Confidential business and customer data has now become the number one target for fraudsters, surpassing hard cash and even physical assets for the first time, according to company bosses.
The move has been revealed in the 2017/18 global fraud and risk report by security consultancy Kroll, which showed that just under a third (29%) of senior executives said their company was defrauded of information in the past year. It is the first time since Kroll started reporting on fraud a decade ago that data has been the top target.
The report, based on a survey of 540 senior executives from businesses around the world across different sectors, also highlighted the growing cyber risk to businesses, with 86% of bosses reporting that their company had experienced a cyber incident or the theft, loss of or attack on information in the past 12 months. Some 70% said there had been at least one security incident at their company in the past year.
Overall, 84% of businesses fell victim to at least one instance of fraud in the past year, according to the report.
And nearly two-thirds of the business chiefs said their company had experienced reputational damage as a result, while 23% said that they believed their firm lost at least 7% of revenue.
Junior employees, former staff members and suppliers were cited as the most common perpetuators of fraud by survey participants.
Of those it surveyed, nearly four in 10 respondents (36%) said their companies had been impacted by a virus or worm attack, an increase of 3 percentage points year-over-year. Meanwhile a third (33%) said they had suffered an email-based phishing attack, up 7 percentage points from the last report; 27% had suffered a data breach; and 25% were affected by data deletion.
Beyond digital threats, information was highly susceptible to loss through other means: 29% of executives surveyed said equipment with sensitive data was stolen, while 27% said equipment was “lost”.
Pinsent Masons civil fraud and asset recovery expert Alan Sheeley said that businesses must take account of the potential civil liabilities which may arise against them, following a cyber fraud attack, adding that those which fail to keep personal data secure may also face liabilities under data protection laws, and could face further action for breaches of the Supply of Goods & Services Act 1982.
Sheeley commented: “UK businesses and organisations must improve their ability to deal with cyber fraud attacks and prevention is, of course, central to mitigating the risk. However, when the worst happens, businesses and organisations should defer to an agreed response plan.”
Related stories
Thousands of Morrisons staff to get data leak pay-off
Morrisons staff start High Court fight over 2014 breach
25 million UK adults in the dark over theft of their data
Stephen Fry on alert as toffs’ data is stolen from club
Uber faces long arm of the law over 64m data breach
Finance firms face sustained attack on their data vaults
FCA launches investigation into Equifax breach farce
Millions of Instagram users hit by major hack attack
Data breach at games giant CeX hits 2m customers
Data breaches ‘hit shares, sales and growth for years’