CCR Magazine

You are here  :Home arrow News arrow Risk News arrow Fraud Report reveals high levels of fraud, cyber and security incidents in the financial services
Contact Us Newsletter Signup RSS Feeds

Fraud Report reveals high levels of fraud, cyber and security incidents in the financial services PDF Print E-mail
Tuesday, 20 February 2018
Fraud, cyber, and security risks continue to reach high levels in the financial services sector, according to senior corporate executives surveyed worldwide for the 2017/18 Kroll Annual Global Fraud & Risk Report1. 

The proportion of executives reporting that their companies fell victim to at least one instance of fraud over the past 12 months was 91%, the highest figure of all sectors surveyed and seven percentage points above the global average (84%).

A larger than average proportion of executives from the financial services sector (89%) said their companies had experienced a cyber incident or information theft, loss, or attack over the past 12 months. Two thirds (66%) reported the occurrence of at least one security incident during the past year, nine percentage points above last year’s figure.

The Kroll Report reveals that respondents in the financial services sector are experiencing a heightened sense of vulnerability to fraud, cyber, and security risks, with information-related risks now being the area of greatest concern. As criminals and other threat actors continue to find new ways to monetize confidential data, including personal data, data assets are becoming increasingly valuable and attractive targets.

Confidential information subject to increasing threats

Information theft, loss, or attack was one of the most prevalent types of fraud experienced in the financial services sector, cited by 27% of respondents, up four percentage points from the previous year. Management conflict of interest was also top of the list, reported by 27% of executives.

More respondents from the financial services sector (89%) reported cyber incidents compared to the global figure of 86%. In the year when major viruses such as WannaCry and Petya hit across the world, almost a third (30%) of executives surveyed said their companies had been impacted by a virus or worm attack. Four in ten (41%) said they had suffered an email-based phishing attack and 34% suffered a data breach.

Physical theft or loss of intellectual property (IP) was by far the most prevalent type of security incident. Of those executives in the financial services sector whose company experienced a security incident this past year, 41% said their organizations fell victim to IP theft or loss.

Jason Smolanoff, Senior Managing Director and Global Cyber Security Practice Leader for Kroll, explained: “In a digitized world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats. Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetize confidential information, including personal data.

“People instinctively think about data being targeted by cyber attacks, but not all threats to information are confined to the digital realm. There is a convergence between physical and digital threats, with issues arising from equipment with sensitive data being stolen or lost, for example, or employees with access to highly sensitive information accidentally or intentionally causing a breach.”

Costly and wide-ranging repercussions
In addition to reporting extremely high incidence levels, respondents from the financial services sector indicated that the repercussions of fraud, cyber, and security events were costly and wide-ranging, affecting employees and customers, as well as the organization’s reputation and bottom line.

Employee privacy, safety, or morale was negatively affected by incidents according to 82% of respondents whose companies had experienced fraud, 78% of those that reported a cyber incident, and 87% of executives whose companies endured a security event.

Approximately three quarters of respondents stated that customers had been negatively impacted by all three risk factors – 72% by a fraud incident, 72% by a cyber incident, and 83% by a security incident. A similar proportion said that the impacted company’s reputation had suffered due to a fraud (70%), cyber (74%), or security (73%) incident.

Businesses suffered significant economic damage from fraud, with more than one in five respondents (22%) reporting losses of 7% or more of company revenues. Only 2% of respondents from the financial services sector reported this magnitude of financial impact in last year’s survey.

Executives feeling increasingly vulnerable to risks
The Kroll Report further reveals mounting concerns among surveyed executives about their companies’ potential exposure to fraud, cyber, and security risks. In particular, information-related risks overwhelmingly represent the top worries for respondents across all three risk categories.

More than half (54%) of respondents from the financial services sector believe their companies are highly or somewhat vulnerable to information theft, loss, or attack.

With reported cyber incidents at an all-time high and perpetrators seeming to develop new methods of attack virtually every day, at least half of all executives surveyed are apprehensive about every type of cyber incident identified in the survey – with 67% especially wary of data deletion.

The proportion of respondents from the sector who said they feel highly or somewhat vulnerable to physical security threats was also substantial. Almost two thirds (65%) of respondents stated their companies could be particularly prone to physical theft or loss of IP, the greatest single concern.

Culprits inside and outside
Insiders and ex-employees continue to pose the greatest fraud threat to companies in the financial services sector. Respondents revealed that fraud incidents are often inside jobs perpetrated by one or more of the following: ex-employees (39%), junior employees (33%), or vendors/suppliers (33%).

Random perpetrators were the main culprits of cyber incidents (38%) while ex-employees were responsible for 49% of security incidents reported by executives in the financial services sector.

Imperative to mitigate risks
Nearly all anti-fraud measures mentioned in the survey were widely adopted by over 70% of respondents in the financial services sector, with information (IT security/technical countermeasures) the most widely implemented anti-fraud measure at 84%.

Cyber security is rapidly becoming a board governance mandate as the anticipated likelihood of an incident grows, compounded by increasing regulatory pressures and the costly reputational risks associated with data privacy and data loss events. 36% of respondents currently involve the board of directors in the formulation of cyber security policies and procedures, and another 56% plan to do so in the next 12 months.

A large proportion of respondents have adopted security risk mitigation measures, but given the high incidence and feelings of vulnerability around theft/loss of IP, it was surprising to see that only 73% of respondents have a plan for securing intellectual property. However, almost a quarter (24%) of respondents plan to implement these measures over the next 12 months.

Kroll CEO David Fontaine commented: “Senior executives are becoming acutely aware that threats to their organizations can arise at any time and originate from any place. Insiders and ex-employees continue to pose a significant threat and have, together with external criminals and threat actors, more tools at their disposal than ever before with which to target and exploit companies.

“In the face of these mounting threats, organizations seeking to manage and mitigate the possibility of loss must take a holistic approach to enterprise risk management and implement diverse and layered measures that can enhance their ability to anticipate, detect, and respond to threats rooted not only in human error or intentional misconduct, but also in technological or internal control gaps.”

 Forums International Ltd

Forums International Ltd

 Attendance at your first meeting is free of charge, and please quote reference 'CCR2016' to receive the special 10% discount off of your first annual subscription.

Find out more here.

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online

Risk Sponsor

This Risk News section is currently available for sponsorship.

Please click here to contact us about our site sponsorship opportunities.


CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road

Registered in England No: 05483197