With advancement and changes in the environmental, social, geopolitical and financial spheres of our lives come new sets of challenges, which are more volatile than ever before. And while businesses are embracing these changes and introducing new navigation strategies to combat the volatility, bad actors (or criminals) continue to find new ways of exploitation.
In fact, the emergence of new worlds like metaverses is blurring the boundaries between crime in the cyber and physical realms.
The number of incidences of fraud committed on the internet and in cyber-physical realms (systems in which a mechanism is controlled or monitored by computer-based algorithms) is on the rise. Moreover, cybercriminals are often difficult to apprehend as many of them operate from outside the target country.
Business organisations have been taking several measures in order to prevent, detect and respond to fraud speedily and effectively. And several years of efforts, through revised policies, intense training, comprehensive monitoring and robust controls had helped businesses to reduce cases of misconduct and fraud that originated internally. However, following the Covid-19 pandemic, the working style changed for most business organisations. The flexibility offered to employees has blurred the traditional perimeters of fraud, resulting in many controls (measures) becoming ineffective beyond a certain point.
The good news, though, is that the overall number of frauds is decreasing.
To assess the global state of fraud among companies, PwC conducted the Global Economic Crime Survey (GECS) in 2022,1 which saw participation from 1,296 respondents in 53 countries and regions. The survey intended to assess the overall trends and emerging nature of fraud and how to manage risks.
About 46% of the surveyed organisations reported experiencing some form of fraud or economic crime within their organisation in the last two years, a 3% decline from GECS 20181 when 49% of the organisations reported the same.
Although the number of incidents of fraud seems to be stable, their impact continues to be substantial in all types of organisations. Moreover, according to the survey, across small or large organisations, cybercrime poses the biggest threat at present.
Industrial engineering, health, technology, media and telecom, and government and public sectors reported cybercrime as their biggest threat. On the other hand, sectors such as financial services and retail cited customer-initiated fraud as their biggest threat. Companies belonging to the energy, utilities and natural resources sectors - which are capital and infrastructure-intensive - have reported procurement-related frauds as their biggest threat.
The last two years have provided organisations with a clearer idea of the emerging nature of various frauds. Some types of frauds can be correlated with the economic downturn. For example, an employee may be forging data within the systems to achieve a sales target that an expert knew was unachievable due to poor economic climate. Such activities are usually hard to detect during a boom but easily raises suspicion during an economic downturn.
Similarly, external fraudsters take advantage of such situations, particularly in the retail and financial services sectors, to commit frauds such as conning a victim through relevant offers during a pandemic. Taking further advantage of poor economic conditions, organised crime groups also recruit unemployed but digitally savvy individuals to carry out fraudulent schemes and related digital crimes.
Source: PwC's Global Economic Crime Survey 2022
The good news is that the organisations are doing their best to enhance their technical capabilities in order to implement stronger internal controls and make themselves more resilient to cybercrime. During the last two years, many business organisations in Bangladesh, particularly banks, started to review their technology infrastructure to make it more robust to prevent cyberattacks.
While fraud-related crimes originating from inside an organisation can be tackled via policies, controls and training, crimes originating through external predators require a complete review and revamp of certain perimeters.
Organisations must spend a significant amount of time understanding the life cycle of their products and services comprehensively and assess the possible weak links through which they are susceptible to external attacks. This will require a complete study of each customer segment to understand how they relate to these products and services and provide an insight into how the vulnerabilities will get created.
In countries like Bangladesh, organisations that have a strong brand image must carry out such risk assessments and profile their customers to remediate vulnerabilities. Frauds such as the insertion of counterfeit products within the supply chain can become more sophisticated with the use of advanced technologies.
Prevention of fraud and other such cybercrimes is a complex challenge. Companies must invest in adequate technology-based monitoring and customer engagement, with a continuous focus on policies and controls to manage fraud effectively. Moreover, it is critical for business organisations and law enforcement agencies to increase their agility and resilience to deal with crimes in the emerging cyber-physical world.
The writer is a partner at PwC.
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions and views of The Business Standard.