Lower fraud rates are giving many companies a false sense of security and U.S. organizations are particularly good at ignoring trends that point to the need for vigilance, a global study found.
The number of companies reporting at least one incident of fraud fell to 61 percent from 75 percent the previous year, according to the annual Global Fraud Report released Monday by Kroll Advisory Solutions, a security consulting firm. The drop was the second in as many years.
Less fraud meant the average cost to businesses fell to 0.9 percent of revenues from 2.1 percent. These two trends made companies feel much safer with the number saying their exposure to fraud had increased falling to 63 percent from 80 percent.
Despite the encouraging numbers, Kroll warned that that "letting down one's guard can have dire consequences."
"Companies must remain vigilant as the methods and tools employed by fraudsters continue to evolve," Tom Hartley, president and chief executive of Kroll, said in the report.
U.S. companies experienced similar trends, the study found. However, half the frauds covered in the survey were more prevalent in the U.S. than the global average and the amount of money lost was also higher at 1.1 percent of revenue. However, that number was less than the prior year's cost of 1.9 percent.
U.S. companies were also less like than the rest of the world to have anti-fraud strategies in places and the number of companies planning to spend more in the coming year to combat fraud was also lower.
"If businesses in the United States want to address their ongoing fraud issues, they will need to get more active," the report said.
Information theft was the most common fraud in the U.S. with 26 percent of companies surveyed reporting at least one incident. That number was largely unchanged from the previous year, yet the proportion of companies describing themselves as highly or moderately vulnerable to information theft fell nearly 20 percentage points to 33 percent.
Theft of physical assets, the most common fraud for the rest of the world, was second in the U.S.
The complexity of information technology within U.S. companies was cited as the biggest driver of fraud. In addition, American businesses were the most likely in the world to report an attack from an outside hacker.
Nevertheless, insiders were by far the most likely to commit fraud. More than two thirds of all the companies surveyed that reported at least one incident of fraud said an insider was the key perpetrator or at least one of the lead culprits. That number was up from 60 percent the prior year.
Insiders tended to either act alone or with peers. Those acting alone were usually junior employees, senior managers or agents of the company.
Sign up for CIO Asia eNewsletters.