Print Issue: May 2018
Incidents of security breaches of various types continue to increase around the world, according to the 10th annual edition of Kroll's Global Fraud and Risk Report.
The report includes commissioned research by Forrester Consulting, which conducted a worldwide online survey of 540 senior executives across multiple industries. The report divides incidents into three categories: fraud, cyber (theft, loss, or attack involving information or data), and security (physical security breach at the company). For all three categories, the report breaks down the responses by country and by industry sector.
Overall, 86 percent of respondents said they experienced a cybersecurity incident in the previous 12 months, up 1 percent from the 2016 report. For fraud, 84 percent of respondents said they experienced an incident in the previous 12 months, up 2 percent from the last report. And 70 percent of respondents said they experienced a physical security incident in the previous 12 months, up 2 percent from the previous report.
Although these percentages varied from country to country, the percentage of those experiencing incidents was higher than 50 percent in every category. For example, in the United Kingdom, 94 percent of respondents said that they experienced a cybersecurity incident in the previous 12 months, but only 61 percent in Colombia said the same.
In addition, incidents of fraud could be especially costly. About 54 percent of respondents said that incidents of fraud cost their business at least 4 percent of its revenue in 2017—that is, 5 percent said the cost of fraud exceeded 10 percent of revenue, 18 percent said the cost was 7 to 10 percent of revenue, and 31 percent said the cost was 4 to 6 percent of revenue.
In looking to the future, Kroll CEO David R. Fontaine says that at some point it may not be viable for the report to continue breaking down incidents and risks into three separate categories. In fact, that seems to be one of the report's key findings—"risks are increasingly starting to cut across areas, due to factors like economic globalization and increasing digital connections," Fontaine writes in the report's introduction.
"Organizations must adopt a holistic approach to enterprise risk management and develop integrated risk mitigation strategies to address this new threat environment," he says.