Gulf firms most vulnerable to fraud and cyber-attacks

Organisations need to have systemic processes in place to prevent, detect and respond to fraud and cyber-risks.

The Gulf region saw the highest rise in fraud incidents of any region across the world with companies reporting an alarming increase in cases related to swindles, cyber and security in 2016-17.
The incidence of fraud in the GCC was six per cent above the global average of 82 per cent.
The vast array of perpetrators and ever-evolving nature of incidents also reflect an increasingly complex risk management environment across the region, findings of a survey revealed.
While 88 per cent of executives surveyed in the Gulf region experienced a fraud incident in the past year compared to 62 per cent in 2015, 90 per cent of executives reported at least one cyber-incident and 82 per cent reported security incidents, according to a survey for the 2016-17 Kroll Annual Global Fraud and Risk Report.
One interesting finding of the survey is that current and former employees were the most common perpetrators of such frauds. "Despite widespread concerns about external attacks, the findings reveal that the most common perpetrators of fraud, cyber and security incidents over the past 12 months were current and former employees," the report revealed.
The proportion of executives that reported their companies fell victim to fraud in the past year rose significantly, highlighting the escalating threat to corporate reputation and regulatory compliance.
"Cyber-incidents were even more commonplace with 90 per cent of executives surveyed saying their company has suffered a cyber incident over the past 12 months. Over eight in 10 [82 per cent] reported the occurrence of at least one security incident over the course of the year," the survey said.
Senior or middle management was cited as key perpetrators in two-fifths (36 per cent) of fraud cases, followed by junior staff (34 per cent). Third-party entities were also considered to have significant roles in most fraud incidents, with joint venture partners, vendors, suppliers and agents names by around a quarter of respondents. Former employees were also identified as responsible for 20 per cent of incidents reported.
Over half of respondents (56 per cent) said insiders were the key perpetrators of security incidents, with permanent employees the most common of these (24 per cent).
"This year's Kroll Global Fraud and Risk Report has the highest proportion of companies reporting fraud and rising levels of cyber and security breaches. The impact of such incidents is significant, with punitive effects on company revenues, business continuity, corporate reputation, customer relations, and employee morale, as well as the risk of regulatory intervention," said Tom Everett-Heath, regional managing director.
With fraud, cyber and security incidents becoming the new normal for companies all over the world, it is clear that organisations need to have systemic processes in place to prevent, detect, and respond to these risks if they are to avoid reputational and financial damage.
As important is the need for effective, thorough and timely responses when incidents are detected, said Everett-Heath.
In the Gulf, a broad range of cyber-incidents were reported. The single-most common types of incident reported was a virus or worm infestation, reported by almost one-third of all companies (30 per cent) and data deletion or loss due to system issues (30 per cent).
In the age of big data, a fifth (20 per cent) of respondents said data breaches resulted in loss of customer or employee data, while 16 per cent reported loss of IP, trade secrets or R&D. More than one in four (26 per cent) suffered data deletion or corruption caused by malware or system issues, and 10 per cent were victims of data deletion by a malicious insider.
Gregg Petersen, regional director for the MEA and SAARC at Veeam Software, said the main concern of companies which are facing data loss is how quickly they can recover and how much data can they afford to lose. "Companies need to be extremely careful about the vendors they choose to keep their business up and running and how much risk they can mitigate."
Daniel Turner, an associate managing director in Kroll's Dubai office, said the incidence of fraud, cyber and security incidents in the region continues to climb markedly. "Companies are increasingly operating in a global business environment fraught with high and mounting risks and repercussions. These risks can be mitigated through the adoption of a conscious and proactive approach and through the implementation of employee and partner education programs and a tighter set of policies that help remove avoidable errors and poor business practices."
- issacjohn@khaleejtimes.com