10 Oct Fraud & Risk Middle East 2018
The Middle East experienced fewer attacks within the Fraud, Cyber Security and Security threat vectors and the perpetrators and/or modes of attack were interesting. Fraud incidents, for example, were connected to breaches of regulations which could be both intentional and unintentional in nature but in either case demonstrate the value and utility of a strong regulatory framework.
In relation to cyber security incidents most of the issues were attributed to competitors which suggests that a reappraisal of high-tech threat resistance measures would be a useful exercise to undertake. In relation to security incidents many of these were attributed to former employees which suggests that something in the processes concerning the processing of former staff may require a re-evaluation in terms for example of password and login protocols which might remain accessible to them. The final interesting factor at play in the Middle East is the preponderance of junior employees as culprits and more senior managers as locators of malfeasance both of which infer a need to examine operational systems.
The number of respondents in the Middle East reporting a fraud incident in the last 12 months dropped to 66%, down from 88% last year.
The most widespread fraud incidents were a regulatory or compliance breach, cited by 24% of respondents, management conflict of interest (22%), and theft of physical assets or stock (19%).
Junior employees were the most likely to be named as perpetrators of fraud in the Middle East (62%) compared with just 34% last year. This year’s figure was also 23 percentage points higher than the global average of 39%.
Fraud was more likely to be identified by management within the company, according to respondents in the Middle East. More than half (54%) said that management had uncovered a fraud incident, compared with 38% who said that it was uncovered through an external audit and 36% who named an internal audit. The number of respondents who said fraud was uncovered by a whistleblower fell from the number one position in 2016 (50%) to the fourth most likely source in this year’s report (31%).
Executives in the Middle East felt particularly vulnerable to corruption and bribery as well as misappropriation of company funds, both at 61%, and significantly higher than the global averages of 50% and 48%, respectively.
The proportion of respondents in the Middle East reporting a cyber incident also fell, from 90% in 2016 to 71% in this year’s report.
Executives in the Middle East were most likely to cite competitors as the perpetrators of cyber incidents faced by their organization (33%), followed by agents/intermediaries (31%) and random cyber criminals (29%). The most common targets for cyber incidents were customer records and company/employee identity, each cited by 45% of respondents. The number one target last year was physical assets/money (47%), which slipped to fifth place in this year’s survey (36%).
Respondents in the region felt highly or somewhat vulnerable to virus/worm attacks (80%), data deletion (76%), and wire transfer fraud (65%), all of which were significantly more than the global averages.
Two-thirds of respondents in the Middle East (64%) said that they had suffered from a security incident in the previous 12 months, compared with 82% of respondents in last year’s survey.
Security incidents were most likely to be caused by exemployees, according to 39% of respondents in the Middle East. Physical theft or loss of intellectual property was the most common type of security incident (highlighted by 34% of respondents), but almost the same proportion (32%) said they had suffered from incidents associated with environmental risks, including damage caused by natural disasters.
Executives in the Middle East were most likely to feel highly or somewhat vulnerable to physical theft/loss of IP (61%, generally in line with the global average of 63%) and environmental risk (56%).
This is an insight extract curated and replicated from The Global Fraud & Risk Report 2017-2018