Sub-Saharan Africa is typically a region reporting a high incidence of fraud. However, this year’s figure of 77% is a drop of 12 percentage points from the last survey and 7 percentage points below the global average of 84%.

Nevertheless, the region still has the highest prevalence of management conflict of interest (cited by 34% of respondents), money laundering (26%), and regulatory or compliance breach (25%), of all regions surveyed.

Third parties are a commonly cited risk factor, with joint venture partners and customers equally held responsible for incidents (34% each). Ex-employees were also named as key perpetrators by 34% of respondents. However, the most common perpetrators of fraud in the region were junior employees (44%).

Feelings of vulnerability were roughly in line with the global averages, with 53% of respondents feeling highly or somewhat vulnerable to information theft, loss, or attack, compared with a global average of 57%. Strong feelings of vulnerability were also noted around theft of physical assets (49%), followed closely by management conflict of interest, vendor, supplier, and procurement fraud, and misappropriation of company funds, each of which was cited by 47% of respondents.

A higher proportion of respondents in this region than in any other believed their companies were “not at all vulnerable” to a wide range of frauds, including modern slavery (49%), internal financial fraud (38%), misappropriation of company funds (32%), market collusion (32%), corruption or bribery (28%), and vendor, supplier, or procurement fraud (23%).

85% of respondents in the region reported a cyber security incident in this year’s survey, roughly in line with the global average (86%).

The most prevalent cyber incident by far was a virus/ worm attack, cited by almost half (47%) of executives, 11 percentage points above the global average of 36%. Alteration or change of data was also a common issue in the region, reported by 30% of respondents compared with a global average of 22%. This was reflected in feelings of vulnerability, with 59% of executives feeling highly or somewhat vulnerable to this type of cyber incident. Data breaches (59%) and email-based phishing attacks (58%) were also key concerns,

A third (33%) of cyber incidents reported in Sub-Saharan Africa were perpetrated by random cyber criminals.

Customer records were targeted in half of all cyber incidents reported (51%). Employee records were the main target in 44% of incidents.

The percentage of respondents in the region experiencing a security incident dropped slightly to 72% compared with last year’s 74%, and only 2 percentage points above the global average of 70%.

The top three types of security incident reported, namely physical theft or loss of IP (45%), environmental risk (34%), and workplace violence (26%), were all higher than the global averages of 41%, 28%, and 23%, respectively.

The most common perpetrators of security incidents were ex-employees, named in 39% of security incidents in the region, compared with a global average of 37%.

As well as being the most reported security incident, physical theft or loss of IP was also top of the list relating to feelings of high or moderate vulnerability in the region (68%). About half (51%) of respondents also feel highly or somewhat vulnerable to geographic and political risk.