases. While increased levels of reported crime cannot always be directly equated to the actual crimes increasing, the study shows a greater awareness and understanding of the various types, perpetrators, impacts and costs of fraud among UK organisations. However, there’s still more work to be done, and particularly in terms of understanding and acting on the specific risks that today’s organisations face due to fraud, cyber threats and bribery, as well as investing in people and technology to combat the ever-evolving threat.”