The number of respondents in the Middle East reporting a fraud incident in the last 12 months dropped to 66%, down from 88% last year.

The most widespread fraud incidents were a regulatory or compliance breach, cited by 24% of respondents, management conflict of interest (22%), and theft of physical assets or stock (19%).

Junior employees were the most likely to be named as perpetrators of fraud in the Middle East (62%) compared with just 34% last year. This year’s figure was also 23 percentage points higher than the global average of 39%.

Fraud was more likely to be identified by management within the company, according to respondents in the Middle East. More than half (54%) said that management had uncovered a fraud incident, compared with 38% who said that it was uncovered through an external audit and 36% who named an internal audit. The number of respondents who said fraud was uncovered by a whistleblower fell from the number one position in 2016 (50%) to the fourth most likely source in this year’s report (31%).

Executives in the Middle East felt particularly vulnerable to corruption and bribery as well as misappropriation of company funds, both at 61%, and significantly higher than the global averages of 50% and 48%, respectively.

The proportion of respondents in the Middle East reporting a cyber incident also fell, from 90% in 2016 to 71% in this year’s report.

Executives in the Middle East were most likely to cite competitors as the perpetrators of cyber incidents faced by their organization (33%), followed by agents/intermediaries (31%) and random cyber criminals (29%). The most common targets for cyber incidents were customer records and company/employee identity, each cited by 45% of respondents. The number one target last year was physical assets/money (47%), which slipped to fifth place in this year’s survey (36%).

Respondents in the region felt highly or somewhat vulnerable to virus/worm attacks (80%), data deletion (76%), and wire transfer fraud (65%), all of which were significantly more than the global averages.

Two-thirds of respondents in the Middle East (64%) said that they had suffered from a security incident in the previous 12 months, compared with 82% of respondents in last year’s survey.

Security incidents were most likely to be caused by exemployees, according to 39% of respondents in the Middle East. Physical theft or loss of intellectual property was the most common type of security incident (highlighted by 34% of respondents), but almost the same proportion (32%) said they had suffered from incidents associated with environmental risks, including damage caused by natural disasters.

Executives in the Middle East were most likely to feel highly or somewhat vulnerable to physical theft/loss of IP (61%, generally in line with the global average of 63%) and environmental risk (56%).