Fraud in Sub-Saharan Africa 2018

Sub-Saharan Africa revealed issues within the Fraud, Cyber Security and Security threat vectors which in part reflect issues pertaining to the nature and progress of developmental change across the region.

Fraud incidents were typified by management conflicts of interest, regulation or compliance breach and money laundering all of which are generally facilitated by a lack of effective protocols and controls and/or a lack of their implementation and monitoring. Similarly, third parties and ex-employees were the major malfeasants which suggests a need to rework the control strategies currently in place. For cyber security incidents the core threat vectors involved viral attacks and random external attacks both of which suggest a vulnerability or perceived vulnerability within firewalls and the protocols that support their efficacy. Finally, in relation to security incidents, physical theft or loss of intellectual property to ex-employees were key variables and both suggest a lack of effective control mechanisms or mechanisms which have a degree of vulnerability.

Fraud

Sub-Saharan Africa is typically a region reporting a high incidence of fraud. However, this year’s figure of 77% is a drop of 12 percentage points from the last survey and 7 percentage points below the global average of 84%.

Nevertheless, the region still has the highest prevalence of management conflict of interest (cited by 34% of respondents), money laundering (26%), and regulatory or compliance breach (25%), of all regions surveyed.

Third parties are a commonly cited risk factor, with joint venture partners and customers equally held responsible for incidents (34% each). Ex-employees were also named as key perpetrators by 34% of respondents. However, the most common perpetrators of fraud in the region were junior employees (44%).

Feelings of vulnerability were roughly in line with the global averages, with 53% of respondents feeling highly or somewhat vulnerable to information theft, loss, or attack, compared with a global average of 57%. Strong feelings of vulnerability were also noted around theft of physical assets (49%), followed closely by management conflict of interest, vendor, supplier, and procurement fraud, and misappropriation of company funds, each of which was cited by 47% of respondents.

A higher proportion of respondents in this region than in any other believed their companies were “not at all vulnerable” to a wide range of frauds, including modern slavery (49%), internal financial fraud (38%), misappropriation of company funds (32%), market collusion (32%), corruption or bribery (28%), and vendor, supplier, or procurement fraud (23%).

Cyber Security

85% of respondents in the region reported a cyber security incident in this year’s survey, roughly in line with the global average (86%).

The most prevalent cyber incident by far was a virus/ worm attack, cited by almost half (47%) of executives, 11 percentage points above the global average of 36%. Alteration or change of data was also a common issue in the region, reported by 30% of respondents compared with a global average of 22%. This was reflected in feelings of vulnerability, with 59% of executives feeling highly or somewhat vulnerable to this type of cyber incident. Data breaches (59%) and email-based phishing attacks (58%) were also key concerns,

A third (33%) of cyber incidents reported in Sub-Saharan Africa were perpetrated by random cyber criminals.

Customer records were targeted in half of all cyber incidents reported (51%). Employee records were the main target in 44% of incidents.

Security

The percentage of respondents in the region experiencing a security incident dropped slightly to 72% compared with last year’s 74%, and only 2 percentage points above the global average of 70%.

The top three types of security incident reported, namely physical theft or loss of IP (45%), environmental risk (34%), and workplace violence (26%), were all higher than the global averages of 41%, 28%, and 23%, respectively.

The most common perpetrators of security incidents were ex-employees, named in 39% of security incidents in the region, compared with a global average of 37%.

As well as being the most reported security incident, physical theft or loss of IP was also top of the list relating to feelings of high or moderate vulnerability in the region (68%). About half (51%) of respondents also feel highly or somewhat vulnerable to geographic and political risk.

This is an insight extract curated and replicated from The Global Fraud & Risk Report 2017-2018