Fraud experts warn businesses of cyber crime risks

FRAUD experts in Birmingham have warned businesses to review and update IT system security in the wake of new statistics which show cyber security breaches are the fastest growing criminal activity in the world.

Over 44% of UK companies admit to having suffered at least one costly cyber security breach and corporate phishing has clocked-up a 185% increase in on-line banking and sales transaction fraud in the first half of last year, according to research by ZDNet and Cyberfraud.

Joint head of the specialist Fraud & Asset Recovery Department at law firm Challinors, Arun Chauhan, said: “The statistics are alarming. Experts are predicting that commercial ‘click’ crime, particularly in sales organisations, has the potential to accelerate out of control, as the threat of new techniques in business identity theft, spoofing software, spyware, hacking, adware, viruses and worms rapidly multiplies.

“There is significant evidence that hackers are now making major headway into penetrating firewalls to access business information from IT networks, whilst company employees download upgrades or supplier specifications.”

Elsewhere, Ernst & Young’s 11th Global Fraud Survey has shown that as companies return to growth executives believe their boards are not sufficiently prepared to deal with the new risks from fraud and corruption.

The survey reveals that 76% of respondents, globally and in the UK, feel their boards are increasingly concerned about their personal liability from fraud, bribery and corruption.

The responses of over 1,400 CFOs and heads of legal, compliance and internal audit, in major companies in 36 countries across the world, also show that fraud appears to be increasing significantly in some regions.

For example, in Western Europe, the number of companies that had experienced a significant instance of fraud in the past two years increased from 10% to 21%, while fraud levels also remain high in Latin America (21%), and the Middle East and Africa (18%).

The UK reported a marginal increase in fraud over the last two years (up from 13% to 14%). E&Y said encouragingly, UK results indicated higher levels of fraud response preparedness compared to Western Europe, with 78% of UK respondents reporting they had a clear process for reporting incidents to the board and 74% stating there were well-defined roles for the different stakeholders in investigations.

Jonathan Middup, E&Y’s fraud investigation & dispute services partner in Birmingham, said: “Increased enforcement against fraud, bribery and corruption is a priority in many major markets.

“Individual executives and directors will not be immune from prosecution. Indeed, the passage of the UK’s Bribery Act is the latest example of a more robust approach to punishing the unethical conduct of individuals and corporates, and one that may have extraterritorial application.”

Yet despite boards’ concerns around fraud, bribery and corruption, they do not appear to be behaving in a way that would increase their own protection, said E&Y.

Alarmingly, 18% of UK companies have not performed a fraud risk assessment within the last 12 months, while nearly one in 10 (8%) has never performed one.

The advisory firm said frequency of fraud risk assessments being performed in the UK lagged behind both Western Europe and the rest of the world, where figures show 14% and 11% respectively have not performed such an exercise in the last 12 months.

“Given the pressure on corporate resources, prioritising anti-fraud and anti-corruption efforts is essential,” added Mr Middup.

“Regularly scheduled assessments of risks in particular businesses and markets are prudent and help those in risk management functions to tackle the most pressing situations.”

Having coped through the downturn, many companies are now looking for new growth opportunities, which may come through entering new markets or making acquisitions.

E&Y said these efforts could expose companies to numerous new risks, including corruption issues. To minimise such risks, businesses it said, had to undertake thorough, focused pre-acquisition due diligence and post-acquisition reviews.

UK companies are significantly ahead of their peers overseas when it comes to performing pre-acquisition due diligence into fraud and corruption related risks –  52% said that they were always conducted.

Globally the picture is not so positive – 30% of all respondents stated they rarely or never undertook such procedures (Japan, 40%, Central and Eastern Europe, 38%).

The figures for post-acquisition reviews raise even greater concerns, with 42% of respondents globally and 47% of UK companies admitting that they rarely or never undertook such procedures.

A renewed merger and acquisition strategy also raised more specific concerns among respondents. Almost half (48%) of legal respondents worldwide interviewed are worried about competition risks arising from a push for growth, while 45% of global compliance functions reported that data security will be a significant issue in the next 18 months.

Responding to individual incidents or regulatory enquiries often requires extensive reviews of electronically stored information, including emails. Half of the legal respondents reported the significance of emails to investigations had increased in the last two years. However, 35% said they were planning to cut back on spending on email reviews, which implied a major focus on driving efficiencies.

“When growth returns, we expect more challenges, more potential for fraud, more exposure to corruption and more interest from regulators,” said Mr Middup.

“In the coming months, if they haven’t done so already, companies will need to review or improve their procedures to achieve long term sustainable and ethical growth.”