Information theft overtakes the appropriation of physical assets for the first time on record
Cyber attacks have pushed corporate fraud around the world to an all-time high, with information theft overtaking the appropriation of physical assets for the first time on record, according to new data.
Levels of reported fraud have gradually climbed since 2012, but 86 per cent of companies around the world reported that they had experienced at least one cyber incident in 2017, according to responses given to Kroll’s annual global fraud and risk survey.
The responses come as anxiety is high in boardrooms about hacking following a year when the WannaCry cyber attacks targeted tens of thousands of organisations worldwide, disabling operations from the UK’s National Health Service to US delivery service FedEx.
More recently, the flaws discovered in chips made by Intel, AMD and ARM, have raised fresh concerns that companies could be vulnerable to attacks.
Information-related risks are now the greatest concern cited among executives who participated in the survey, as the experience of Equifax has sharpened minds and shown that authorities are taking an increasingly robust response.
The US credit-reporting company now faces criminal and regulatory investigations on both sides of the Atlantic after a cyber attack resulted in the theft of personal data of as many as 143m US citizens.
More than half the respondents to the survey believed that their companies were “highly or somewhat vulnerable” to information theft; a rise of six percentage points on last year.
This year was the first where information theft overtook the stealing of physical assets and stock in the decade that Kroll has undertaken its survey. Just under 30 per cent of companies reported they had suffered information theft, loss or attack in 2017, making it the most common type of organisational loss.
Nearly four in 10 executives said their companies suffered a virus or worm attack, while the second-most frequently cited attack was email-based phishing, the survey shows.
While cyber attacks are the most common way companies can lose information, companies can still be vulnerable to more prosaic routes.
“People instinctively think about data being targeted by cyber attacks, but not all threats to information are confined to the digital realm,” said Jason Smolanoff, senior managing director at Kroll. “There is a convergence between physical and digital threats, with issues arising from equipment with sensitive data being stolen or lost, for example, or employees with access to highly sensitive information accidentally or intentionally causing a breach.”