Among the thousands of reports and surveys to come out of the annual meeting in the Swiss ski resort of Davos, one of the most useful is the annual study of business risks in which executives rank what they consider to be the most pressing of their current concerns. Particularly significant this year was that cyber security surged from among the also-rans to grab number three position.
This echoes what HSBC chairman Douglas Flint has been saying for years. As a regular conference speaker, he is known for warning that cyber threats leading to theft of data and fraud are one of the major challenges faced by a business like his. But too many outside the banking world mistakenly think this is a problem only for organisations for which the business is money.
Banks are not alone
They underestimate the nature of the challenge not just from cyber but from fraud in all its forms. According to PwC, no less than 37 per cent of organisations were hit by some form of economic crime in 2014, while consultancy Kroll believe 70 per cent of firms were caught in some way or another in 2014. Altogether the National Fraud Authority claims the annual cost of fraud to the UK economy is in the region of £52 billion.
Sixty seven per cent of discovered frauds were internal rather than external in origin and 84 per cent were the work of just one person
These are estimates because it is in the nature of fraud that you don’t know how much of it goes on; the most successful are by definition those which are never detected. Meanwhile, the statistics around those which are discovered are unreliable. Businesses often do not publicise frauds because they have no desire to advertise their vulnerability nor undermine the confidence of their customer and supplier base. But clearly it is a major problem.
Earlier this summer, a hacker had accessed millions of customer records with credit card details held by Carphone Warehouse. Even when no money is lost, confidence is damaged by this sort of attack. Past experience from similar failings elsewhere shows the reputational hit can be huge.
Fraud also paints on a broad canvas. Even in an age where international cyber crime dominates the headlines, Kroll reported in a 2013 survey that 67 per cent of discovered frauds were internal rather than external in origin and 84 per cent were the work of just one person.
Insisting that every employee takes a minimum of two weeks’ holiday a year, during which time someone else has to do their job, remains one of the most effective anti-fraud defences. Continuing frauds require constant covering up which is much harder to accomplish when out of the office.
Companies at risk
The Association of British Insurers reported in July that in 2014 the potential value of fraudulent policy claims on its members was £1.32 billion. This was double the estimated amount of retail crime last year which was just over £600 million. The industry body says its members detected 130,000 fraudulent claims, the equivalent of 350 every day over the 12 months, to give an annual daily cost of £3.6 million. This was 9 per cent higher than the previous year and disturbingly 57 per cent ahead of the reported level of five years earlier. Note also that this is what they prevented, not what got through.
Fraud covers a multitude of sins, from the small to the truly massive, and it seems to be everywhere. Indeed on just one single day in August, the Financial Times had three major such reports.
One said the Serious Fraud Office had launched a probe into the “business and accounting practices” of Quindell, a troubled insurance company which has just revised downwards its revenues for last year by £290 million and its post-tax profits by £282 million.
The newspaper also told the story of the London Stock Exchange AIM-listed oil explorer Afren which had begun insolvency proceedings. Last year it ousted its chief executive and chief operating officer over what were described as “unauthorised payments”. And from banking, Bill Winters, the recently appointed boss of Standard Chartered, warned of “weak operational controls which exposed the group to losses and fraud”.
The core message is clear. Fraud is a major risk and companies must have coherent comprehensive policies in place to keep the problem under control. But according to most consultants, who admittedly have an axe to grind, fewer than half of organisations do. Given what appears to be happening all around us that it perhaps the most remarkable statistic of all.