The 2016/2017 Kroll Annual Global Fraud and Risk Report has just been released, highlighting just how frequently cybersecurity incidents are experienced by businesses.
According to Kroll’s Global Fraud and Risk Report, 85% of surveyed company executives have experienced a cybersecurity incident in the past 12 months. 68% reported at least one security incident, while 82% of executives said their company had experienced at least one instance of fraud.
Out of the companies that had been attacked, 33% said they have experienced virus or worm infections and 26% of respondents said their employees had been targeted with phishing attacks. Data deletion or loss due to system issues was reported by 24% of executives, 23% had experienced a data breach involving employee or customer data, and 22% experienced deletion or corruption of data as a result of a malware infection. Theft or loss of corporate equipment was reported by 17% of survey respondents.
As Kroll points out, “fraud, cyber, and security incidents are the ‘new normal’ for companies across the world.” Cyberattacks can now be considered as a fact of life, and are as inevitable as death and taxes.
While hackers are a constant threat, the report shows that the biggest problem facing companies is considered to be malicious insiders. 56% of respondents to the survey said insiders were the key perpetrators of malicious attacks, while 44% said current and former employees were primarily responsible for cybersecurity issues and fraud. Junior employees were the most likely cause of fraud according to 39% of respondents, while ex-employees were the leading perpetrators of cyberattacks, or information loss or theft.
Corporate fraud is increasing according to the Global Fraud and Risk Report. 15% of respondents reported incidences of market collusion and 11% said there had been misappropriation of corporate funds. 38% of company executives said they had experienced the theft of intellectual property in the past 12 months.
In response to the increased threat of cyberattacks and data theft, companies have implemented a host of technologies to mitigate risk. The most common cybersecurity risk mitigation measure – adopted by 76% of respondents – is internal security assessments of data systems and IT infrastructures. Cybersecurity policies and procedures have been implemented by 74% of respondents, while 72% said they provided cybersecurity training for employees, restricted the installation of software on corporate devices, and now use intrusion detection systems on their devices.
Worryingly, while the risk of cyberattacks and security incidents has increased significantly in recent years, and given that more than 8 out of ten companies had experienced a cyberattack in the past 12 months, only 70% of companies have updated their information security response plan in the past 12 months. Just 68% said they actually test their response plan at least every six months.