More than a third (39%) of firms experienced a year-on-year increase in fraud during 2020, according to BDO UK’s Fraud Track Survey, while three quarters (76%) of business owners and directors believe their company is more exposed to fraud since the emergence of COVID-19. Where does the risk lie, and what can your business do to mitigate it?
Businesses up and down the country have experienced unprecedented disruption due to the global coronavirus pandemic and associated lockdowns.
Retail and leisure sector businesses’ operations have been derailed by social distancing measures; heavy industrials and energy companies have faced falling demand and oversupply; and financial groups have been struck by plummeting interest rates, to name some of the worst affected.
But compounding all of this, the effects of COVID-19 have presented a perfect storm for corporate fraud, which poses a further (but less conspicuous) threat to business resilience.
Threat to cyber security
In particular, cyber-criminals have developed increasingly sophisticated tactics at an alarming rate, and the mass digitisation of the workplace has outpaced many firms’ ability to secure themselves against exploitation.
BDO UK’s Fraud Track Survey, which monitored fraud trends at 500 mid-sized UK firms throughout 2020, found that more than a third (39%) of firms experienced an increase in fraud in the last year, with a quarter (26%) having suffered security breaches through cyber-attacks since the onset of the first nationwide lockdown in March 2020.
In total, six in ten (60%) businesses said they had experienced fraud in 2020, with an average loss totalling £245,000. Unsurprisingly, three quarters (76%) of business owners and directors think their company is more exposed to fraud since the emergence of COVID-19 – with one in five (22%) saying their exposure has “significantly” increased.
One of the main drivers of fraud risk is home working, which has opened a gateway to new opportunities for data theft – including impersonation, or ‘spear phishing’, and sophisticated ‘whaling’ frauds aimed at senior executives. It has also added complexity to the process of identifying and defending against cyber-attacks: pre-pandemic, security was predominantly perimeter-based with firewalls separating the “outside” from the “inside”, but cloud services and remote working have blurred these lines.
Are you operating your business without a fraud response plan?
Despite the rising number of frauds committed against mid-sized firms in 2020, the survey unearthed some concerning findings. For instance, more than half (62%) of businesses failed to implement fraud awareness training programmes for their employees over the last year, while a quarter (26%) still don’t have a fraud response plan in place.
Looking forward, the majority (66%) of company owners and directors are concerned about their business being targeted by fraudsters over the next 12 months – with 24% stating they are “very concerned”. However, 61% said resource constraints as a result of COVID-19 disruption will limit their investment in fraud detection and prevention tools over the coming year.
The way business owners and directors act now will be critical in defining to what extent the pandemic facilitates a drain of IP and competitiveness. Fraud can never be eliminated, but should be treated like any other unavoidable risk and managed responsibly. Combatting the digital crime wave requires investment to support business resilience.