We asked respondents whose organisation experienced economic crime to profile the main perpetrator of the most serious fraud they had faced. The picture which emerged was similar to previous years, with 56% reporting that the main perpetrator was internal, and 40% reporting the main perpetrator was external.
But dig a little into the data, and some sharp contrasts begin to emerge at the sector level.
While global averages continue their 56% internal/40% external split, the figure below shows the financial services sector was unique in reporting almost the inverse, citing external perpetrators (59%) as their greatest fraud adversaries — a continuation of a pattern evident in 2011 as well. This is likely due to the disproportionately high rate of cybercrime affecting financial services (45%, compared to all other industries at 17%) and to the fact that cybercrime tends to involve external fraudsters.
On the other hand, certain industries consistently report a preponderance of internal perpetrators — for example, the engineering and construction (70%) and energy, utilities and mining (69%) sectors.
So who’s committing internal fraud? Our results indicate that the overall profile of the internal fraudster generally remained the same as in 2011 — middle-aged males with a college education or higher who have substantial tenure with the organisation. Globally, almost half of all frauds are committed by employees with 6 or more years of experience, and almost a third (29%) are committed by employees with 3 to 5 years of experience.
Presumably, there is a silver lining to having most of one’s fraud losses attributable to internal players — you have a better opportunity to mitigate these risks through improved internal policies, processes and controls when the fraudster is someone employed by the company. Mitigating the actions of external criminals may not be so easy.