Cybercrime tops the list of current threats facing businesses, while emerging risks from ESG-reporting fraud and platform fraud (scams committed in online platforms such as social media and e-commerce) could impact businesses in the future. The tech, media and telecommunications sector experienced the highest incidences of fraud across all industries according to PwC’s Global Economic Crime and Fraud Survey 2022, which warns that external fraudsters are becoming a bigger threat with the growing proliferation and sophistication of attacks.

Ian Pay, ICAEW’s Head of Data Analytics and Tech, believes the significant volumes of sensitive financial data to which accountants are privy is highly prized by cybercriminals looking to exploit weaknesses in an organisation’s security.

“Should that data get into the wrong hands, it could cause untold damage to a business, its customers and suppliers, as well as to the reputation of the business. This is something that can affect organisations of any size; indeed, cybercriminals often see smaller companies as easier prey to make a quick buck,” Pay says.

As the usual gatekeepers to highly sensitive fiscal data, finance professionals need to be aware of the risks they face and make good use of the latest fraud prevention and detection tools if they are to stand a chance against evolving cyber threats.

“There is a growing market of fraud prevention and detection tools which use technologies such as machine learning to identify and manage potentially fraudulent activity,” says Esther Mallowah, ICAEW’s newly-appointed Head of Tech Policy. But while these technologies can be powerful, they are only a part of the solution, Mallowah warns. “They must be combined with good basic cyber hygiene, user education, and an understanding of the organisation’s most critical data and cybercrime risks.”

Mallowah adds: “As digitisation continues, the methods of committing fraud will likely continue to shift towards ‘online’ methods. Being able to effectively mitigate the cybercrime fraud risk requires a holistic approach that considers people, technology and process.”

Any size business is at threat 

While just under half of organisations (46%) reported experiencing fraud or economic crime within the last 24 months, the impact of these crimes has been substantial.

Just over half (52%) of companies with global annual revenues over $10bn experienced fraud during the past 24 months. Of these, almost one in five reported that their most disruptive incident had a financial impact of more than $50m. Among smaller companies with less than $100m in revenues, incidences of fraud were lower at 38%, of which a quarter faced a total impact of more than $1m.

Beyond password checks and phishing emails

Cybercrime poses the biggest threat to small, medium, and large businesses, after the impact of hackers rose substantially over the last two years. The rise of digital platforms opens the door to myriad financial crime risks, and 40% of those encountering fraud experienced some form of platform fraud.

According to the PwC survey, cybercrime ranked ahead of customer fraud as the most common crime in 2020, and by a substantial margin: 42% of large businesses said they had been victims of cybercrime in the period, while only 34% experienced customer fraud.

“Protecting a business isn’t just about relying on the IT infrastructure to protect against such attacks. Being on the lookout for suspicious emails and having a robust approach to password management are two small but simple things that anyone and everyone should be doing,” Pay says.

“As finance professionals increasingly turn to cloud software solutions, ensuring that the login credentials are sufficiently complex or, where possible, employ single sign-on capabilities integrated with the wider organisation’s access management will minimise the risk of those solutions becoming compromised,” Pay adds.

Emerging risks

Emerging risks including ESG reporting fraud, ie, the act of altering ESG disclosures so that they do not truly reflect the activities or progress of an organisation, and supply chain fraud, for example when a fraudster disguises themselves as a known supplier to redirect payment, have the potential to cause greater disruption in the next few years. While just 6% of organisations said they had experienced anti-embargo fraud – where an organisation is tricked into breaking an embargo – in the last 24 months, that may change in the next 24 months as global sanctions rise to the highest levels in recent history.

Sir David Green, chair of the Fraud Advisory Panel, agrees that both ESG reporting and supply chain fraud present emerging and growing fraud threats: “ESG reporting involves the disclosure of data on environmental social impacts and on corporate governance. At the same time, commercial supply chains have become multi-layered, global and ever more complex. Both disclosed data and complex supply chains present new, exploitable opportunities for the creative fraudster.” 

“Once new opportunities for criminal profit emerge, fraudsters are adept at spotting and rapidly exploiting those opportunities,” Green says. Recent examples include widespread fraud on government COVID-19 support grants and fraud around charity donation to Ukraine.