Fraud, a risk increasingly faced by businesses

Mobile Internet has increased substantially over the years. In 2005, only 10 percent used mobile Internet. This rose to 99.2 percent of the Dutch population by 2021. This also makes organizations more vulnerable to various forms of fraud. Fraud comes in many forms, and fraudsters are creative and learn quickly. New methods are constantly being discovered as well as increasingly sophisticated techniques, so there is a continuous battle between the prevention approach and the fraudsters.

We distinguish two forms of fraud; internal fraud and external fraud. Fraud is defined as intentional deception to obtain undue advantage. Usually this is financial gain, but it can also involve goods or fraud in the workplace to benefit one’s own position.

Internal fraud

It is not always the stereotypical devious hackers who commit fraud. Often the approach is surprisingly simple and fraud is perpetrated by employees from within the organization. In most cases, therefore, it does not involve large-scale financial fraud but there is reason enough to remain alert.

Forms of internal fraud include: time fraud, misappropriation of money or property and expense report fraud. In particular, time fraud is a growing problem. Working from home often means less control, increasing the opportunity for fraud. The temptation to call in sick more easily with corona is another reason. The misappropriation of money or property (digital or otherwise) has long been a problem for many organizations. However, the financial impact varies by organization. This type of fraud can include the theft of (office) items as well as the wrongful submission of claims. A greater impact can be caused by selling or giving confidential business information to a competitor.

External fraud

Professional criminals are increasingly targeting the business community, increasing the threat to the business community from outside the organization. Cyber risks and digital fraud, in particular, are serious issues that many companies are increasingly facing.

Examples of external fraud include invoice fraud and identity fraud. Invoice fraud involves paying an invoice to a forged sender and/or account number. The relationship of trust between a customer and his supplier is being abused here. Identity fraud occurs when false identity information is misused and, for example, items are ordered in someone else’s name and then not paid for.

A common form of identity fraud is CEO fraud. Given its sensitivity, this type of fraud is often kept out of the public eye. That this form of fraud can have a major impact on organizations is demonstrated by well-known examples such as at cinema chain Pathé (total damage EUR 19 million) and steel company Jewo metal (total damage EUR 11 million).

Several recent surveys show that about half of businesses have experienced various forms and attempts of fraud in the past two years. The most common fraud is digital fraud, about which more later in this newsletter.

Actions to be taken and resilience

There are several measures that can be taken to increase the resilience of organizations. But, of course, it starts with realizing that fraudsters’ chances of success increase when their actions resemble common communications. To this end, they are increasingly successful, making fraud attempts increasingly successful. Through social media, we share more and more information about our business and social lives. Criminals use this information to prepare their actions. They use our own information to deceive us.

The large-scale digitization and shift to working from home over the past two years have had a huge impact on the risk management of organizations. As conditions change, so do the risks to the organization. As a result, risk management also has to deal with the necessary adjustments and there are implications for the various control measures. The measures and adjustments to be taken vary from organization to organization but have the same basic principles. It begins with the identification and assessment of changes that materially affect strategy and business objectives. Again, we distinguish between internal and external influences.

Internal influences:

Rapid growth: when an organization grows rapidly and when activities expand rapidly, existing structures, business activities, information systems or resources may be affected. Risk management resources, roles and responsibilities may need to be redefined.
Innovation: when innovations are introduced, management measures will likely need to be modified. New technology can also improve organizations’ risk management.
Governance: a change in top management impacts risk management. A newcomer to management may not yet fully understand the culture of the organization and have a different philosophy, or may focus exclusively on performance and have less affinity for risk management.
Personnel; the changes in the workforce, many interim, many open positions mean that roles and responsibilities must be regularly reviewed.

External influences:

Changing regulatory or economic environment: changes in regulations or in the economy can lead to increased competitive pressures, changes in operational requirements and various risks.
New technologies such as blockchain, platforms and Artificial Intelligence
Demographic, geographic and economic trends
Increasing complexity in the production chain
Increasing transparency requirements

In many organizations, these changes are high on the agenda because of an awareness of changing or evolving risks. However, concretizing policies and taking concrete measures has not yet been fully implemented within every organization. Investment does become more and more common to manage risk. Consider cyber insurance and, for example, purchasing and implementing technology that better protects the organization from outside threats, such as a more secure login system or VPN connection.

Digital fraud

Earlier in this newsletter, we stated that fraud is increasingly digitizing and shifting to online. This development combined with the increasing reliance on ICT of organizations means that the impact of digital fraud is therefore increasing significantly. Digital fraud has several characteristics. For example, the fraudster usually enters through e-mail and deepfake technology is often used, involving manipulated audio and video footage. The requests are often very urgent and come from high-ranking or important people from inside or outside the organization and often deviate from normal procedure. Typically, fraud is attempted through an inexperienced or new employee who is not (yet) completely familiar with normal processes and practices.

Tips against external fraud

1. Make fraud negotiable. Making employees aware is very important. By making fraud negotiable internally, employees become more alert and less likely to attempt fraud successfully.
2. Create an open corporate culture. CEO fraud is particularly successful within highly hierarchical organizations. The more approachable the organization and the shorter the lines of communication between co-worker and managers, the less likely fraud is.
3. Verify data. Check data such as names and (email) addresses to prevent fraud. For certain work processes, it is even recommended that authorization schemes and a four-eye principle be adhered to.

Insurance Solutions

Finally, we would like to briefly comment on two insurance solutions, fraud insurance and cyber insurance. In addition, we explain some of the differences between these two insurance solutions because they are often confused with each other. People are often under the assumption that cyber insurance protects adequately against digital fraud, and this is incorrect.

Fraud insurance covers the financial consequences of fraud by both in-house employees and third parties. Cyber insurance provides for the cost of first aid in the event of a breach, business losses from a cyber attack and against liability for damages to third parties. These include breach of their privacy or confidentiality, the cost of stolen data, loss of revenue (due to the company not being operational for a certain period of time), cyber extortion and costs of restoring software or data.

Both insurances are considered very useful additions to fraud prevention plans, though, and can act as the final piece of risk prevention for organizations seeking insurance against the harmful effects of fraud. Many organizations are unaware of the existence of such insurance, especially when it comes to fraud insurance. It is important because cyber insurance, credit insurance and business liability insurance do not cover this financial loss due to fraud.

Depending on your situation, wishes, needs and current insurance solutions, we will be happy to provide you with appropriate advice.

If you have any questions regarding this newsletter, please contact Jeroen van Heteren at 033 – 7505000 or info@krollerboom.nl

This article is posted by Jeroen van Heteren. Senior Liability & Cyber Broker

CONNECT MAIL