Professional Documents
Culture Documents
Kroll Global Fraud Risk Report 2017 18
Kroll Global Fraud Risk Report 2017 18
Kroll Global Fraud Risk Report 2017 18
58 China
security solutions — to be particularly instructive and useful.
Are We Winning the Battle Against
23 60 India
One of the Report’s findings with the greatest implication for organizations is that Bribery and Corruption?
many risks can no longer be neatly categorized and labeled as fraud-, cyber-, or Latin America
security-related. Instead, due to the convergence of a global economy, growing Tracing Concealed Assets in Fraud 62 Brazil
digital connections, and ever-constant human behavioral factors, organizations 26 Investigations, Arbitration Awards,
must adopt a holistic approach to enterprise risk management and develop 64 Colombia
and Judgments
integrated risk mitigation strategies to address this new threat environment. 66 Mexico
Kroll has the ability to bring together multidisciplinary teams of experts and Infrastructure Investment in Emerging
28
Markets – Mitigating the Risks
to combine these teams with data analytics, language skills, and technology 68 Industry Overviews
solutions – anywhere, anytime – to assist clients in understanding and navigating
When It Comes to Information Security, 68 Industry risk map
this new world of RISK. We stand ready to provide clients with the knowledge
30 Employees Can Be Your Most Important
and intelligence edge that will help them to anticipate, detect, mitigate, and Construction, Engineering,
Asset and Greatest Threat 70
respond to risk, both today and into the future. and Infrastructure
FRAUD
Research 84%
Overall, 84% of surveyed executives report their
company fell victim to at least one instance of fraud
in the past 12 months, up from 82% in 2016. This
represents a continuous, year-on-year rise since 2012,
2016
2017
82%
84%
2% above 2016
Introduction 2015
75%
2013
70%
Welcome to the 10th edition of the Kroll
Global Fraud & Risk Report. This year’s
Report addresses the diverse range 2012 61%
2017 2016
In addition to reporting extremely high incidence levels, survey respondents indicated
that the repercussions were both costly and wide-ranging – negatively impacting 57%
Indeed, survey respondents claimed significant economic damage from fraud. In this
year’s survey, nearly half of respondents (46%) reported losses of 3% or less of company
revenues. Notably, 23% of respondents reported losses of 7% or more of revenues; last
year, only 3% of respondents reported this scale of loss. Of the respondents who reported
losses of 7% or more, 69% were in two industries: Retail, Wholesale, and Distribution
(35%) and Construction, Engineering, and Infrastructure (34%).
In their article on page 28, Tarun Bhatia, Reshmi Khurana, Oliver Stern, and Brian
Weihs examine the risks associated with infrastructure investments in emerging markets
across Sub-Saharan Africa, Latin America, and South Asia, and potential strategies for
mitigating these risks.
Confidential
Information
Under Increasing
Threats
In a digitized world – characterized TYPES OF FRAUD TYPES OF FRAUD SUFFERED IN THE PAST 12 MONTHS
by massive increases in data creation, For the first time in 10 years of reporting, information
2017 2016
theft, loss, or attack was the most prevalent type of fraud
collection, and reliance for all manner experienced in the last year, cited by 29% of respondents, up Information Theft, Loss, or Attack
29%
24%
of business – information has become 5 percentage points from 24% of respondents in the 2016
27%
survey. This in turn was up 7 percentage points from 22% of
increasingly valuable and vulnerable. Theft of Physical Assets or Stock
29%
respondents in the 2015 survey.
Criminals are continually finding 26%
Theft of physical assets or stock, long the most common Management Conflict of Interest
21%
new ways to monetize confidential type of fraud, was the second most frequently cited incident,
23%
information, including personal data. suffered by 27% of respondents. Internal Financial Fraud
20%
Employees often have access to The greatest year-over-year increase in incidence was
21%
corruption and bribery, reported by 21% of surveyed Corruption and Bribery
15%
highly sensitive information that can be executives, and up 6 percentage points from 15% in the last
20%
accidentally or intentionally publicized, survey. With the incidence of bribery and corruption almost Misappropriation of Company Funds
18%
doubling over the last two years, the risk for organizations has
stolen, or deleted. Furthermore, for Vendor, Supplier, or 20%
heightened considerably.
some companies, intellectual property Procurement Fraud 26%
In their article on page 23, Richard Dailly, Arturo del Castillo,
and trade secrets are their most and Paul Nash explore how governments around the world Regulatory or Compliance Breach
20%
21%
valuable assets, and they now find are stepping up to tackle bribery and corruption.
20%
IP Theft, Piracy, or Counterfeiting
these treasures susceptible to new 16%
16%
Money Laundering
15%
TYPES OF CYBER INCIDENTS HOW CYBER INCIDENTS HAPPEN You stated your company has suffered from a
cyber incident in the past 12 months. Which best
In the past year, respondents reported falling victim to more of every type of cyber When asked about a specific cyber incident their company describes how this took place? (Select up to three)
incident than executives cited in the 2016 survey. had experienced, respondents often mentioned more
than one attack vector, underscoring the complexity of the EMPLOYEE VENDOR/SUPPLIER
In the year when major viruses such as WannaCry and Petya spread around the world,
cyber-sphere. Furthermore, cyber incidents may result from
nearly four in 10 (36%) surveyed executives said they had been hit by a virus or worm
malfeasance by bad actors – both outsiders and insiders – Attack using
25%
attack, an increase of 3 percentage points year on year, and the most frequent type of software vulnerability
or error/accident caused by third parties and/or employees.
cyber incident named in this year’s Report. Attack against
21%
• Software vulnerability was the most common attack corporate website
Whereas a quarter (26%) of respondents in last year’s survey reported suffering from an
vector, named by a quarter (25%) of executives Employee error/accident 20%
email-based phishing attack, this year, fully a third (33%) experienced this type of cyber surveyed, followed by attack against corporate website,
incident. Additionally, data breach and data deletion impacted 27% and 25% of this Attack on vendor/supplier
cited by 21% of respondents. by external hacker
19%
year’s respondents, respectively.
• Employee error or accident played a significant role, as Employee manipulation
17%
Not all cyber threats were confined to the digital realm, however. Of the executives indicated by one out of five respondents (20%), while of controls
surveyed, 21% said equipment with sensitive data was stolen, while 19% said equipment employee manipulation of controls was cited by 17% Attack using credentials
17%
compromised elsewhere
was “lost”, highlighting the convergence between physical and digital threats. and employee malfeasance by 14%.
In their article on page 30, Alan Brill, Jonathan Attack using social engineering 17%
Fairtlough, Kenya Mann Faulkner, and John Friedlander Theft of device containing data 16%
TYPES OF CYBER INCIDENTS SUFFERED IN THE PAST 12 MONTHS show how organizations can make employees their
Employee malfeasance 14%
greatest asset when it comes to information security by
2017 2016 Attack that defeated
assessing how employees really work and then using 13%
authentication protocols
Virus/worm infestation
36% that knowledge to put in place the right rules, tools, and
Vendor/supplier
33% compliance mechanisms. 12%
error or accident
Culprits Inside
and Outside PERPETRATORS OF FRAUD INCIDENTS PERPETRATORS OF CYBER INCIDENTS PERPETRATORS OF SECURITY INCIDENTS
Respondents reported that insiders continue to be the most Respondents who had experienced a cyber incident in Ex-employees were the most commonly named perpetrators
common perpetrators of fraud, naming junior employees the last 12 months said external parties were in many of security incidents, named by 37% of respondents. This
Perpetrators (39%), ex-employees (34%), senior/middle management
(27%), and freelance/temporary employees (26%). Agents
instances among the key perpetrators, citing random cyber
criminals (34%), competitors (23%), and vendors/suppliers
was most evident in the Healthcare, Pharmaceuticals, and
Biotechnology sector, at 54%. Among respondents from all
and/or intermediaries, arguably quasi-employees, were also (18%). Indeed, random cyber criminal was the single most sectors, roughly a quarter reported junior employees (26%)
Insiders and ex-employees continue cited by 24% of respondents. commonly named perpetrator of cyber incidents in this year’s and senior/middle management (25%) as key perpetrators.
to pose the greatest threat to While insiders were identified as the main perpetrators of survey. Perhaps this is not surprising given that virus/worm In looking at the role played by external perpetrators, nearly
attacks and email-based phishing attacks were the top two
companies around the world, fraud, respondents also stated that insiders were the most a third (30%) of respondents reported random perpetrators
types of cyber incident suffered. Both are often opportunistic
likely to discover it. Nearly half (47%) of respondents said as the main culprits, with the Transportation, Leisure, and
according to this year’s survey. that fraud was discovered by whistleblowers, 44% said it crimes where attackers play the odds and are abetted by the Tourism sector citing the highest proportion of all sectors
Whether it’s a premeditated solo fact that raids can be easily deployed from any location and
was detected through an internal audit, and 35% credited surveyed (38%). The next most commonly identified
in high volume.
attack, a well-crafted collaboration management with uncovering fraud. perpetrator overall was a competitor (24%), although
As noted previously, insiders are also key perpetrators, respondents in the Retail, Wholesale, and Distribution
Third parties are also frequently named as culprits of fraud;
with other internal and/or external sometimes unwittingly through errors and sometimes through sector reported suffering the most from this threat (33%).
nearly a third (30%) of surveyed executives cited vendors/
parties, or simply an unfortunate suppliers as key perpetrators and nearly a quarter (23%) malfeasance. Ex-employees were named as key perpetrators Rounding out the overall top three of named perpetrators
by 28% of surveyed executives, whereas senior/middle were customers (22%); given the nature of their business,
accident with no malice intended, it’s named joint venture partners. In their article on page 32,
management, freelance/temporary, and junior employees it was perhaps not surprising to learn respondents from
Kevin Braine, Julian Grijns, Tad Kageyama, and Cem Ozturk
important to recognize the need for were cited by 19%, 18%, and 16%, respectively. Consumer Goods and Transportation, Leisure, and Tourism
discuss the multitude of insidious risks that can arise in
training, policies, and procedures to each reported higher levels of customer-related incidents
supply chains and how organizations can better identify and
You stated your organization suffered at least (31%). While nation states, political activists, and terrorists
mitigate internal human risks. mitigate these risks in a proactive way. one cyber incident in the past 12 months. Which were only reported by 16%, 15%, and 12% of respondents,
of the following describes the key perpetrator(s)
respectively, it’s important to note these are all double-digit
Respondents revealed that fraud, cyber, and You stated your organization suffered at least one of these incidents? (Select all that apply)
responses.
security incidents are often inside jobs, i.e., fraud incident in the past 12 months. Which of the
following describes the key perpetrator(s)
perpetrated by one or more of the following Random cyber criminal 34%
You stated your organization suffered at least one
of these incidents? (Select all that apply)
groups: senior or middle management, junior security incident in the past 12 months. Which of
Ex-employees 28%
employees, ex-employees, freelance/temporary Junior employees
the following describes the key perpetrator(s) of
39% Competitors 23% these incidents? (Select all that apply)
employees. Specifically: of our own company
Senior or middle
• Of those respondents who reported a fraud Ex-employees 34%
management employees 19%
incident, 81% cited one or more insider Ex-employees 37%
of our own company
Vendors/suppliers 30%
groups as perpetrators. Random perpetrator 30%
Vendors/suppliers 18%
Senior or middle
• Among those who experienced a security management employees 27% Freelance/temporary Junior employees
18% 26%
incident, 71% of respondents named one or of our own company employees of our own company
more of these insider groups. Freelance/temporary
26% Senior or middle
Agents and/or intermediaries 17%
employees management employees 25%
• And for those who suffered a cyber incident, Junior employees of our own company
Agents and/or intermediaries 24% 16%
fewer – but still a majority (58%) – identified of our own company
Competitors 24%
one or more insider groups as perpetrators. Joint venture partners 23% Accidental placement of
sensitive data indexed 14% Customers 22%
The insider risk notwithstanding, external parties Customers 22% by search engine
also pose a significant threat. They were named Freelance/temporary
21%
Regulators 15% Joint venture partners 13% employees
in the top three responses across all three risk
Customers 12% Nation states 16%
categories: fraud, cyber, and security. Government officials 13%
Terrorists 8%
16 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: RESEARCH SUMMARY 17
Vulnerability
and the Drive to
Mitigate Risks
FRAUD CYBER SECURITY
With cyber incidents at an all-time high and perpetrators Similarly, the proportion of respondents who admitted to
This survey shows mounting concerns Just as the most commonly reported type of fraud
seeming to develop new methods of attack virtually every feeling vulnerable to physical security threats grew over the
about companies’ vulnerability to experienced in the last year was information theft, loss, or
day, we see a corresponding rise in perceived vulnerability last year. Physical theft or loss of IP topped the list again this
attack, it was also the most commonly named area of
fraud, cyber, and security risks. It is among respondents. For each type of cyber incident, half or year, with 63% stating their company is highly/somewhat
concern. A majority of respondents (57%) said they believe
particularly striking that despite having they are highly or somewhat vulnerable to information theft, more of all executives surveyed admitted that they believe vulnerable to this information-related threat. Respondents in
taken some actions to mitigate risk, their company is highly or somewhat vulnerable. the Healthcare, Pharmaceuticals, and Biotechnology sector
and 56% identified the same level of concern around IP theft,
felt by far the most vulnerable to this threat, with 79% feeling
the share of respondents perceiving piracy, or counterfeiting. Theft of physical assets, historically How vulnerable do you believe your company is
to each of the following types of cyber incidents highly/somewhat vulnerable, a clear 12 percentage points
top of the list of concerns, was still high (cited by 55% of
themselves as highly or somewhat today? (Highly and somewhat vulnerable shown) higher than the Professional Services sector, which was
executives), but has now been overtaken by concerns about
vulnerable to threats has increased the vulnerability of information.
second on the list at 67%.
2017 2016 Point (+/-)
broadly. The emergence of the random The data also show a significant increase in the proportion
How vulnerable do you believe your company
perpetrator as a significant source of is to each of the following types of fraud today?
Virus/worm infestation 62% 54% +8 of respondents feeling vulnerable to environmental risk (up
risk may be contributing to feelings (Highly and somewhat vulnerable shown) 7 percentage points), geographic and political risk (up 9
Data deletion 58% 51% +7 percentage points), and terrorism (up 8 percentage points).
of uncertainty, along with concerns 2017 2015* Point (+/-)
over other “random” dangers such Information theft, loss, or attack Email-based phishing attack 57% 52% +5
How vulnerable do you believe your company is to
57% 51% +6 each of the following types of security incidents
as environmental or geopolitical risk (e.g., data theft)
today? (Highly and somewhat vulnerable shown)
and, of course, worries about insiders IP theft (e.g., of trade secrets),
56% 37% +19 Alteration or change of data 56% 47% +9
2017 2016 Point (+/-)
piracy, or counterfeiting
and other typical sources of risk
Data breach 55% 53% +2 Physical theft or loss
“learning new tricks”. This suggests Theft of physical assets or stock 55% 62% -7 of intellectual property
63% 57% +6
Vendor, supplier,
in their current mitigation approaches; or procurement fraud
51% 49% +2 Lost equipment with sensitive data 53% 49% +4
Workplace violence 50% 49% +1
they must look to new methods and
Market collusion (e.g., price fixing) 50% 26% +24 Denial of service attack 52% 47% +5
resources if they are to effectively Terrorism, including domestic
49% 41% +8
and international events
anticipate, detect, and respond to risks. Corruption and bribery 50% 40% +10
Wire transfer fraud
(email account takeover/impersonation)
50% 43% +7
Perceived Vulnerability Regulatory or compliance breach 49% 40% +9 The Healthcare, Pharmaceuticals, and Biotechnology industry
is especially on edge, as survey respondents reported losses
on the Rise Misappropriation of company funds 48% 40% +8 of personally identifiable information (“PII”), protected health
information (“PHI”), employee records, and intellectual property
With threats clearly increasing, it is not unexpected
Money laundering 43% 34% +9 at rates at least 15 percentage points higher than the market at
to see that the executives surveyed report a
large. In their article on page 36, Devon Ackerman and
heightened sense of vulnerability across the board.
Modern slavery/human trafficking 40% n/a n/a Brian Lapidus discuss how training, technology, and tone from
It is notable, however, that information-related risks
the top can prove beneficial in helping healthcare organizations
top the concerns in all sectors – fraud, cyber,
better protect the highly sensitive data they hold.
and security. *This question was asked in 2015, but not in 2016.
18 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: RESEARCH SUMMARY 19
investments that could potentially draw the attention of the U.S. Committee on Foreign Investment in the United States. actions they expect their company to implement Internal cyber security
in the next 12 months are intrusion detection policies and procedures
76% 17% 7%
systems that are device-based (57%), endpoint Security assessments of
threat monitoring (55%), and intrusion detection data and IT infrastructure
FRAUD Which of the following statements best reflects conducted in-house 74% 18% 8%
systems that are networked based (54%).
the current state of your company’s adoption of
Nearly all anti-fraud measures mentioned Network
anti-fraud measures? Cyber security is rapidly becoming a board Operations Center
in the survey were widely adopted by over 73% 19% 7%
governance mandate as the likelihood of an
70% of respondents. Board engagement HAVE IMPLEMENTED Recruitment of in-house IT
incident grows along with increasing regulatory security specialists
was the only measure which came in lower, HAVE NOT IMPLEMENTED, PLAN TO WITHIN 12 MONTHS 72% 18% 10%
pressures and costly reputational risks
at 68%, a surprisingly low percentage in the HAVE NOT IMPLEMENTED, NO PLANS TO
Security assessments of
associated with data privacy. While only 46% data and IT infrastructure
face of increasing regulations, regulatory conducted by third parties 70% 22% 8%
of respondents currently involve the board
enforcement, high incidence, and extremely Information
(IT security, technical of directors in cyber security policies and Security
wide and costly repercussions. However, countermeasures) 78% 16% 5% Operations Center
procedures, another 40% plan to do so in the 69% 25% 6%
25% of respondents said they planned to Financial
next 12 months. Third party cyber security
implement board of director engagement (financial controls, fraud detection,
policies and procedures
internal audit, external audit, 69% 23% 8%
in the next 12 months. The most widely anti-money laundering policies) 77% 18% 5% In their article on page 40, Andrew Beckett,
adopted anti-fraud measure is information Assets Paul Jackson, and Jason Smolanoff offer seven Cyber insurance
SECURITY
A large proportion of respondents have adopted security risk
mitigation measures, with security audits at the top of the table
(81%), followed by security training (80%), and development of a
physical security infrastructure (78%).
Given the high incidence and feelings of vulnerability around theft/
loss of IP, it’s surprising to see that developing a plan for securing
intellectual property is at the bottom of the list at 66%, almost in
line with implementing travel risk plans and procedures (65%).
However, reassuringly, almost a quarter (24%) of respondents plan
to implement these measures in the next 12 months. Conclusion
Which of the following statements best reflects The 10th Kroll Global Fraud & Risk Report highlights yet
the current state of your company’s adoption of
security risk-mitigation measures? another increase in fraud, cyber, and security incidents
HAVE IMPLEMENTED experienced by companies around the world. As executives
HAVE NOT IMPLEMENTED, PLAN TO WITHIN 12 MONTHS strive to cope with new challenges, stay ahead of ever-
HAVE NOT IMPLEMENTED, NO PLANS TO
evolving threats, and adapt appropriately, it has become
Perform a security audit a constant battle that requires rigorous planning and
81% 13% 7%
implementation, as well as adequate resources.
Perform security training
80% 17% 4%
Develop physical
In today’s digitized and globalized markets, the value and vulnerability of
security infrastructure information has made it among the most difficult of assets to protect. It is not
78% 16% 7%
Implement threat surprising that respondents report a heightened sense of vulnerability across the
management plans and board, and that information-related threats top the list of concerns in all risk areas –
procedures 75% 18% 7%
fraud, cyber, and security.
Develop security policies
and procedures Given the costly and wide-ranging repercussions that companies suffer from
75% 20% 6%
incidents, the imperative has never been greater to focus efforts on effective
Implement business
continuity plan preparedness, response, and remediation measures. However, the convergence
73% 19% 8%
of a global economy, complex digital connections, and perennial human factors
Conduct a threat and
vulnerability assessment
means that many risks are no longer solely a fraud, cyber, or security problem.
72% 19% 9%
Rather, the findings crystallize the need for multidisciplinary approaches if
Implement an executive
organizations are to better manage their risks going forward.
protection plan
72% 22% 6%
Develop and implement an
information security plan
72% 18% 9%
Create a security
master plan
68% 22% 10%
Develop a plan for securing
intellectual property
66% 24% 9%
Implement travel risk plans
and procedures
65% 24% 10%
GLOBAL FRAUD & RISK REPORT: COMMENTARY 23
Are We Winning
the Battle Against Bribery
and Corruption?
Written by Richard Dailly, Arturo del Castillo, and Paul Nash
This year’s Global Fraud & Risk Report survey found that the
incidence of bribery and corruption had increased from 15%
in 2016 to 21% this year, moving from 10th place to 5th place
on the list of types of fraud experienced. Looking back further
to the 2015 survey results, we can see that reports of bribery
and corruption have almost doubled over the last two years,
increasing from 11%.
Commentary
Furthermore, the UK Criminal Finances Act promises to be a powerful tool in the
fight against corruption. The Act, which came into effect on September 30th, 2017,
establishes a new corporate offense of failure to prevent the facilitation of tax evasion,
and introduces Unexplained Wealth Orders.
1
Lawler, D. (2012). Frequently Asked Questions in Anti-Bribery
and Corruption. Wiley, 326.
26 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: COMMENTARY 27
Assets in Fraud history of the target debtor, going back long before the
date of the loan or transaction. The asset search should
complex jurisdictions and in some where it is traditionally
hard to make recoveries. Throughout all these stages
to successfully pierce the corporate veil. Kroll conducted
public record research and local human source inquiries to
Arbitration Awards, may contain evidence and important leads to assets such as
real estate, business holdings, bank accounts, cars, boats
to enforcement.
The number of countries where assets can be safely
as the Middle East, and North and South America.
Kroll provided expert witness reports in support of a civil
and Judgments
and planes, and receivables, among other items. fraud claim in the UK and to recover assets in several
hidden is actually shrinking, but the ways in which assets
Social media also has become a rich source of asset-related can be concealed has grown. These are abetted by the jurisdictions. Our cyber team secured, processed,
Written by Glen Harloff, Dan Karson, and Alex Volcic information. For example, Kroll has often found assets and proliferation of private investment vehicles and the speed and reviewed more than 100 terabytes of electronic
evidence disclosed by debtors and their families on social of electronic transfers; the complicity of bank managers in documentation and produced trial bundles for court
media pages that were not password protected. This is not some jurisdictions, despite anti-money laundering laws and proceedings. We worked with the client to report to the
Respondents to this year’s Global Fraud a rare occurrence. In our 24/7, need-to-communicate, tell-all the banks’ own internal rules; the remaining countries which financial regulator and to assist the regulator’s investigation.
world, the subjects of investigations and their families can still profit from being asset flight havens; and for some of the The civil judgment, issued in the UK and in favor of the bank,
& Risk Report survey cited a significant has resulted in the recovery of a significant proportion of
be indiscreet and indiscriminate, broadcasting, for example, highest net worth dodgers, there still are governments and
increase in fraud-related losses. pictures of their weekend homes and luxury possessions. heads of state who provide shelter, undoubtedly for a price. the fraud proceeds. In criminal proceedings, two of the key
defendants have been found guilty and are facing substantial
In the case of an internal fraud, once a fraud allegation has Once these tracks have been laid and analyzed, the strategy However, creditors seeking expert help can have realistic
custodial sentences.
been made and investigated, the imperative usually shifts may shift to external inquiries or human intelligence. hopes of making potentially significant loss recoveries,
to loss recovery. Similarly, arbitration awardees, judgment even in challenging jurisdictions. If the facts merit an Norwich Pharmacal Orders available in the UK and former
If the debtor/fraudster is still involved in an active business,
creditors, and financial institutions that are chasing debtors official criminal investigation, creditors should also consider UK jurisdictions and/or Discovery Orders, as often referred to
that’s good news. It means there should be receivables,
with non-performing loans often need expert assistance to government assistance under a Mutual Legal Assistance elsewhere, are civil tools similar to MLAT, which may provide
cash flow, banking relationships, credit cards, customers,
identify assets that can be frozen and recovered. Treaty (“MLAT”). MLATs are multinational treaties that investigators with information such as banking records or the
and suppliers. (When applying for a loan or line of credit,
facilitate, among other things, obtaining in one signatory identity of directors, officers, and shareholders of offshore
Few debtors start out intending to default on a loan. fraudsters often provide detailed net worth statements listing
country evidence of certain designated crimes committed companies. A Norwich Pharmacal Order was instrumental in
Nor do they (or can they) erase the early asset footprints assets and liabilities.) Other live sources of information can
by an individual(s) or business entity(ies) in another signatory assisting Kroll in a multijurisdictional case:
they leave behind. The same can be said even for be former employees, vendors (“Who was the payee bank?”),
customers (“What bank negotiated your payment?”), former country. The remedy is available only to governments. Working for a Middle East client, Kroll identified the diversion
perpetrators of fraud. How then do you find the money?
business counterparties, and litigation adversaries. However, many asset search investigations are conducted of USD 5 million from the company’s bank account. Although
in parallel with government investigations where the no suspects were identified, investigators were able to trace
government has the discretion to assist a victim creditor. the funds to a financial institution in the Caribbean region.
The interplay between an internal review of books and Kroll prepared an affidavit describing the circumstances of
records and external inquiries was very important in a recent the investigation, and with the assistance of local Caribbean
Kroll case: counsel, Kroll obtained a Norwich Pharmacal Order against
the bank to disclose details of the bank account, including
A Russian bank had experienced a fraud on its trading floor
Know Your Client (“KYC”) information. The order identified
which led to losses of over USD 300 million. Kroll conducted
the beneficial owners of the bank account and also over
an onsite investigation comprising a financial review of
USD 4 million of the funds still sitting in the account.
the Bloomberg trading system and forensic interviews,
With further assistance from counsel, the funds were
supported by computer forensics and public record research.
immediately frozen and eventually returned to the client.
This phase of work confirmed that the bank had suffered a
fraud and supported legal proceedings in London to freeze Few situations are more frustrating than winning a money
assets and obtain disclosure. In the second phase of work, judgment or award and chasing a debtor or crook
Kroll collaborated with the client and its legal advisors to who conceals assets and lives large. But an organized
implement a civil and criminal investigation strategy to obtain investigative strategy and the use of available tools can break
further disclosure and to trace the proceeds of the fraud. down walls. The target may run, but increasingly, it is far
GLEN HARLOFF DAN KARSON ALEX VOLCIC more difficult to hide.
Using MLAT proceedings, Kroll supported the bank
Senior Managing Director Chairman, Americas Managing Director, in obtaining information regarding the flow of funds
Investigations and Disputes, Investigations and Disputes, Head, Russia & CIS
LATAM North America Investigations and Disputes, EMEA
gharloff@kroll.com dkarson@kroll.com avolcic@kroll.com
28 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: COMMENTARY 29
Emerging Markets – power generation, and distribution grids. This is not just an
engineering challenge. It requires institutional capacity and a
private sector infrastructure investment in India has slowed
down due to a combination of stretched corporate balance
debilitating sponsor governments and freezing projects
mid-construction. The issue was recently highlighted with the
When It Comes to MAKE SECURITY PART OF THE WORK from a desktop as from a cloud storage device. abrill@kroll.com
PROCESS TO PROMOTE SUSTAINABILITY. Criminals know it’s far easier to trick an employee into
Information Security, Does the continued occurrence of data breaches mean that
security-related training, policies, and protocols do not work?
making a mistake by using social engineering. Criminals take
advantage of goodwill in human nature. Consider the lost key
Employees Can Be No – it means that these elements are not enough when
implemented in a standalone way. The key to leveraging their
drop. An employee finds a ring of keys on company property
with no nametag, but it does have a USB memory device.
Your Most Important benefits more fully is to make information security part of The employee plugs the USB flash drive into his or her
employee workflows. computer, hoping to find information that will help reunite the
keys with their owner. The employee unwittingly has installed
Asset and Your An approach that Kroll has found to be effective is to
determine an overall risk rating (ORR) for processes that
malware that could devastate the company.
Greatest Threat touch key data. Start with a security review that focuses on The protection against this is simple – train people, then test
how employees work and think. This is not an audit. Indeed, their training. A good security training plan is more than just JONATHAN FAIRTLOUGH
a lecture – it is a running test. Spoof emails and see who Managing Director
80% of all respondents to Kroll’s survey are already engaging
Written by Alan Brill, Jonathan Fairtlough, Kenya Mann Faulkner, Cyber Security and Investigations
in security audits. An audit reviews existing controls at one responds. Have an outsider try to walk in carrying a pizza.
and John Friedlander jfairtlough@kroll.com
point in time. Management must follow the same rules. Nothing
undermines a security protocol more than senior managers
The script for a large-scale information This approach begins by understanding what must be
secured: What do you have worth protecting? Who needs who fail to wear a badge, or who use their own equipment
security failure has become predictable. and/or have special access rights.
to access it and from where? Why does the current process
Employee/trusted vendor makes an error pose a risk? What is the probability of the risk, and what is Management also needs to support people when they follow
in configuration or design, or fails to follow the impact to the business if the risk is realized? What is the the protocols. Let’s say a CFO really does call an accountant
good security practices. Hacker/thief takes cost of mitigating the risk? and order an immediate funds transfer, but the accountant
advantage of error. Media/regulator/litigant Consider this scenario. ABC Company relies on an outside refuses to violate the protocol. If the employee is punished,
sales team for revenue. Salespeople need access to people will be afraid to follow the rules in the future.
causes company and CEO to publicly pay
customer data. Each salesperson uses a company-provided
for the failure. KENYA MANN FAULKNER
laptop daily for email, calendar, document drafting, and
In response to this repeating corporate nightmare, companies social media. Over time, that laptop is full of old data, poorly GIVE PEOPLE THE TOOLS Managing Director
have stepped up their ability to try and police preventable updated, rarely backed up, and often used for personal as TO FOLLOW THE RULES. Investigations and Disputes
kenya.faulkner@kroll.com
errors. 76% of companies surveyed by Kroll have cyber well as work activity. When it gets lost, stolen, or hacked, Some simple tools can have a big impact. A locked drawer
security policies and procedures, and 74% (76% last a breach occurs. in which to place sensitive information at lunchtime or at
year) have already implemented employee training and New scenario: Each salesperson has a tablet with paid the end of the day. A privacy shield to prevent unauthorized
whistleblower programs. A mentality of user distrust is cellular access. The customer data and forms are stored in viewing of a laptop screen used on an airplane. A dedicated
becoming the norm in IT Security departments. We’ve heard a document management system in the cloud, and never number to call when a question arises. Support security!
more than one IT manager refer to employees as “the enemy,” on the tablet. The tablet has mobile device management By assessing how your employees really work and then using
noting that “computers don’t commit crimes, people do!” software that blocks all browsing. If lost, the device is that knowledge to put in place the right rules, tools, and
Yet, the number of data breaches has not slowed down. encrypted and can be remotely wiped. No local storage, compliance mechanisms, you can make your people a part
no vampire data or data hoarding. No “drive-by” infection. of your security solutions – both cyber and physical – and by
Security improves because it is now part of the workflow. doing so, they can become your greatest security asset.
JOHN FRIEDLANDER
Senior Director
Security Risk Management
jfriedlander@kroll.com
32 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: COMMENTARY 33
While natural disasters or civil disorder are UNETHICAL BUSINESS PRACTICES DEALINGS WITH SANCTIONED ENTITIES
viewed as the most disruptive and costly In the last year, investigative media exposed numerous AND ORGANIZED CRIME
supply chain risks, fraud or breaches of instances of forced and child labor, land-rights issues, Relationships and business activities deep in the supply
environmental or human rights laws are far and poor working conditions in the supply chains of chain can expose organizations to a host of risks, including
prominent international brands. This often resulted links with organized crime and dealings with sanctioned
more common – and often more damaging
in protracted internal investigations and fundamental individuals or entities. For example, recent in-house Kroll
– than geopolitical black swan events. In fact, damage to brands. For example, a chemicals company analysis found significant numbers of vessels used in
they are becoming a much greater concern supplying the cosmetics and car manufacturing worldwide commerce are beneficially owned or controlled
for international corporations, as evidenced in industries was named in the media as using suppliers of by politically exposed persons, with others controlled by
mica who source this mineral from illegal mines in India state-owned enterprises, potentially putting organizations at
Kroll’s 2017/18 Global Fraud & Risk Report,
using child labor. Half a dozen of the world’s leading risk for dealing with sanctioned entities.
which shows these insidious supply chain car manufacturers were then attacked by pressure
One recent case is also instructive: A whistleblower from
risks are on the rise. groups for not doing enough to prevent this. In another
the Singapore regional headquarters of a Japanese
case, a leading Australian newspaper group was the
Because supply chain and procurement functions are conglomerate informed management that an Indian vendor
target of a number of NGOs over their Korean supplier’s
typically quietly embedded in any given international and one of its employees were colluding to fabricate work
history of gross environmental destruction in remote
corporation’s key processes, they are a potential source orders for non-existent repairs. The fraud represented
West Papua, Indonesia.
of fraud and reputation risk. This is reflected in responses significant annual losses, and subsequently led to the
from the companies queried in our survey, where more than discovery of further vendor issues in Southeast Asia and
30% indicated that vendors and suppliers were the key beyond, including possible links to organized crime.
perpetrators of fraud incidents. This is up four percentage
points from last year’s survey.
This article briefly outlines some of the most common supply
chain risks that Kroll has seen in our engagements and offers
strategies that organizations can use to identify and mitigate
risks in a proactive way.
KEVIN BRAINE
Managing Director,
Head of EMEA, Compliance
kevin.braine@kroll.com
TRADE SECRET AND INTELLECTUAL SUPPLY CHAIN RISKS ARE AMPLIFIED LESSONS LEARNED TRANSLATE INTO
PROPERTY LEAKS WHEN COMPLEXITY AND COMPLACENCY PROACTIVE RISK MITIGATION STRATEGIES
Brand owners that fail to properly evaluate the physical, IT CONVERGE Lessons learned from recent incidents highlight the fact that many
systems, applications, and overall information security in While these incidents may seem unusually complex, and corporations share the same vulnerabilities when it comes to
use by their vendors face the risk of losing product and therefore difficult for the respective companies to have identifying unethical or fraudulent third parties. They also provide
process technologies, as well as other trade secrets. In detected, they are anything but unusual in today’s global risk a road map for building more effective compliance programs.
fact, contracted manufacturers themselves can become environment. This in fact is the new norm in supply chain • Establish risk-based compliance programs. One-size-fits-all
competitors. This was the case when a manufacturer risk, and it demonstrates the increasing demands placed compliance can waste resources and often miss critical red
of highly engineered and patented rubber bushings on global businesses to understand precisely who they are flags of problematic behavior.
established a second business by producing an unlabeled working with and what their activities are, no matter how
• Seek independent verification of vendor integrity. Over-reliance JULIAN GRIJNS
version of the same product. distant a supplier may seem from day-to-day operations. on self-certification does not offer real assurance as to a Managing Director,
Yet despite these risks and challenges, more than a quarter vendor’s integrity. After all, a third party may sign your supplier Investigations and Disputes,
of global respondents said they have not adopted anti- code of conduct, but do they really comply? North America
fraud measures such as due diligence on partners, clients, jgrijns@kroll.com
• Monitor historical relationships. Over time, the risk profile and
and vendors. compliance of a third party can change significantly and this
Many cases involve third-party suppliers based in emerging should trigger additional scrutiny.
markets, particularly South and Southeast Asia – and for good • Enforce audit rights or ask hard questions. This is especially
reason. Supply chain visibility in these regions is extremely critical when the relationship with a supplier starts to sour.
challenging. Weak rule of law, unreliable corporate information,
• Centralize compliance processes. Many larger organizations
regular use of insulating proxy companies between have not centralized their processes and therefore struggle
controversial entities and global suppliers, and the profusion to properly identify their third parties. This makes applying a
of third-country subcontractors ostensibly domiciled in consistent approach to detect and monitor potential supply
relatively lower-risk countries such as Hong Kong, the UAE, chain fraud extremely tricky and can have some distressing
and Singapore all contribute to this opacity. consequences. For example, all too often, we have seen TAD KAGEYAMA
a business unit continue to do business with a third party Regional Managing Director,
Even long-term vendors or contract manufacturers present
while the rest of the group may have decided to stop the Head of Asia Operations,
their own sets of risks. Management may often become
relationship after issues were identified. Investigations and Disputes, APAC
too trusting or in some cases complacent about closely
Once an organization has a firm grip on its supplier universe, tkageyama@kroll.com
monitoring such relationships. At the other end of the
spectrum, supply chain onboarding processes and audits protecting itself from fraud and reputational risk becomes a less
at most corporations are typically insufficient to detect such daunting task. A common sense, risk-based approach should
issues, especially in multi-regional supply chains and for ensure that an appropriate level of due diligence is conducted on
those operating in multiple emerging market environments. higher risk suppliers and a simple escalation process needs to be
in place to ensure that potential breaches are investigated and
dealt with in a proactive manner.
CEM OZTURK
Managing Director,
Investigations and Disputes, APAC
cozturk@kroll.com
36 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: COMMENTARY 37
Training, Technology,
and Tone from the Top:
Remedies for Stemming
Data Loss in Healthcare
Written by Devon Ackerman and Brian Lapidus
Findings from this year’s Global Fraud & In an example of accidental exposure, an employee Kroll has also helped clients respond and remediate
downloaded 10,000 patient records onto an unencrypted ransomware matters, where clients have found their
Risk Report underscore the severity of
USB drive to do some analysis; he was under a deadline and data was inaccessible, and unreadable except for one
risks facing the global healthcare industry. simply wanted to be able to work remotely. Unfortunately, message: their data was encrypted and a ransom with
Healthcare industry survey respondents who the USB drive disappeared. We recommended tighter bitcoin was required to receive a decryption key. Ultimately,
experienced at least one cyber incident in the infrastructure controls (turn off ports so that employees an organization will want to rely on backups of data stored
cannot connect external devices to the network) and on separate systems to rebound, which means a strenuous
past 12 months reported losses of personally
employee training (proper and secure data handling that backup schedule, in addition to employee training, as
identifiable information (“PII”), protected follows company protocol). ransomware is often deployed via a phishing attack. Security
health information (“PHI”), employee records, patches are essential, because ransomware attacks exploit DEVON ACKERMAN
Kroll was involved in an investigation of an individual
and intellectual property at rates at least (a malicious insider) who learned that their position was
known vulnerabilities most of the time. Most organizations Associate Managing Director
15 percentage points higher than the market are unaware that they should treat a ransomware incident Cyber Security and Investigations
likely to be eliminated and decided to use their broad
like a data breach. Because it is difficult to know what was devon.ackerman@kroll.com
at large. network access to download hundreds of gigabytes of
accessed, viewed, or exfiltrated, you don’t want the clock to
patient, employee, donor, and financial data to a removable
It is no secret healthcare entities regularly collect and store start ticking on a potential breach without essential advance
hard drive to leverage for “insurance.” The employee had
vast amounts of personally identifiable information belonging preparation.
made insinuating remarks when let go, such that staff began
to patients, consumers, and employees, including Social questioning what might have occurred. Kroll was brought in Leaders who set the tone from the top about the
Security number, date of birth, credit card information, for forensic analysis and, over the course of the next week, importance of information security can make a big impact
medical insurance, and driver’s license number. Each of identified the data taken, including volume and timing, and with employees. This was particularly evident when Kroll
these data points is highly valued by cyber criminals and used that information to help the client get ahead of the recently entered into a new client relationship with a hospital
often tied to even more sensitive patient information, such as pending data breach-related issues surrounding the theft. system. Its privacy officer spoke with great reverence about
medical diagnoses and health history. their “duty to maintain the sanctity of the patients’ data.”
In a case of social engineering/phishing, an organization’s
Given the nature of the health industry, the need for open By emphasizing how data privacy and security ultimately
human resources department was targeted during
sharing of data to provide proper care intensifies the risk. tax season by a phishing scheme. An email appeared
enhances the care of constituents, the privacy officer BRIAN LAPIDUS
Healthcare providers, administrators, and staff must all significantly raised awareness of the patient data privacy Managing Director,
to be coming from an internal executive requesting
be able to access, edit, and transfer voluminous amounts issue, which in turn helped the staff make it an integral part Practice Leader,
W-2 information on employees. Personnel complied with
of their daily activities. Identity Theft and Breach Notification
of data. This provides ample opportunity for accidental this very legitimate-looking order from leadership, including
blapidus@kroll.com
exposure or malicious theft of the data by insiders. a follow-up to transfer funds via wire. The end result was a The healthcare entity that starts from the position of treating
In addition, there has been an uptick in recent years of compromise of employee data as well as a loss of thousands their data with the same level of care as their patients will
incidents reported to the U.S. Department of Health and of dollars. Training became an absolutely essential part find it easier to train a vigilant eye toward the unique data
Human Services caused by external hackers. of proactive measures to mitigate this kind of threat; this compromise threats the industry faces.
In this environment, security efforts can seem daunting. included sharing frequent alerts with employees regarding
A review of representative Kroll casework gives a better scams making the rounds. Tighter protocols for disclosure
picture of what can happen and how to respond. of PII or transfer of funds, even when involving the C-suite,
were also implemented.
38 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: COMMENTARY 39
1
http://bit.ly/UnclassifiedCFIUSAnnualReport-2015
40 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: COMMENTARY 41
India
11
1 6
7
2
12
Global
9
3 10
Risk Map
4
India
Canada
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
92 79
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
92
BY FRAUD IN THE PAST 12 MONTHS. feelings of vulnerability for respondents at 59%.
Theft of physical assets or stock 41% 27% breaches (38%), with customer records most often being
4% points above 2016
targeted, cited by 50% of respondents. Those responsible for security incidents were identified by
8% points above the global average Information theft, loss, or attack (e.g., data theft) 38% 29%
respondents in Canada as ex-employees, cited by 45% of
Respondents in Canada are not feeling particularly vulnerable
Internal financial fraud (manipulation of company results) 31% 23% respondents.
to cyber incidents. At most, they feel highly or somewhat
FRAUD vulnerable to email-based phishing attacks, denial of service MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
MOST COMMON PERPETRATORS Global Avg.
The number of respondents reporting an incident of fraud attacks, and virus/worm attacks, each cited by 57% of
Physical theft or loss of intellectual property 56% 41%
grew from 88% in 2016 to 92% in this year’s report, well Customers 39% 22% respondents.
above the global average of 84%. The most common Workplace violence 26% 23%
Freelance/temporary employees 33% 26% Almost a third (31%) of respondents in Canada said
type of fraud experienced by respondents in this country Environmental risk (including damage caused by natural
Junior employees 28% 39% that ex-employees were responsible for cyber security disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 26% 28%
was theft of physical assets or stock, 41% versus 34%
incidents. However, random cyber criminals were named as
last year, and 14 percentage points higher than this year’s Ex-employees 28% 34% MOST COMMON PERPETRATORS Global Avg.
perpetrators by over half (53%) of respondents, highlighting
global average. Information theft, loss, or attack was close
that this is a particularly challenging problem in the region. Ex-employees 45% 37%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
behind, experienced by 38% of respondents, which was
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
9 percentage points higher than the global average. MOST COMMON TYPES OF CYBER INCIDENT Global Avg. RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
FRAUD RISKS Global Avg.
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Customers were reported to be the most likely perpetrators Information theft, loss, or attack (e.g., data theft) 59% 57%
Email-based phishing attack 41% 33% SECURITY RISKS Global Avg.
of fraud by those who experienced an incident. Almost four Data breach (e.g., resulting in loss of customer
Management conflict of interest 59% 52% or employee data, IP/trade secrets/R&D) 38% 27% Physical theft or loss of intellectual property 59% 63%
in 10 (39%) said that customers were to blame, compared
Geographic and political risk
with those who identified freelance/temporary employees Internal financial fraud (manipulation of company results) 59% 52% Virus/worm attack 33% 36% (i.e., operating in areas of conflict) 48% 53%
(33%), and junior employees and ex-employees (28% of
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
respondents named both categories). MOST COMMON PERPETRATORS Global Avg.
Financial (financial controls, fraud detection, internal audit,
Despite the significantly high level of reported fraud, external audit, anti-money laundering) 83% 77% Random cyber criminals 53% 34%
respondents in Canada are not feeling highly vulnerable. Management (management controls, incentives, external
supervision such as audit committee) 78% 74% Ex-employees 31% 28%
Respondents were most likely to report feeling highly or
somewhat concerned with three risk areas – information RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
MOST COMMON MEANS OF DISCOVERY Global Avg.
theft, management conflict of interest, and internal financial OR SOMEWHAT VULNERABLE TO THE FOLLOWING
CYBER RISKS Global Avg.
fraud, but at 59% each, these levels are virtually on par with By a whistleblower at our company 53% 47%
global averages of 57%, 52%, and 52%, respectively. Email-based phishing attack 57% 57%
While the most common anti-fraud measure taken by Denial of service attack 57% 52%
respondents to this year’s survey was financial controls
Virus/worm attack 57% 62%
(including fraud detection, reported as being in place by
83%), management controls (78%) and the implementation MOST COMMON TARGET Global Avg.
India
United States
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
87 73
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
91
BY FRAUD IN THE PAST 12 MONTHS.
Information theft, loss, or attack (e.g., data theft) 51% 29% attack (64% against an average of 41%), with customer competitors (35%).
11% points above 2016
records being the second most common target (45%).
7% points above global average Theft of physical assets or stock 33% 27% Respondents in the United States are feeling significantly
Ex-employees are the most common perpetrators for cyber more vulnerable to security risks this year as compared
Management conflict of interest 33% 26%
incidents in the United States, cited by 36% of respondents with last year. 69% of respondents report feeling highly or
FRAUD IP theft (e.g., of trade secrets), piracy, or counterfeiting 31% 20% who experienced an attack, followed by random cyber somewhat vulnerable to environmental risk, an increase of
Respondents in the United States reported one of the criminals (31%). 24 points over last year. While slightly fewer – 67% – feel
Internal financial fraud (manipulation of company results) 27% 23%
highest overall incidences of fraud in this year’s survey at highly or somewhat vulnerable to geographic and political
Respondents in the United States were most likely to feel
91% of executives surveyed, well above the global average MOST COMMON PERPETRATORS Global Avg. risk, this year’s number is fully more than double last year’s
highly or somewhat vulnerable to virus/worm attacks (71%),
of 84% and also higher than last year’s figure of 80%. figure of 28%, an increase of 39 percentage points. Fears
Junior employees 48% 39% followed closely by data deletion and ransomware (each
Information loss, theft, or attack was cited by over half over terrorism, reported by 58% of respondents, spiked 30
cited by 70%).
Ex-employees 41% 34% percentage points this year.
of U.S. respondents (51%), the highest incidence in the
IT service vendors would be the most popular first port of
survey and much higher than the global average of 29%. Senior or middle management employees 30% 27%
call for cyber victims, cited by 48% of respondents in the MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
Respondents also reported one of the highest incidences of Freelance/temporary employees 30% 26% United States against a global average of 35%. Environmental risk (including damage caused by natural
fraud caused by management conflict of interest (33%). This Vendors/suppliers (i.e., a provider of technology or services disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 39% 28%
was equal to the number reporting thefts of physical assets to your company) 30% 30%
MOST COMMON TYPES OF CYBER INCIDENT Global Avg. Physical theft or loss of intellectual property 37% 41%
or stock (33%). Agents and/or intermediaries (i.e., a third party working
on behalf of your company) 30% 24% Geographic and political risk (i.e., operating in areas of
Email-based phishing attack 39% 33% conflict) 34% 20%
Reflecting their actual experience, 73% of U.S. respondents
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
feel highly or somewhat vulnerable to information theft, OR SOMEWHAT VULNERABLE TO THE FOLLOWING Virus/worm attack 37% 36%
MOST COMMON PERPETRATORS Global Avg.
compared to a global average of just 57%. Additionally, the FRAUD RISKS Global Avg. Data breach (e.g., resulting in loss of customer or employee
data, IP/trade secrets/R&D) 33% 27% Random perpetrators 37% 30%
percentage who feel especially vulnerable to management Information theft, loss, or attack (e.g., data theft) 73% 57%
conflict of interest is the highest among respondents in all MOST COMMON PERPETRATORS Global Avg.
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Management conflict of interest 70% 52%
countries in this report. Ex-employees 36% 28% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
SECURITY RISKS Global Avg.
Technological issues were blamed for an increase in Internal financial fraud (manipulation of company results) 63% 52%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Environmental risk (including damage caused by natural
vulnerability to fraud, more than any other reason, with 54% OR SOMEWHAT VULNERABLE TO THE FOLLOWING 69% 56%
IP theft (e.g., of trade secrets), piracy, or counterfeiting 60% 56% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.)
CYBER RISKS Global Avg.
citing the complexity of IT infrastructure and 45% blaming Geographic and political risk (i.e., operating in areas of
Vendor, supplier, or procurement fraud 60% 51% conflict) 67% 53%
increased exposure to digital touchpoints, both well above Virus/worm attack 71% 62%
global averages. MOST COMMON ANTI-FRAUD MEASURES Global Avg. Physical theft or loss of intellectual property 65% 63%
Data deletion 70% 58%
Internal audits were the most common method of discovery, Financial (financial controls, fraud detection, internal audit,
external audit, anti-money laundering) 84% 77% Ransomware attack 70% 55%
credited by over half of respondents who had experienced
Assets (physical security systems, stock inventories, tagging, MOST COMMON TARGET Global Avg.
an incident (51%). asset register) 82% 77%
Management (management controls, incentives, external Employee records 64% 41%
Junior employees were reported by nearly half (48%) of supervision such as audit committee) 79% 74%
respondents as being the main perpetrator of fraud that their Customer records 45% 48%
Information (IT security, technical countermeasures) 78% 78%
organization had experienced, a significant rise on last year’s
MOST COMMON PARTY TO CONTACT
reported figure of 36%. Staff (background screening) 78% 73% WHEN A CYBER INCIDENT OCCURRED Global Avg.
MOST COMMON MEANS OF DISCOVERY Global Avg. IT service vendor 48% 35%
India
Middle East PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
71 64
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
66
BY FRAUD IN THE PAST 12 MONTHS.
Regulatory or compliance breach 24% 20% and company/employee identity, each cited by 45% of respondents), but almost the same proportion (32%) said they
22% points below 2016
respondents. The number one target last year was physical had suffered from incidents associated with environmental
18% points below global average Management conflict of interest 22% 26%
assets/money (47%), which slipped to fifth place in this risks, including damage caused by natural disasters.
Theft of physical assets or stock 19% 27% year’s survey (36%). Executives in the Middle East were most likely to feel
FRAUD Respondents in the region felt highly or somewhat vulnerable highly or somewhat vulnerable to physical theft/loss of IP
MOST COMMON PERPETRATORS Global Avg.
The number of respondents in the Middle East reporting a to virus/worm attacks (80%), data deletion (76%), and wire (61%, generally in line with the global average of 63%) and
fraud incident in the last 12 months dropped to 66%, down Junior employees 62% 39% transfer fraud (65%), all of which were significantly more than environmental risk (56%).
from 88% last year. the global averages.
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
The most widespread fraud incidents were a regulatory OR SOMEWHAT VULNERABLE TO THE FOLLOWING
MOST COMMON TYPES OF CYBER INCIDENT Global Avg. MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
FRAUD RISKS Global Avg.
or compliance breach, cited by 24% of respondents,
management conflict of interest (22%), and theft of physical Lost equipment with sensitive data 31% 19% Physical theft or loss of intellectual property 34% 41%
Corruption and bribery 61% 50%
assets or stock (19%). Environmental risk (including damage caused by natural
Data deletion 27% 25% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 32% 28%
Misappropriation of company funds 61% 48%
Junior employees were the most likely to be named as Email-based phishing attack 25% 33%
Information theft, loss, or attack (e.g., data theft) 58% 57%
perpetrators of fraud in the Middle East (62%) compared MOST COMMON PERPETRATORS Global Avg.
with just 34% last year. This year’s figure was also 23 IP theft (e.g., of trade secrets), piracy, or counterfeiting 58% 56% MOST COMMON PERPETRATORS Global Avg.
Ex-employees 39% 37%
percentage points higher than the global average of 39%. Internal financial fraud (manipulation of company results) 58% 52% Competitors 33% 23%
Fraud was more likely to be identified by management within RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Vendor, supplier, or procurement fraud 58% 51% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
the company, according to respondents in the Middle East. OR SOMEWHAT VULNERABLE TO THE FOLLOWING SECURITY RISKS Global Avg.
More than half (54%) said that management had uncovered MOST COMMON ANTI-FRAUD MEASURES Global Avg. CYBER RISKS Global Avg.
Physical theft or loss of intellectual property 61% 63%
a fraud incident, compared with 38% who said that it was Financial (financial controls, fraud detection, internal audit, Virus/worm attack 80% 62% Environmental risk (including damage caused by natural
uncovered through an external audit and 36% who named external audit, anti-money laundering policies) 69% 77%
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 56% 56%
an internal audit. The number of respondents who said fraud Assets (physical security systems, stock inventories, tagging, Data deletion 76% 58%
asset register) 69% 77%
was uncovered by a whistleblower fell from the number one Wire transfer fraud (email account takeover/impersonation) 65% 50%
position in 2016 (50%) to the fourth most likely source in this Information (IT security, technical countermeasures) 69% 78%
India
Italy
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
92 56
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
90
BY FRAUD IN THE PAST 12 MONTHS.
IP theft (e.g., of trade secrets), piracy, or counterfeiting 28% 20% In line with last year, ex-employees were the key perpetrators 67% of respondents in Italy felt highly or somewhat vulnerable
13% points above 2016
6% points above global average Theft of physical assets or stock 26% 27% of cyber incidents in Italy (28%), on par with the global to terrorism threats, 18 percentage points higher than the
average (28%). global average of 49%. Second on the list was physical theft
Information theft, loss, or attack (e.g., data theft) 26% 29%
or loss of intellectual property, close behind at 65%.
FRAUD Executives in Italy felt particularly vulnerable to cyber
MOST COMMON PERPETRATORS Global Avg. incidents compared to respondents in other regions. MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
The incidence of fraud reported by respondents in Italy was
Ex-employees 34% 34%
They were most likely to feel highly or somewhat vulnerable
90%, which is 6 percentage points above the global average Physical theft or loss of intellectual property 33% 41%
to a ransomware attack and virus/worm attack (64% each),
of 84% and a significant increase on last year’s figure of 77%. Senior or middle management employees 31% 27% Geographic and political risk (i.e., operating in areas of
followed closely by alteration or change of data and data conflict) 21% 20%
The three most common types of fraud reported were IP Freelance/temporary employees 26% 26% deletion (62% each). Environmental risk (including damage caused by natural
theft (28%), theft of physical assets or stock (26%), and disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 21% 28%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
The most likely targets for cyber incidents were customer
information theft, loss, or attack (26%). Regulatory or
OR SOMEWHAT VULNERABLE TO THE FOLLOWING records (39%), followed by company/employee identity (36%). MOST COMMON PERPETRATORS Global Avg.
compliance breach dropped out of the top three reported FRAUD RISKS Global Avg.
fraud incidents in this year’s report. MOST COMMON TYPES OF CYBER INCIDENT Global Avg. Random perpetrator 36% 30%
IP theft (e.g., of trade secrets), piracy, or counterfeiting 62% 56%
Ex-employees were cited as key perpetrators of fraud Email-based phishing attack 49% 33%
Information theft, loss, or attack (e.g., data theft) 54% 57% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
incidents by just over a third (34%) of respondents in Italy Virus/worm attack 44% 36% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
who suffered from attacks, followed by senior or middle SECURITY RISKS Global Avg.
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
management employees (31%) and freelance or temporary MOST COMMON PERPETRATORS Global Avg. Terrorism, including domestic and international
Risk (risk officer and risk management system) 83% 75% events 67% 49%
employees (26%). Current junior employees, reported as the Ex-employees 28% 28%
Assets (physical security systems, stock inventories, tagging,
main perpetrators of fraud in last year’s report (50%), were asset register) 75% 77%
Physical theft or loss of intellectual property 65% 63%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
far less likely to be named as the culprits this year (20%). OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Information (IT security, technical countermeasures) 74% 78%
CYBER RISKS Global Avg.
A majority (62%) of respondents in Italy felt highly or somewhat
Board of Director engagement 74% 68%
vulnerable to IP theft, 6 percentage points higher than the Ransomware attack 64% 55%
“The vast majority of respondents in Italy had experienced
global average of 56%. Information theft, loss, or attack was Staff (training, whistleblower hotline) 69% 74%
a cyber incident according to this year’s survey,
also a major concern, with 54% of respondents feeling highly Virus/worm attack 64% 62%
MOST COMMON MEANS OF DISCOVERY Global Avg. demonstrating the growing challenges faced by companies
or somewhat vulnerable to this threat. Alteration or change of data 62% 56%
around information security. Executives in Italy are also
While internal whistleblowers were still the most common By a whistleblower at our company 46% 47%
Data deletion 62% 58% feeling particularly vulnerable to bribery and corruption,
way in which fraud incidents were identified (46%), Data breach (e.g., resulting in loss of customer or employee despite significant government efforts and new anti-
it represents a fall from last year’s figure (53%) and is data, IP/trade secrets/R&D) 61% 55%
corruption legislation. Improving whistleblower protection to
marginally below this year’s global average of 47%. MOST COMMON TARGET Global Avg.
encourage employees to report suspected wrongdoing early
Customer records 39% 48% could be a step in the right direction, helping companies
stay on the front foot when dealing with these increasingly
Company/employee identity 36% 35%
complex issues.”
MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg. - Marianna Vintiadis
Managing Director, Head of Southern Europe,
Investigations and Disputes, Kroll
ISP/Telecom provider 17% 7%
India
Russia PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
80 77
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
89
BY FRAUD IN THE PAST 12 MONTHS.
Internal financial fraud (manipulation of company results) 34% 23% management employees, and junior employees.
7% points above 2016 Respondents in Russia were more likely than those in any
5% points above global average Management conflict of interest 26% 26% other country to report stolen equipment with sensitive data, Executives in Russia were most likely to feel highly or
with only the UK coming close with 32%. The global average somewhat vulnerable to environmental risks, which was cited
Information theft, loss, or attack (e.g., data theft) 23% 29%
was 21%. by 63% of respondents, 7 percentage points higher than the
FRAUD Theft of physical assets or stock 23% 27% global average of 56%. Workplace violence (54%) was also a
Customer records were more likely to be targeted by
89% of respondents in Russia reported that their key area of concern.
cyber criminals in Russia than in other countries. Well over
organization had uncovered a fraud incident in the past MOST COMMON PERPETRATORS Global Avg.
half (57%) of respondents reporting cyber incidents said MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
12 months, an increase of 7 percentage points on the Vendors/suppliers
(i.e., a provider of technology or services to your company) 39% 30% customer records had been the target of attacks, higher than Environmental risk (including damage caused by natural
previous year (82%) and 5 percentage points higher than the disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 37% 28%
the global average of 48%.
global average of 84%. Senior or middle management 32% 27%
There were also strong feelings of vulnerability around cyber Physical theft or loss of intellectual property 31% 41%
The top three types of fraud experienced by respondents in Ex-employees 29% 34%
incidents in Russia. Respondents in the region felt highly or Workplace violence 26% 23%
Russia were internal financial fraud (cited by 34% of survey Agents and/or intermediaries
(i.e., a third party working on behalf of your company) 26% 24% somewhat vulnerable to email-based phishing attacks (71%),
participants), management conflict of interest (26%), and
virus/worm attacks (69%), and data breaches (60%). MOST COMMON PERPETRATORS Global Avg.
theft of physical assets or information theft, loss, or attack Customers 26% 22%
MOST COMMON TYPES OF CYBER INCIDENT Global Avg. Ex-employees 41% 37%
(both 23%).
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Vendors/suppliers were the most common perpetrators of OR SOMEWHAT VULNERABLE TO THE FOLLOWING Stolen equipment with sensitive data 34% 21%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
FRAUD RISKS Global Avg.
fraud, named by 39% of respondents in Russia who had Email-based phishing attack 34% 33%
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
SECURITY RISKS Global Avg.
experienced a fraud incident. This figure was notably higher Market collusion (e.g., price fixing) 60% 50%
MOST COMMON PERPETRATORS Global Avg. Environmental risk (including damage caused by natural
(9 percentage points) than the global average of 30%. Next disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 63% 56%
Theft of physical assets 51% 55%
most cited perpetrators were senior and middle management Random cyber criminal 39% 34%
Workplace violence 54% 50%
(32%) and ex-employees (29%). Junior employees seemed Modern slavery/human trafficking 51% 40%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
to be less involved in fraud incidents than in other regions, OR SOMEWHAT VULNERABLE TO THE FOLLOWING
MOST COMMON ANTI-FRAUD MEASURES Global Avg. CYBER RISKS Global Avg.
with only 16% of respondents in Russia naming them as key
perpetrators of fraud, compared with a global average of 39%. Information (IT security, technical countermeasures) 94% 78% Email-based phishing attack 71% 57%
Executives in Russia were most likely to feel highly or Assets (physical security systems, stock inventories, tagging,
asset register) 87% 77% Virus/worm attack 69% 62%
somewhat vulnerable to market collusion, which at 60% was Data breach (e.g., resulting in loss of customer or employee
10 percentage points higher than the global average for this Staff (training, whistleblower hotline) 87% 74% data, IP/trade secrets/R&D) 60% 55%
threat. Respondents were also more likely than the global Partners, clients, and vendors (due diligence) 87% 73% MOST COMMON TARGET Global Avg.
average to feel highly or somewhat vulnerable to modern
Customer records 57% 48%
slavery/human trafficking (51% versus the average of 40%). MOST COMMON MEANS OF DISCOVERY Global Avg.
Regulator 21% 6%
54 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: REGIONAL OVERVIEW 55
India
Sub-Saharan Africa
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
85 72
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
77
BY FRAUD IN THE PAST 12 MONTHS.
Management conflict of interest 34% 26% with a global average of 22%. This was reflected in feelings
12% points below 2016 The most common perpetrators of security incidents were
of vulnerability, with 59% of executives feeling highly or
7% points below global average Theft of physical assets or stock 28% 27% ex-employees, named in 39% of security incidents in the
somewhat vulnerable to this type of cyber incident. Data region, compared with a global average of 37%.
Money laundering 26% 16% breaches (59%) and email-based phishing attacks (58%)
FRAUD were also key concerns, As well as being the most reported security incident, physical
Regulatory or compliance breach 25% 20%
theft or loss of IP was also top of the list relating to feelings
Sub-Saharan Africa is typically a region reporting a high A third (33%) of cyber incidents reported in Sub-Saharan
Vendor, supplier, or procurement fraud 23% 20% of high or moderate vulnerability in the region (68%). About
incidence of fraud. However, this year’s figure of 77% is Africa were perpetrated by random cyber criminals. half (51%) of respondents also feel highly or somewhat
a drop of 12 percentage points from the last survey and MOST COMMON PERPETRATORS Global Avg. Customer records were targeted in half of all cyber incidents vulnerable to geographic and political risk.
7 percentage points below the global average of 84%.
Junior employees 44% 39% reported (51%). Employee records were the main target in
MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
Nevertheless, the region still has the highest prevalence 44% of incidents.
Ex-employees 34% 34%
of management conflict of interest (cited by 34% of Physical theft or loss of intellectual property 45% 41%
Joint venture partners (i.e., a partner who provides MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
respondents), money laundering (26%), and regulatory or manufacturing or other business function, or a franchisee) 34% 23%
Environmental risk (including damage caused by natural
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 34% 28%
compliance breach (25%), of all regions surveyed. Virus/worm attack 47% 36%
Customers 34% 22%
Third parties are a commonly cited risk factor, with joint Alteration or change of data 30% 22% MOST COMMON PERPETRATORS Global Avg.
venture partners and customers equally held responsible RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Ex-employees 39% 37%
for incidents (34% each). Ex-employees were also named OR SOMEWHAT VULNERABLE TO THE FOLLOWING MOST COMMON PERPETRATORS Global Avg.
FRAUD RISKS Global Avg.
as key perpetrators by 34% of respondents. However, the Random cyber criminal 33% 34% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
most common perpetrators of fraud in the region were junior Information theft, loss, or attack (e.g., data theft) 53% 57% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
SECURITY RISKS Global Avg.
employees (44%). Theft of physical assets or stock 49% 55%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Physical theft or loss of intellectual property 68% 63%
Feelings of vulnerability were roughly in line with the global Management conflict of interest 47% 52%
CYBER RISKS Global Avg.
Geographic and political risk (i.e., operating in areas of
averages, with 53% of respondents feeling highly or conflict) 51% 53%
Alteration or change of data 59% 56%
Vendor, supplier, or procurement fraud 47% 51%
somewhat vulnerable to information theft, loss, or attack,
Data breach (e.g., resulting in loss of customer or employee
compared with a global average of 57%. Strong feelings Misappropriation of company funds 47% 48% data, IP/trade secrets/R&D) 59% 55%
of vulnerability were also noted around theft of physical
Email-based phishing attack 58% 57%
assets (49%), followed closely by management conflict MOST COMMON ANTI-FRAUD MEASURES Global Avg.
of interest, vendor, supplier, and procurement fraud, and IP (intellectual property risk assessment and trademark monitoring MOST COMMON TARGET Global Avg.
program) 85% 73%
misappropriation of company funds, each of which was cited
Financial (financial controls, fraud detection, internal audit, Customer records 51% 48%
by 47% of respondents. external audit, anti-money laundering policies) 80% 77%
Employee records 44% 41%
A higher proportion of respondents in this region than in any Partners, clients, and vendors (due diligence) 80% 73%
other believed their companies were “not at all vulnerable”
MOST COMMON PARTY TO CONTACT
to a wide range of frauds, including modern slavery (49%), MOST COMMON MEANS OF DISCOVERY Global Avg. WHEN A CYBER INCIDENT OCCURRED Global Avg.
internal financial fraud (38%), misappropriation of company
By a whistleblower at our company 56% 47% IT service vendor 40% 35%
funds (32%), market collusion (32%), corruption or bribery
(28%), and vendor, supplier, or procurement fraud (23%). Through an internal audit 51% 44%
56 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: REGIONAL OVERVIEW 57
India
United Kingdom
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
94 71
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
97
BY FRAUD IN THE PAST 12 MONTHS.
Money laundering 35% 16% with 71% citing concerns over terrorism, and 70% worried
7% points above 2016 Respondents in the UK were most likely to feel highly or
about physical theft or loss of IP.
13% points above global average Theft of physical assets or stock 35% 27% somewhat vulnerable to stolen equipment with sensitive data,
which at 68% is significantly out of proportion to the actual Ex-employees top the list of perpetrators of security
Information theft, loss, or attack (e.g., data theft) 32% 29%
reported experience of this risk (32%). Wire transfer fraud incidents, cited by 38% of UK respondents. This is a sharp
FRAUD was also a great concern, which at 68% was 18 percentage increase of 10 percentage points on last year, and in line with
MOST COMMON PERPETRATORS Global Avg.
Respondents in the UK reported the highest incidence of points higher than the global average. the global average (37%).
Ex-employees 45% 34%
fraud of all countries in this year’s survey at 97%, surpassing
More than two-thirds (69%) of UK respondents said employee
last year’s figure of 90% by 7 percentage points and this Freelance/temporary employees 36% 26%
records were targeted in cyber incidents, a remarkable 28 MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
year’s global average (84%) by 13 percentage points. Junior employees 33% 39% percentage points above the global average of 41%.
Physical theft or loss of intellectual property 44% 41%
Money laundering was cited by a much higher percentage of
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY MOST COMMON TYPES OF CYBER INCIDENT Global Avg. Geographic and political risk (i.e., operating in areas of
UK respondents than any other country. Over a third (35%) OR SOMEWHAT VULNERABLE TO THE FOLLOWING conflict) 32% 20%
said they had suffered a fraud incident involving money FRAUD RISKS Global Avg. Virus/worm attack 41% 36%
MOST COMMON PERPETRATORS Global Avg.
laundering, more than twice the global average of 16%. IP theft (e.g., of trade secrets), piracy, or counterfeiting 68% 56% Email-based phishing attack 38% 33%
Ex-employees 38% 37%
The same proportion of UK respondents (35%) said they Data breach (e.g., resulting in loss of customer or employee
Management conflict of interest 68% 52% data, IP/trade secrets/R&D) 35% 27%
had suffered from theft of physical assets or stock, which RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
was 8 percentage points higher than the global average Regulatory or compliance breach 68% 49% Stolen equipment with sensitive data 32% 21% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
SECURITY RISKS Global Avg.
(27%). The next most common fraud incident reported by Market collusion (e.g., price fixing) 68% 50%
MOST COMMON PERPETRATORS Global Avg. Terrorism, including domestic and international
UK respondents was information theft, loss, or attack (32%),
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
events 71% 49%
also above the global average (29%). Freelance/temporary employees 31% 18%
Physical theft or loss of intellectual property 70% 63%
Staff (background screening) 88% 73%
Ex-employees were the most likely perpetrators of fraud RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY Geographic and political risk (i.e., operating in areas of
incidents according to UK respondents. Almost half (45%) Staff (training, whistleblower hotline) 81% 74% OR SOMEWHAT VULNERABLE TO THE FOLLOWING conflict) 67% 53%
CYBER RISKS Global Avg.
said that ex-employees were to blame compared to freelance/ Assets (physical security systems, stock inventories, tagging,
asset register) 81% 77%
temporary employees (36%) and junior employees (33%). Stolen equipment with sensitive data 68% 55%
Respondents in the UK were most likely to feel highly or Partners, clients, and vendors (due diligence) 79% 73%
Wire transfer fraud (email account takeover/impersonation) 68% 50%
somewhat vulnerable to IP theft, piracy, or counterfeiting; Information (IT security, technical countermeasures) 78% 78%
Virus/worm attack 65% 62%
management conflict of interest; regulatory or compliance
MOST COMMON MEANS OF DISCOVERY Global Avg.
breach; and market collusion. Each of these threats was Lost equipment with sensitive data 62% 53%
hotline (81%) were at the top of the list, both higher than the
MOST COMMON PARTY TO CONTACT
global averages (73% and 74%, respectively). WHEN A CYBER INCIDENT OCCURRED Global Avg.
Fraud was most likely to be discovered through an internal IT service vendor 31% 35%
audit, cited by 48% of respondents in the UK, 4 percentage
Incident response firm (investigations, breach notification) 16% 11%
points higher than the global average (44%).
58 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: REGIONAL OVERVIEW 59
India
China
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
88 75
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
86
BY FRAUD IN THE PAST 12 MONTHS.
Vendor, supplier, or procurement fraud 29% 20% environmental risk at the top of their concerns (60%).
same as 2016 Competitors were cited as the key perpetrators of cyber
2% points above global average Corruption and bribery 29% 21% incidents at 32%, notably higher than the global average One in three respondents (33%) who experienced a security
of 23%. incident named former employees as the key perpetrators.
Information theft, loss, or attack (e.g., data theft) 28% 29%
Respondents in China also reported feeling highly or
FRAUD Management conflict of interest 28% 26%
somewhat vulnerable to email-based phishing attacks (55%), MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
86% of respondents in China experienced fraud in the data breaches (53%), and wire transfer fraud (52%).
MOST COMMON PERPETRATORS Global Avg. Physical theft or loss of intellectual property 48% 41%
previous 12 months, 2 percentage points above the
Trade secrets, R&D, or IP is the main target of cyber attacks, Environmental risk (including damage caused by natural
global average of 84%. The most common types of fraud Junior employees 50% 39%
31% 28%
with 61% of cyber-related victims in China claiming these disasters such as hurricanes, tornadoes, floods, earthquakes, etc.)
experienced were vendor, supplier, or procurement fraud and Vendors/suppliers 39% 30% assets were targeted, well above the global average of 40% MOST COMMON PERPETRATORS
corruption and bribery, both at 29%, significantly higher than Global Avg.
Senior or middle management 25% 27% and the highest of all countries surveyed globally. Customer
the global averages of 20% and 21%, respectively. The next Ex-employees 33% 37%
Agents and/or intermediaries (i.e., a third party working on records were the second most common target, named by
highest types of fraud experienced by respondents in China 23% 24%
behalf of your company) 42% of victims of cyber incidents.
were management conflict of interest and information theft, RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Ex-employees 21% 34% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
loss, or attack, both at 28%. MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
SECURITY RISKS Global Avg.
Data breach (e.g., resulting in loss of customer or employee
Vendors/suppliers (39%) and senior or middle management RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
data, IP/trade secrets/R&D) 38% 27% Environmental risk (including damage caused by natural
OR SOMEWHAT VULNERABLE TO THE FOLLOWING disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 60% 56%
(25%) were among the most common perpetrators of fraud FRAUD RISKS Global Avg.
Virus/worm attack 31% 36%
as reported by survey respondents. Ex-employees were also
reported to have been heavily involved in fraud incidents, as IP theft (e.g., of trade secrets), piracy, or counterfeiting 48% 56% Alteration or change of data 25% 22%
identified by 21% of executives in the region. Market collusion (e.g., price fixing) 47% 50% Lost equipment with sensitive data 25% 19%
Respondents in China were most likely to feel highly or Management conflict of interest 46% 52%
MOST COMMON PERPETRATORS Global Avg.
somewhat vulnerable to IP theft, piracy, or counterfeiting
Corruption and bribery 46% 50%
(48%), market collusion (47%), and management conflict of Competitors 32% 23%
interest and corruption and bribery (both at 46%). MOST COMMON ANTI-FRAUD MEASURES Global Avg.
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
When asked about fraud prevention measures, respondents Financial (financial controls, fraud detection, internal audit, OR SOMEWHAT VULNERABLE TO THE FOLLOWING
external audit, anti-money laundering) 82% 77% CYBER RISKS
in China cited financial controls (82%), internal whistleblower Global Avg.
hotline (81%), and asset protection (80%) as the top three Staff (training, whistleblowing hotline) 81% 74% Email-based phishing attack 55% 57%
measures already implemented at their companies. All three Assets (physical security systems, stock inventories, tagging,
Data breach (e.g., resulting in loss of customer or employee
asset register) 80% 77%
measures were above the global averages of 77%, 74%, data, IP/trade secrets/R&D) 53% 55%
and 77%, respectively. Information (IT security, technical countermeasures) 79% 78%
Wire transfer fraud (email account takeover/impersonation) 52% 50%
MOST COMMON MEANS OF DISCOVERY Global Avg. MOST COMMON TARGET Global Avg.
India
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
84 74
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
89
BY FRAUD IN THE PAST 12 MONTHS.
Theft of physical assets or stock 40% 27% deletion (78%), alteration or change of data (77%), and virus/ global averages: 80% are highly or somewhat concerned
21% points above 2016
worm attacks (72%). about physical theft or loss of IP (17 percentage points
5% points above global average IP theft (e.g., of trade secrets), piracy, or counterfeiting 36% 20%
higher than the global average of 63%), while 78% worry
The most common targets for cyber attacks in India were
Market collusion (e.g., price fixing) 36% 19% about workplace violence (28 percentage points higher than
employee records (55%), trade secrets/IP (55%), and
FRAUD customer records (55%). Trade secrets/IP and customer the global average of 50%). Respondents from India were
MOST COMMON PERPETRATORS Global Avg.
India has seen a significant increase in fraud since last year’s also significantly more apt to be concerned with terrorism
records were targeted significantly more often than last year.
Joint venture partners (i.e., a partner who provides threats, 74% versus a global average of 49%.
report, with 89% of respondents in Indian organizations manufacturing or other business function or a franchisee) 45% 23%
Random cyber criminals were most often cited by
saying they had experienced a fraud incident in the previous Employees are a big risk for organizations in India, with more
Junior employees 43% 39% respondents (45%) as the perpetrators of cyber incidents.
12 months, compared with just 68% in 2016 and the global than half of respondents (52%) naming senior or middle
average this year of 84%. Respondents in India this year report employee safety, management as key perpetrators of security incidents, while
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
OR SOMEWHAT VULNERABLE TO THE FOLLOWING privacy, and morale as being negatively affected (84%) ex-employees were named as perpetrators by two-fifths
Respondents in India report one of the world’s highest FRAUD RISKS Global Avg. by cyber incidents, along with customer privacy, safety, (42%) of respondents.
incidences of theft of physical assets or stock, with two-fifths
Information theft, loss, or attack (e.g., data theft) 87% 57%
satisfaction, and company reputation (84%).
(40%) saying they had experienced this type of fraud, second A vast majority (91%) noted that a security incident had
only to those in Canada (41%). Theft of intellectual property Internal financial fraud (manipulation of company results) 85% 52% MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
negatively affected employee privacy, safety, and morale;
(36%) and market collusion (36%) are also high on the list of Email-based phishing attack 44% 33% customer privacy, safety, and satisfaction were also affected
IP theft (e.g., of trade secrets), piracy, or counterfeiting 80% 56%
incidents of fraud in India according to respondents. said 75% of respondents.
Theft of physical assets or stock 78% 55% Virus/worm attack 36% 36%
Executives in India say that perpetrators of fraud are most Over half (53%) of respondents in India report they have
likely to be joint venture partners (45%), junior employees Money laundering 76% 43% MOST COMMON PERPETRATORS Global Avg. been dissuaded from operating in other regions and
(43%), and vendors or suppliers (40%). Market collusion (e.g., price fixing) 73% 50% countries because of concerns with security risks. The main
Random cyber criminals 45% 34%
Reflecting their actual experience, respondents in India are countries identified were other South Asian countries – i.e.,
Regulatory or compliance breach 71% 49%
feeling highly or somewhat vulnerable to a number of risks;
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY Pakistan, Bangladesh, and Sri Lanka (22%) – with Japan
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
in fact, India figures among the top three countries globally
Vendor, supplier, or procurement fraud 71% 51% close behind (20%).
CYBER RISKS Global Avg.
for every category measuring fraud vulnerability in this survey MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
MOST COMMON ANTI-FRAUD MEASURES Global Avg. Email-based phishing attack 80% 57%
except for vendor, supplier, or procurement fraud. Nearly
Financial (financial controls, fraud detection, internal audit, Physical theft or loss of intellectual property 47% 41%
nine in 10 respondents (87%) cited information theft, loss, or external audit, anti-money laundering) 83% 77% Data deletion 78% 58%
attack as their greatest concern, 30 percentage points higher Assets (physical security systems, stock inventories, tagging, Workplace violence 33% 23%
asset register) 83% 77% Alteration or change of data 77% 56%
than the global average of 57%. Internal financial fraud
MOST COMMON PERPETRATORS Global Avg.
(85%) and IP theft, piracy, and counterfeiting (80%) were Risk (risk officer and risk management system) 81% 75% Virus/worm attack 72% 62%
also significantly higher than the global averages of 52% and Reputation (media monitoring, compliance controls, legal
Denial of service attack 71% 52%
Senior or middle management employees 52% 25%
review) 80% 72%
56%, respectively.
IP (intellectual property risk assessment and trademark monitoring RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
MOST COMMON TARGET Global Avg.
A higher proportion of respondents in India than in any other program) 80% 73% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
SECURITY RISKS Global Avg.
country cited joint venture partners (45%) as the main reason Customer records 55% 48%
MOST COMMON MEANS OF DISCOVERY Global Avg.
for increased exposure to fraud. Physical theft or loss of intellectual property 80% 63%
Employee records 55% 41%
Indian organizations are becoming more aware of the risks By management at our company 55% 35% Workplace violence 78% 50%
Trade secrets/R&D/IP 55% 40%
and, according to respondents, are implementing preventive By a whistleblower at our company 55% 47% Terrorism, including domestic and international
events 74% 49%
measures such as financial controls (83%) and physical
security systems (83%).
62 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: REGIONAL OVERVIEW 63
India
Brazil
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
89 63
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
84
BY FRAUD IN THE PAST 12 MONTHS.
Regulatory or compliance breach 29% 20% Reflecting their actual experience, respondents in Brazil are
16% points above 2016 The targets of cyber incidents in Brazil were customer
most likely to feel highly or somewhat vulnerable to physical
same as global average Internal financial fraud (manipulation of company results) 29% 23% records (47%) as well as trade secrets and research and
theft or loss of IP (69%).
development of IP (44%).
Information theft, loss, or attack (e.g., data theft) 26% 29%
Again, ex-employees were the key perpetrators of security
FRAUD Ex-employees were cited as the key perpetrators of cyber
Management conflict of interest 24% 26% incidents, reported by two-fifths of respondents (42%),
incidents over the last year in Brazil (32%) followed by
Brazil has seen a significant increase in fraud over the last closely followed by freelance or temporary employees (38%).
Misappropriation of company funds 21% 20% competitors (21%). The impact of cyber crime goes beyond the
year, with 84% of respondents reporting an incidence of Over half of respondents in Brazil reported they have been
bottom line. Respondents in Brazil reported customer privacy,
fraud over the last 12 months compared with just 68% in MOST COMMON PERPETRATORS Global Avg. dissuaded from operating in other countries as a result of the
safety, and satisfaction (80%) as being negatively affected,
2016. The most widespread types of fraud experienced threat posed by security risks.
Ex-employees 53% 34% along with employee safety, privacy, and morale (76%).
by respondents in Brazil were a regulatory or compliance
In response to the threat posed by potential security
breach (29%) and internal financial fraud (29%). In 2016, Senior or middle management employees 41% 27% MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
incidents, the majority of respondents have developed
the most prevalent type of fraud in Brazil was theft of Freelance/temporary employees 28% 26% Virus/worm attack 45% 36% security policies and procedures (92%), implemented
physical assets or stock. Vendors/suppliers (i.e., a provider of technology or services
Email-based phishing attack 37% 33%
security training (88%), put a business continuity plan in
to your company) 25% 30%
Ex-employees are a serious fraud risk for organizations place (88%), and performed security audits (88%).
Agents and/or intermediaries (i.e., a third party working
in Brazil, according to executives surveyed for the report. on behalf of your company) 19% 24% MOST COMMON PERPETRATORS Global Avg.
In fact, more than half of respondents in the country (53%) MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
Ex-employees 32% 28%
named ex-employees as the key perpetrators of fraud, the
Physical theft or loss of intellectual property 42% 41%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
second highest response across all regions. The other main OR SOMEWHAT VULNERABLE TO THE FOLLOWING OR SOMEWHAT VULNERABLE TO THE FOLLOWING Workplace violence 16% 23%
group of perpetrators named by respondents was senior or FRAUD RISKS Global Avg. CYBER RISKS Global Avg.
middle management (41%). Geographic and political risk (i.e., operating in areas of
Management conflict of interest 63% 52% conflict) 13% 20%
Virus/worm attack 63% 62%
The impact of fraud on organizations in Brazil has been Environmental risk (including damage caused by natural
Internal financial fraud (manipulation of company results) 58% 52% Email-based phishing attack 61% 57% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 13% 28%
predominantly on people – whether that was the privacy,
safety, and morale of employees (81%) or the safety, Vendor, supplier, or procurement fraud 58% 51% Alteration or change of data 55% 56% MOST COMMON PERPETRATORS Global Avg.
satisfaction, and privacy of customers (81%). Increased Data breach (e.g., resulting in loss of customer or employee
MOST COMMON ANTI-FRAUD MEASURES Global Avg. data, IP/trade secrets/R&D) 55% 55% Ex-employees 42% 37%
outsourcing and offshoring was listed as the main factor for
Financial (financial controls, fraud detection, internal audit,
increasing exposure to fraud for half of organizations in Brazil external audit, anti-money laundering) 84% 77% Ransomware attack 55% 55% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
(50%) – more so than any other country. OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Assets (physical security systems, stock inventories, tagging, Denial of service attack 55% 52% SECURITY RISKS Global Avg.
asset register) 82% 77%
Respondents in Brazil feel highly or somewhat vulnerable to
MOST COMMON TARGET Global Avg. Physical theft or loss of intellectual property 69% 63%
management conflict of interest (63%), followed by internal Information (IT security, technical countermeasures) 76% 78%
Environmental risk (including damage caused by natural
financial fraud (58%) and vendor, supplier, or procurement Staff (background screening) 76% 73% Customer records 47% 48% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 60% 56%
fraud (58%). Geographic and political risk (i.e., operating in areas of
Risk (risk officer and risk management system) 76% 75% Trade secrets/R&D/IP 44% 40%
conflict) 53% 53%
According to respondents, organizations in Brazil are
MOST COMMON PARTY TO CONTACT
becoming more aware of the risks and are implementing fraud MOST COMMON MEANS OF DISCOVERY Global Avg.
WHEN A CYBER INCIDENT OCCURRED Global Avg.
prevention measures including financial controls (84%) and
Through an internal audit 66% 44%
asset controls such as physical security systems (82%). IT service vendor 47% 35%
64 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: REGIONAL OVERVIEW 65
India
Colombia
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
72 55
CYBER INCIDENTS IN THE PAST 12 MONTHS.* SECURITY INCIDENTS IN THE PAST 12 MONTHS.*
61
BY FRAUD IN THE PAST 12 MONTHS.*
Information theft, loss, or attack (e.g., data theft) 33% 29% of cyber incidents. Although more respondents reported likely to identify random perpetrators and ex-employees as
experiencing a virus/worm attack, they felt more highly or the perpetrators of security incidents (40% each). 80% of
Misappropriation of company funds 22% 20%
somewhat vulnerable to risks such as alteration or change respondents said these incidents have affected company
Management conflict of interest 17% 26% of data (56%), stolen equipment with sensitive data (56%), revenue and business continuity.
FRAUD and data deletion or lost equipment with sensitive data (each Respondents in Colombia were less likely than average
MOST COMMON PERPETRATORS Global Avg.
Slightly more than six out of 10 respondents in Colombia cited by 50% of respondents). to say that their company had conducted a threat and
Ex-employees 55% 34%
reported experiencing an incident of fraud in 2017 Globally, respondents reported that the most common vulnerability assessment (50% compared with global average
(61%). The most common type of fraud experienced by Junior employees 36% 39% reaction to a cyber incident is to contact their IT service of 72%), and also more likely than average to report that
respondents was information theft (33%); this level was vendor (35%). In Colombia, however, only 15% selected this they had no plans to conduct any such assessment (20%
Freelance/temporary employees 36% 26%
close behind what respondents in Mexico reported (38%). option; contacting an incident response firm was selected as compared with global average of 9%). One-fifth reported that
Misappropriation of company funds was the second most Customers 27% 22% the most popular option by respondents (23%). they have not implemented, and had no plans to implement,
cited incident, reported by 22% of respondents. a security audit, a security master plan, a plan for securing
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
In contrast to other respondents globally, respondents OR SOMEWHAT VULNERABLE TO THE FOLLOWING intellectual property, an executive protection plan, threat
FRAUD RISKS Global Avg. Virus/worm attack 44% 36% management plans and procedures, an information security
in Colombia most commonly identified ex-employees as
the perpetrators of fraud (55%) compared with the global IP theft (e.g., of trade secrets), piracy, or counterfeiting 67% 56% Data deletion 33% 25% plan, or a business continuity plan.
average of just 34%. Regulatory or compliance breach 55% 49%
MOST COMMON PERPETRATORS Global Avg.
MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
Respondents in Colombia were most likely to feel highly or
Theft of physical assets or stock 50% 55%
somewhat vulnerable to IP theft, piracy, and counterfeiting, Ex-employees 31% 28%
Physical theft or loss of intellectual property 39% 41%
which at 67% was the highest level reported for Latin Corruption and bribery 50% 50%
Random cyber criminal 31% 34%
America. Similarly, respondents in Colombia had greater MOST COMMON PERPETRATORS Global Avg.
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
concerns over regulatory and compliance breaches (55%), RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
OR SOMEWHAT VULNERABLE TO THE FOLLOWING Ex-employees 40% 37%
than did those in Brazil (42%) or Mexico (33%). Risk (risk officer and risk management system) 91% 75% CYBER RISKS Global Avg.
Random perpetrator 40% 30%
In nearly two-thirds (64%) of cases as experienced by Board of Director engagement 81% 68%
Alteration or change of data 56% 56%
respondents, instances of fraud were discovered through a Management (management controls, incentives, external RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
supervision such as audit committee) 81% 74% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
whistleblower in the organization. Respondents also reported Stolen equipment with sensitive data 56% 55%
SECURITY RISKS Global Avg.
an internal audit as the most common method of fraud MOST COMMON MEANS OF DISCOVERY Global Avg. Data deletion 50% 58%
detection (50%). Physical theft or loss of intellectual property 56% 63%
By a whistleblower at our company 64% 47% Lost equipment with sensitive data 50% 53%
Respondents in Colombia were more likely than those in Workplace violence 50% 50%
other countries to say that employee privacy, safety, and MOST COMMON TARGET Global Avg. Terrorism, including domestic and international
events 50% 49%
morale were strongly affected by fraud (55% compared with
Customer records 46% 48%
34% globally). Over half of respondents in Colombia named
high staff turnover as a reason behind their company’s Trade secrets/R&D/IP 38% 40%
vulnerability to fraud (56%), making it the most common Physical assets/money 38% 34%
contributory factor. Globally, 34% of respondents named
high staff turnover as causing vulnerability to fraud. MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg.
India
Mexico
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
92 60
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
85
BY FRAUD IN THE PAST 12 MONTHS.
Information theft, loss, or attack (e.g., data theft) 38% 29% by concerns over data deletion (50%), which might reflect global figure.
3% points above 2016
respondents’ growing experience or awareness of this fraud.
1% point above global average Corruption and bribery 31% 21% Respondents in Mexico are most likely to feel highly or
Well over half (55%) of respondents said that customer somewhat vulnerable to physical theft or loss of IP (58%)
Theft of physical assets or stock 29% 27%
records were targeted in cyber incidents experienced by followed by workplace violence (40%).
FRAUD Management conflict of interest 27% 26% their organizations. The next most likely target was employee Ex-employees were reported as the most likely cause for
The number of respondents in Mexico whose organizations records, followed by physical assets or money.
Misappropriation of company funds 23% 20% security incidents. More than four in 10 (41%) cited them as
experienced a fraud incident rose slightly from 82% in 2016
Last year, respondents in Mexico said they were most likely the perpetrators, compared to a global average of 37% and
to 85% in this year’s report. MOST COMMON PERPETRATORS Global Avg. to reach out to federal law enforcement to report a cyber last year’s figure of 31%.
In common with respondents from the United States and Junior employees 49% 39% incident. This year, a third of respondents said that they
Canada, those in Mexico reported higher than average levels turned first to their IT service vendor.
Ex-employees 37% 34%
of information theft, loss, or attack (38%) than the global
Vendors/suppliers (i.e., a provider of technology or services MOST COMMON TYPES OF CYBER INCIDENT Global Avg. MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
average (29%). One-third of respondents also cited incidents to your company) 34% 30%
of corruption and bribery. Vendor, supplier, or procurement Data deletion 35% 25% Physical theft or loss of intellectual property 38% 41%
Freelance/temporary employees 24% 26%
fraud, notably reported by 52% of respondents in Mexico in Geographic and political risk
Agents and/or intermediaries (i.e., a third party working Virus/worm attack 33% 36% (i.e., operating in areas of conflict) 25% 20%
2016, was only cited by 17% in this year’s survey. on behalf of your company) 24% 24%
Email-based phishing attack 29% 33% Workplace violence 23% 23%
Respondents in Mexico were more likely than the global RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
average to feel highly or somewhat vulnerable to theft of OR SOMEWHAT VULNERABLE TO THE FOLLOWING Stolen equipment with sensitive data 27% 21% Environmental risk (including damage caused by natural
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 15% 28%
FRAUD RISKS Global Avg.
physical assets or stock (58% versus 55% global average).
MOST COMMON PERPETRATORS Global Avg.
More than half of respondents also have concerns over Theft of physical assets or stock 58% 55% MOST COMMON PERPETRATORS Global Avg.
corruption and bribery (54%) and IP theft, piracy, and Random cyber criminal 45% 34%
Corruption and bribery 54% 50% Ex-employees 41% 37%
counterfeiting (51%).
IP theft (e.g., of trade secrets), piracy, or counterfeiting 51% 56% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Respondents said that their organizations had addressed the RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
rising tide of fraud by implementing IT security and technical MOST COMMON ANTI-FRAUD MEASURES Global Avg. CYBER RISKS Global Avg.
SECURITY RISKS Global Avg.
countermeasures; staff training and whistleblower hotline; Virus/worm attack 53% 62%
Staff (training, whistleblower hotline) 86% 74% Physical theft or loss of intellectual property 58% 63%
and management controls and incentives.
Information (IT security, technical countermeasures) 83% 78% Data deletion 50% 58%
Half (49%) of survey respondents whose organizations Workplace violence 40% 50%
Management (management controls, incentives, external
had experienced a fraud incident in Mexico cited junior supervision such as audit committee) 80% 74%
MOST COMMON TARGET Global Avg.
employees as perpetrators, followed by ex-employees and Financial (financial controls, fraud detection, internal audit, Customer records 55% 48%
vendors and suppliers. external audit, anti-money laundering) 78% 77%
Assets (physical security systems, stock inventories, tagging, Employee records 45% 41%
asset register) 73% 77%
MOST COMMON PARTY TO CONTACT
MOST COMMON MEANS OF DISCOVERY Global Avg.
WHEN A CYBER INCIDENT OCCURRED Global Avg.
CONSTRUCTION, CONSUMER FINANCIAL HEALTHCARE, MANUFACTURING NATURAL PROFESSIONAL RETAIL, WHOLESALE, TECHNOLOGY, TRANSPORTATION,
ENGINEERING, AND GOODS SERVICES PHARMACEUTICALS, RESOURCES SERVICES AND DISTRIBUTION MEDIA, AND LEISURE, AND
INFRASTRUSCTURE AND BIOTECHNOLOGY TELECOMS TOURISM
70 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: INDUSTRY OVERVIEW 71
Construction,
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
93 67
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
83
FRAUD IN THE PAST 12 MONTHS.
Information theft, loss or attack (e.g., data theft) 33% 29% wire transfer fraud (31%), and data breaches (31%). Customer
13% points above 2016 Nearly six in 10 respondents (57%) in the sector believe their
records were targeted in 52% of these instances.
1% point below global average Regulatory or compliance breach 30% 20% company is highly or somewhat vulnerable to physical theft
Respondents most commonly reported that random cyber or loss of intellectual property, followed by geopolitical and
Vendor, supplier, or procurement fraud 30% 20%
criminals are to blame (38%) for incidents. This sector’s environmental risks (55% and 52%, respectively). Concerns
FRAUD Theft of physical assets or stock 28% 27% respondents say they feel highly or somewhat vulnerable to over geopolitical risks are more than double over last year,
The construction, engineering, and infrastructure sector virus/worm attacks (65%) and data breaches (55%). when the number was only 25%.
Management conflict of interest 28% 26%
posted the greatest year-over-year increase in fraud
MOST COMMON TYPES OF CYBER INCIDENT Global Avg. MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
incidents. More than four in five (83%) respondents reported Corruption or bribery 28% 21%
some type of fraud this year, 13 percentage points higher Virus/worm attack 39% 36% Physical theft or loss of intellectual property 43% 41%
MOST COMMON PERPETRATORS Global Avg.
than the 70% reported in 2016. Email-based phishing attack 37% 33%
Environmental risk (including damage caused by natural
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 30% 28%
Junior employees 47% 39%
Information theft, loss, or attack was the most reported type Data breach (e.g., resulting in loss of customer or employee Geographic and political risk
Vendors/suppliers (i.e., a provider of technology or services data, IP/trade secrets/R&D) 31% 27% (i.e., operating in areas of conflict) 28% 20%
of fraud (33%), with regulatory breaches and vendor/supplier to your company) 38% 30%
fraud close behind at 30% each. Wire transfer fraud (email account takeover/impersonation) 31% 19%
Senior or middle management employees 38% 27% MOST COMMON PERPETRATORS Global Avg.
Junior employees are most commonly identified by MOST COMMON PERPETRATORS Global Avg.
Senior management or middle management
respondents as the key perpetrators of fraud (47%). Most Freelance/temporary employees 36% 26%
employees of our own company 36% 25%
Random cyber criminal 38% 34%
instances of fraud within the sector were revealed by an Joint venture partners (i.e., a partner who provides
manufacturing or other business function, or a franchisee) 29% 23% Ex-employees 36% 37%
internal whistleblower (53%). Competitors 30% 23%
Random perpetrator 36% 30%
More than half of respondents (54%) report feeling highly or RESPONDENTS ARE MOST OR SOMEWHAT LIKELY RESPONDENTS ARE MOST OR SOMEWHAT LIKELY
TO FEEL HIGHLY VULNERABLE TO THE FOLLOWING TO FEEL HIGHLY VULNERABLE TO THE FOLLOWING
somewhat vulnerable to theft of intellectual property (e.g., FRAUD RISKS Global Avg. CYBER RISKS Global Avg. RESPONDENTS ARE MOST OR SOMEWHAT LIKELY
trade secrets), piracy, and counterfeiting, 21 percentage TO FEEL HIGHLY VULNERABLE TO THE FOLLOWING
IP theft (e.g., of trade secrets), piracy, or counterfeiting 54% 56% Virus/worm attack 65% 62% SECURITY RISKS Global Avg.
points higher than two years ago. Nearly just as many
Data breach (e.g., resulting in loss of customer or employee
respondents (52%) have concerns over management conflict Management conflict of interest 52% 52% data, IP/trade secrets/R&D) 55% 55% Physical theft or loss of intellectual property 57% 63%
of interest, 22 percentage points higher than two years ago, Geographic and political risk (i.e., operating in areas of
Regulatory or compliance breach 50% 49% Data deletion 52% 58% conflict) 55% 53%
followed by regulatory or compliance breaches (50%).
Environmental risk (including damage caused by natural
Financial controls (including fraud detection and internal Stolen equipment with sensitive data 52% 55%
MOST COMMON ANTI-FRAUD MEASURES Global Avg. disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 52% 56%
audits) were the most commonly implemented anti-fraud Financial (financial controls, fraud detection, internal audit, MOST COMMON TARGET Global Avg.
measures according to those surveyed (82%). external audit, anti-money laundering policies) 82% 77%
Customer records 52% 48%
Staff (background screening) 76% 73%
Management (management controls, incentives, external Company/employee identity 46% 35%
supervision such as audit committee) 74% 74%
Physical assets/money 46% 34%
Partners, clients, and vendors (due diligence) 73% 73%
Employee records 46% 41%
Risk (risk officer and risk management system) 73% 75%
MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg.
MOST COMMON MEANS OF DISCOVERY Global Avg.
IT service vendor 36% 35%
By a whistleblower at our company 53% 47%
Incident response firm (investigations, breach notification) 16% 11%
72 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: INDUSTRY OVERVIEW 73
Consumer Goods
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
79 67
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
75
FRAUD IN THE PAST 12 MONTHS.
Theft of physical assets or stock 23% 27% assets and money (37%). of security incidents as ex-employees (49%), and are most
7% points below 2016
likely to report feeling highly or somewhat vulnerable to
9% points below global average Information theft, loss, or attack (e.g., data theft) 21% 29% Reflecting their actual experience, respondents are most
physical theft or loss of intellectual property (57%). The
likely to feel highly or somewhat vulnerable to virus/worm
Vendor, supplier, or procurement fraud 21% 20% greatest year-over-year increase in feelings of vulnerability
attacks (59%). More than half of respondents also report
FRAUD Corruption and bribery 19% 21% feeling highly or somewhat vulnerable to data breaches relates to workplace violence, which at 52% is 15
Respondents within the consumer goods sector were less percentage points higher than last year’s figure of 37%.
(55%) and ransomware attacks (52%). Concerns over
Management conflict of interest 15% 26%
likely to say their company had experienced fraud in the ransomware attacks are 19 percentage points higher than MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
last 12 months (75%), which is 9 percentage points lower MOST COMMON PERPETRATORS Global Avg. last year, when 33% of respondents felt highly or somewhat
Physical theft or loss of intellectual property 40% 41%
than the global average (84%). This was also a decrease of vulnerable to this threat.
Junior employees 41% 39%
7 percentage points on the previous year’s survey. MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
Workplace violence 27% 23%
Partners, clients, and vendors (due diligence) 66% 73% MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg.
MOST COMMON MEANS OF DISCOVERY Global Avg. IT service vendor 34% 35%
89 66
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
91
FRAUD IN THE PAST 12 MONTHS.
Information theft, loss, or attack (e.g., data theft) 27% 29% customer records (44%), trade secrets/R&D/IP (38%), and environmental event. The most common perpetrators
2% points above 2016
physical assets and money (38%). When asked to identify according to those who took the survey were
7% points above global average Management conflict of interest 27% 26%
the perpetrators of these attacks, 38% of respondents ex-employees (49%).
Corruption and bribery 23% 21% named random cyber criminals. When respondents were asked to consider the security
FRAUD Regulatory or compliance breach 21% 20% In the context of cyber risks, nearly seven out of risks to which they feel highly or somewhat vulnerable,
More than nine in 10 (91%) respondents in the financial 10 respondents report feeling highly or somewhat vulnerable 65% identified physical theft or loss or property, 62%
Vendor, supplier, or procurement fraud 21% 20%
services sector reported incidents of fraud this year, the to data deletion (67%), which is 19 percentage points higher reported environmental risk, and nearly as many (61%)
highest percentage reported by any sector in this year’s Market collusion (e.g., price fixing) 21% 19% than last year. Nearly as many have concerns over potential pointed to geopolitical risks. Concerns over environmental
report. This is 2 percentage point higher than last year’s Money laundering 21% 16% virus/worm attacks (62%), stolen equipment with sensitive and geopolitical risks spiked 22 percentage points and
number (89%) and significantly higher than this year’s global data (61%), and denial of service attacks (61%), with DOS 17 percentage points, respectively, over last year.
average (84%). MOST COMMON PERPETRATORS Global Avg. attacks 22 percentage points higher than last year. It is
MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
Respondents in the financial services sector said that worth taking note that although almost half of respondents
Ex-employees 39% 34%
management conflict of interest (27%) and information reported experiencing an email-based phishing attack, only Physical theft or loss of intellectual property 41% 41%
market collusion and misappropriation of company funds Information (IT security, technical countermeasures) 84% 78%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
– nevertheless posted some of the highest increases at 24
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Staff (training, whistleblower hotline) 84% 74%
percentage points and 25 percentage points, respectively, as CYBER RISKS Global Avg.
compared to two years ago. Partners, clients, and vendors (due diligence) 80% 73%
Data deletion 67% 58%
When asked what anti-fraud measures have been Financial (financial controls, fraud detection, internal audit,
external audit, anti-money laundering policies) 80% 77% Virus/worm attack 62% 62%
implemented, 84% of respondents mentioned IT security
Assets (physical security systems, stock inventories, tagging,
and technical countermeasures, and the same percentage asset register) 80% 77% MOST COMMON PARTY TO CONTACT
reported staff training that includes a whistleblower hotline. WHEN A CYBER INCIDENT OCCURRED Global Avg.
These percentages are significantly higher than the global MOST COMMON MEANS OF DISCOVERY Global Avg. IT service vendor 36% 35%
averages of 78% and 74%, respectively.
Through an internal audit 53% 44% ISP/Telecom provider 12% 7%
76 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: INDUSTRY OVERVIEW 77
Healthcare,
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
77 67
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
75
FRAUD IN THE PAST 12 MONTHS.
Theft of physical assets or stock 29% 27% report and well above the global average of 19%. The most actual experience, they report feeling highly or somewhat
5% points below 2016
often named perpetrators were competitors (43%). vulnerable to physical thefts (79%) and environmental
9% points below global average IP theft (e.g. of trade secrets), piracy, or counterfeiting 29% 20%
risks (66%). The most common perpetrators named by
82% respondents in this sector reported feeling highly or
Misappropriation of company funds 29% 20% respondents in the sector were ex-employees.
somewhat vulnerable to data deletion, 23 percentage points
FRAUD Management conflict of interest 27% 26% higher than last year. Other areas that sparked high levels of MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
Three-quarters (75%) of respondents in the healthcare, vulnerability included virus/worm attacks (78%, an increase
Information theft, loss, or attack (e.g., data theft) 23% 29% Physical theft or loss of intellectual property 40% 41%
pharmaceuticals, and biotechnology sector in this year’s of 27 percentage points); stolen equipment with sensitive
survey reported experiencing an incident of fraud. This is the Internal financial fraud (manipulation of company results) 23% 23% data (73%); denial of service attacks (73%, an increase of Workplace violence 35% 23%
lowest incidence reported by any sector in this year’s report, 26 percentage points); and email-based phishing attacks Environmental risk (including damage caused by natural
MOST COMMON PERPETRATORS Global Avg. disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 35% 28%
9 percentage points lower than the global average. (73%, an increase of 20 percentage points).
Junior employees 56% 39%
Respondents experienced several types of fraud, reporting Customer records and employee records were named as MOST COMMON PERPETRATORS Global Avg.
Agents and/or intermediaries (i.e., a third party working
in equal numbers (29%) theft of physical assets; IP theft; and on behalf of your company) 41% 24%
primary target of cyber attacks (63% and 58%, respectively).
Ex-employees 54% 37%
misappropriation of company funds. Given the nature of the sector, it was unsurprising to see that
Ex-employees 38% 34%
Junior employees were most often identified as the over half (55%) of respondents reported trade secrets/R&D/ RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
perpetrators of fraud (cited by 56% of respondents); this Regulators 38% 15% IP being targeted in the cyber incidents they faced. OR SOMEWHAT VULNERABLE TO THE FOLLOWING
SECURITY RISKS Global Avg.
was the highest reported incidence of junior employee fraud Joint venture partners (i.e., a partner who provides
MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
manufacturing or other business function, or a franchisee) 36% 23%
among any sector in this report, and 17 percentage points Physical theft or loss of intellectual property 79% 63%
Senior or middle management employees 36% 27% Virus/worm attack 38% 36%
higher than the global average. Environmental risk (including damage caused by natural
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 66% 56%
Lost equipment with sensitive data 33% 19%
Respondents from this sector reported that when they do RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY Geographic and political risk (i.e., operating in areas of
conflict) 60% 53%
suffer from a fraud incident, it is more likely to be identified by OR SOMEWHAT VULNERABLE TO THE FOLLOWING Email-based phishing attack 31% 33%
FRAUD RISKS Global Avg.
management (49%). MOST COMMON TARGET Global Avg.
Feelings of vulnerability to a host of risks are running IP theft (e.g., of trade secrets), piracy, or counterfeiting 73% 56%
Customer records 62% 48%
extremely high in this sector. Almost three-quarters (73%) Corruption and bribery 71% 50%
of respondents this year say they feel highly or somewhat Employee records 57% 41%
Internal financial fraud (manipulation of company results) 70% 52%
vulnerable to IP theft, piracy, or counterfeiting, which Trade secrets/R&D/IP 55% 40%
represents a remarkable 41-percentage-point increase Information theft, loss, or attack (e.g., data theft) 70% 57%
MOST COMMON PERPETRATORS Global Avg.
from just two years ago. Nearly just as many report feeling
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
vulnerable to corruption and bribery (71%, an increase of 39 Competitors 42% 23%
percentage points), internal financial fraud (70%, an increase Staff (background screening) 85% 73% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
of 34 percentage points), and information theft (70%, an OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Information (IT security, technical countermeasures) 80% 78% CYBER RISKS Global Avg.
increase of 25 percentage points). Concerns over market
Financial (financial controls, fraud detection, internal audit,
collusion spiked the highest, more than quadrupling from just external audit, anti-money laundering policies) 79% 77% Data deletion 82% 58%
14% two years ago to a stunning 62% this year. Reputation (media monitoring, compliance controls, legal
review) 79% 72% Virus/worm attack 78% 62%
The most commonly implemented anti-fraud measure, as
Assets (physical security systems, stock inventories, tagging,
identified by respondents in the sector, is background MOST COMMON PARTY TO CONTACT
asset register) 77% 77%
WHEN A CYBER INCIDENT OCCURRED Global Avg.
screening of staff (85%), followed by IT security and technical
countermeasures (80%). MOST COMMON MEANS OF DISCOVERY Global Avg. IT service vendor 45% 35%
By management at our company 49% 35% Incident response firm (investigations, breach notification) 15% 11%
78 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: INDUSTRY OVERVIEW 79
88 72
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
86
FRAUD IN THE PAST 12 MONTHS.
Information theft, loss, or attack (e.g., data theft) 33% 29% a cyber attack said the target was most often customer incident was environmental risk (24%). According to
3% points below 2016
records, followed by trade secrets (45%) and employee respondents, attacks were most commonly committed by
2% points above global average Corruption and bribery 28% 21%
records (35%). random perpetrators (31%).
Management conflict of interest 26% 26%
More than half (57%) felt their company is highly or Respondents reported feeling most highly or somewhat
FRAUD Internal financial fraud (manipulation of company results) 26% 23% somewhat vulnerable to data deletion, while nearly as many vulnerable to physical theft or loss of IP (53%). Concerns
Although respondents in the manufacturing sector reported said that email-based phishing attacks (55%) and virus/worm over terrorism (47%) rose the most, increasing 21
above-average levels of fraud this year (86% versus global MOST COMMON PERPETRATORS Global Avg. attacks (55%) are key vulnerabilities. Wire transfer fraud percentage points since last year.
average of 84%), this was 3 percentage points lower than Junior employees 42% 39%
sparked the greatest increase in feelings of vulnerability, up
MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
last year. 19 percentage points from last year.
Ex-employees 34% 34% Physical theft or loss of intellectual property 45% 41%
The most common type of fraud experienced by respondents Vendors/suppliers (i.e., a provider of technology or services
MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
Environmental risk (including damage caused by natural
in the sector was information theft, loss, or attack, reported to your company) 30% 30% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 24% 28%
Virus/worm attack 38% 36%
by a third (33%), followed by corruption and bribery (28%), Freelance/temporary employees 26% 26% Data breach (e.g., resulting in loss of customer or employee Workplace violence 19% 23%
management conflict of interest (26%), and internal financial Agents and/or intermediaries (i.e., a third party working data, IP/trade secrets/R&D) 26% 27%
Geographic and political risk (i.e., operating in areas of
fraud (26%). on behalf of your company) 22% 24% conflict) 19% 20%
Email-based phishing attack 26% 33%
Respondents were most likely to report junior employees as
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY Data deletion 22% 25% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
the perpetrators of fraud incidents (42%), followed by ex- OR SOMEWHAT VULNERABLE TO THE FOLLOWING OR SOMEWHAT VULNERABLE TO THE FOLLOWING
employees (34%). Most fraud instances were identified by a FRAUD RISKS Global Avg. SECURITY RISKS Global Avg.
MOST COMMON TARGET Global Avg.
whistleblower within the company (46%). Information theft, loss, or attack (e.g., data theft) 62% 57%
Customer records 49% 48% Physical theft or loss of intellectual property 53% 63%
In terms of current vulnerabilities, respondents are most Internal financial fraud (manipulation of company results) 57% 52% Terrorism, including domestic and international
Trade secrets/R&D/IP 45% 40% events 47% 49%
likely to feel highly or somewhat vulnerable to information
Vendor, supplier, or procurement fraud 56% 51% Geographic and political risk (i.e., operating in areas of
theft, loss, or attack (62%), internal financial fraud (57%), and Employee records 35% 41%
conflict) 45% 53%
vendor, supplier, or procurement fraud (56%). More than four IP theft (e.g., of trade secrets), piracy, or counterfeiting 52% 56%
Environmental risk (including damage caused by natural
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
in five respondents (84%) said their company has financial disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 45% 56%
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
controls (including fraud detection and internal audits) in MOST COMMON ANTI-FRAUD MEASURES Global Avg. CYBER RISKS Global Avg.
MOST COMMON PERPETRATORS Global Avg.
place to prevent fraud. The same percentage reported the Financial (financial controls, fraud detection, internal audit,
external audit, anti-money laundering policies) 84% 77% Data deletion 57% 58%
implementation of asset controls, such as physical security Random perpetrator 31% 30%
Assets (physical security systems, stock inventories, tagging,
systems, stock inventories, tagging, and asset registers. asset register) 84% 77%
Email-based phishing attack 55% 57%
Risk (risk officer and risk management system) 80% 75% MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg.
By a whistleblower at our company 46% 47% Incident response firm (investigations, breach notification) 18% 11%
80 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: INDUSTRY OVERVIEW 81
Natural
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
81
CYBER INCIDENTS IN THE PAST 12 MONTHS.
87
SECURITY INCIDENTS IN THE PAST 12 MONTHS.
85
FRAUD IN THE PAST 12 MONTHS.
Management conflict of interest 35% 26% management as the key perpetrators of security incidents.
5% points above 2016 Respondents in this sector say the most common target of
1% points above global average Market collusion (e.g., price fixing) 29% 19% cyber incidents are trade secrets/R&D/IP (47%), employee Almost three in four respondents felt most highly or
records (42%), and company or employee identity (42%). somewhat vulnerable to environmental risk (71%), which
IP theft (e.g., of trade secrets), piracy, or counterfeiting 27% 20%
would seem to be out of proportion to actual experience
FRAUD Generally in line with their actual experience, respondents in
Theft of physical assets or stock 25% 27% for this risk. Similarly, 64% of respondents reported feeling
the sector feel most vulnerable to email-based phishing attacks
85% of respondents in the natural resources sector reported vulnerable to workplace violence even though this did
Money laundering 23% 16% (69%), which is 21 percentage points higher than last year.
a fraud incident last year, slightly above the global average of not make the top three categories of incidents actually
These respondents also feel highly or somewhat vulnerable to
84% and an increase of five percentage points over last year. experienced.
MOST COMMON PERPETRATORS Global Avg. virus/worm attacks (64%) and wire transfer fraud (59%).
When asked which types of fraud they had faced, Junior employees 45% 39% MOST COMMON TYPES OF CYBER INCIDENT Global Avg. MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
respondents in this sector most often reported management
Ex-employees 41% 34%
conflict of interest (35%) and market collusion (29%). One in Email-based phishing attack 38% 33% Physical theft or loss of intellectual property 44% 41%
four (27%) said they had suffered from IP theft over the past Senior or middle management employees 34% 27% Virus/worm attack 37% 36%
Environmental risk (including damage caused by natural
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 42% 28%
12 months. All of these were well above the global averages Vendors/suppliers (i.e., a provider of technology or services
to your company) 32% 30% Alteration or change of data 31% 22% Geographic and political risk (i.e., operating in areas of
of 26%, 19%, and 20%, respectively. conflict) 27% 20%
Joint venture partners (i.e., a partner who provides
Junior employees were reported as the main perpetrators manufacturing or other business function, or a franchisee) 32% 23% MOST COMMON TARGET Global Avg.
MOST COMMON PERPETRATORS Global Avg.
of fraud in this sector (45%), followed by former employees
Trade secrets/R&D/IP 47% 40%
(41%) and senior or middle management (34%). Inside RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY Senior or middle management employees 40% 25%
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
information is key to the discovery of fraud in the sector, with FRAUD RISKS Global Avg.
Employee records 42% 41%
70% of fraud incidents discovered by a whistleblower. In fact, Company/employee identity 42% 35%
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
Management conflict of interest 68% 52% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
at 23 percentage points higher than the global average, this SECURITY RISKS Global Avg.
was the highest reported incidence of whistleblowing as a Information theft, loss, or attack (e.g., data theft) 65% 57% MOST COMMON PERPETRATORS Global Avg.
Environmental risk (including damage caused by natural
means of discovery among all sectors. Ex-employees 33% 28%
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 71% 56%
Misappropriation of company funds 61% 48%
Respondents in the natural resources sector are most Workplace violence 64% 50%
Theft of physical assets or stock 60% 55% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
likely to feel highly or somewhat vulnerable to management OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Physical theft or loss of intellectual property 58% 63%
conflict of interest (68%), which is 21 percentage points CYBER RISKS Global Avg.
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
higher than two years ago. These respondents also feel IP (intellectual property risk assessment and trademark monitoring Email-based phishing attack 69% 57%
significantly vulnerable to information theft, loss, or attack program) 80% 73%
Virus/worm attack 64% 62%
(65%) and misappropriation of company funds (61%). Financial (financial controls, fraud detection, internal audit,
external audit, anti-money laundering policies) 75% 77%
Wire transfer fraud (email account takeover/impersonation) 59% 50%
To decrease the risk of fraud incidents, four in five (80%) Management (management controls, incentives, external
respondents report their companies have intellectual supervision such as audit committee) 73% 74%
MOST COMMON PARTY TO CONTACT
property risk assessments and three-quarters (75%) say Partners, clients, and vendors (due diligence) 73% 73% WHEN A CYBER INCIDENT OCCURRED Global Avg.
financial controls that include fraud detection have been Reputation (media monitoring, compliance controls, legal
68% 72% IT service vendor 24% 35%
implemented. review)
Professional
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
87 65
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
89
FRAUD IN THE PAST 12 MONTHS.
Information theft, loss, or attack (e.g., data theft) 33% 29% for cyber attacks. The key perpetrators of these attacks actual experience, respondents reported feeling most highly
5% points above 2016
were cited as ex-employees (33%) and senior or middle or somewhat vulnerable to physical theft or loss of IP (67%).
5% points above global average Internal financial fraud (manipulation of company results) 29% 23%
management (25%). They also felt equally vulnerable to geographic and political
Vendor, supplier, or procurement fraud 27% 20% risks (55%) and environmental risks (56%).
When asked to consider what cyber risks they feel highly
FRAUD Corruption and bribery 27% 21% or somewhat vulnerable to, respondents most frequently MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
The number of respondents in the professional services mentioned stolen equipment with sensitive data (67%),
Theft of physical assets or stock 25% 27% Physical theft or loss of intellectual property 38% 41%
sector who reported fraud incidents increased 5 percentage an increase of 16 percentage points from last year.
Management conflict of interest 25% 26% Environmental risk (including damage caused by natural
points over last year, from 84% in 2016 to 89% this year. Respondents also had concerns over denial of service disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 29% 28%
Information theft, loss, or attack (33%) and internal financial attacks (64%) and data deletion (63%).
MOST COMMON PERPETRATORS Global Avg. Workplace violence 24% 23%
fraud (29%) were the main types of fraud reported by survey
MOST COMMON TYPES OF CYBER INCIDENT Global Avg.
respondents. Junior employees 37% 39%
MOST COMMON PERPETRATORS Global Avg.
Virus/worm attack 38% 36%
The most common perpetrators of fraud were junior Senior or middle management employees 31% 27%
Ex-employees 36% 37%
employees (37%), followed by senior or middle management Data deletion 29% 25%
Ex-employees 31% 34%
(31%) and ex-employees (31%), according to respondents. Data breach (e.g., resulting in loss of customer or employee
Vendors/suppliers (i.e., a provider of technology or services data, IP/trade secrets/R&D) 27% 27% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
These instances of fraud were discovered equally (43%) to your company) 29% 30% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
through whistleblowing or by management at the company. SECURITY RISKS Global Avg.
MOST COMMON TARGET Global Avg.
MOST COMMON ANTI-FRAUD MEASURES Global Avg.
IT security and technical countermeasures are implemented Physical theft or loss of intellectual property 67% 20%
Employee records 52% 41%
at most professional services companies as reported by Information (IT security, technical countermeasures) 88% 77% Geographic and political risk
(i.e., operating in areas of conflict) 57% 25%
88% of respondents. Other commonly reported anti-fraud Customer records 46% 48%
Risk (risk officer and risk management system) 82% 75% Environmental risk (including damage caused by natural
measures include risk officers and risk management systems disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 56% 21%
Assets (physical security systems, stock inventories, tagging, RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
(82%). These are both higher than the global averages of asset register) 80% 77% OR SOMEWHAT VULNERABLE TO THE FOLLOWING
77% and 75%, respectively. Financial (financial controls, fraud detection, internal audit, CYBER RISKS Global Avg.
external audit, anti-money laundering policies) 79% 77%
Respondents in this sector are most likely to feel highly or Stolen equipment with sensitive data 67% 55%
Staff (training, whistleblower hotline) 78% 74%
somewhat vulnerable to theft of physical assets or stock
Denial of service attack 64% 52%
(56%), IP theft (56%), and information theft or loss (51%).
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY Data deletion 63% 58%
OR SOMEWHAT VULNERABLE TO THE FOLLOWING
FRAUD RISKS Global Avg.
MOST COMMON PERPETRATORS Global Avg.
Theft of physical assets or stock 56% 55%
Ex-employees 33% 28%
IP theft (e.g., of trade secrets), piracy, or counterfeiting 56% 56%
Information theft, loss, or attack (e.g., data theft) 51% 57% MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg.
By management at our company 43% 35% Incident response firm (investigations, breach notification) 10% 11%
84 KROLL GLOBAL FRAUD & RISK REPORT - 2017/2018 GLOBAL FRAUD & RISK REPORT: INDUSTRY OVERVIEW 85
Retail, Wholesale,
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
82 75
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
89
FRAUD IN THE PAST 12 MONTHS.
Information theft, loss, or attack (e.g., data theft) 39% 29% highly or somewhat vulnerable to virus/worm attacks, and 61% Ex-employees were reported as the most likely perpetrators
6% points above 2016
feel vulnerable to ransomware attacks. of security incidents in the sector (35%), followed by
5% points above global average Theft of physical assets or stock 33% 27%
competitors (33%). Reflecting the type of incident most often
Employee records were the most common target of cyber
Management conflict of interest 32% 26% experienced, respondents reported feeling most highly or
attacks faced by respondents in this sector (53%), followed by
FRAUD Internal financial fraud (manipulation of company results) 28% 23% customer records (38%) and trade secrets (also 38%). Random somewhat vulnerable to physical theft or loss of intellectual
89% of respondents from the retail, wholesale, and distribution property (65%).
cyber criminals were cited as the most likely perpetrators (34%),
sector experienced a fraud incident in the previous 12 months, MOST COMMON PERPETRATORS Global Avg. followed by competitors (28%), who would potentially stand MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
5 percentage points higher than the global average and an Customers 31% 22% the most to gain from customer records and trade secrets. In
Physical theft or loss of intellectual property 42% 41%
increase of 6 percentage points over last year. Joint venture partners (i.e., a partner who provides the event of a cyber incident, respondents in this sector were
Environmental risk (including damage caused by natural
Respondents in the sector also reported higher than average
manufacturing or other business function, or a franchisee) 31% 23% most likely among all those in this survey to contact an incident disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 26% 28%
71
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
86
FRAUD IN THE PAST 12 MONTHS. experienced among all sectors. This was followed by virus/worm
Information theft, loss, or attack (e.g., data theft) 35% 29% for the report. Respondents are most likely to say they feel
7% points above 2016 infestations (41%). Both of these percentages were significantly highly or somewhat vulnerable to physical theft or loss of
2% points above global average Theft of physical assets or stock 31% 27% higher than the global averages (33% and 36%, respectively). intellectual property (66%), 19 percentage points higher than
Regulatory or compliance breach 29% 20% Respondents in this sector also reported a relatively high last year) as well as workplace violence (64%).
FRAUD IP theft (e.g., of trade secrets), piracy, or counterfeiting 27% 20%
incidence of ex-employees being responsible for cyber incidents.
MOST COMMON TYPES OF SECURITY INCIDENT Global Avg.
86% of respondents in the technology, media, and More than four in 10 (43%) said that ex-employees were the most
Management conflict of interest 27% 26%
telecoms sector experienced a fraud incident in the previous common perpetrators, compared to a global average of 28%. Physical theft or loss of intellectual property 39% 41%
12 months, slightly more than the global average (84%) and Executives in the technology, media, and telecoms sector Workplace violence 35% 23%
MOST COMMON PERPETRATORS Global Avg.
up 7 percentage points over last year’s reported 79%. surveyed for this year’s report feel most vulnerable to email-based Environmental risk (including damage caused by natural
disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 25% 28%
Those surveyed for the report from this sector experienced
Freelance/temporary employees 41% 26% phishing attacks (67%). They also feel vulnerable to ransomware
higher than average levels of information theft, loss, or attack attacks (65%), which is an increase of 21 percentage points from
Junior employees 41% 39%
last year. MOST COMMON PERPETRATORS Global Avg.
(35%) when compared with the global average (29%). The
Ex-employees 30% 34%
next most common fraud types reported by respondents in Customer records (cited by 53% of respondents) were the most Junior employees 42% 26%
Vendors and suppliers (i.e., a provider of technology or
this sector were theft of physical assets or stock (31%) and services to your company) 30% 30% frequent target of cyber incidents in the technology, media, and
regulatory or compliance breaches (29%). telecoms sector. RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Freelance/temporary employees were cited as joint most OR SOMEWHAT VULNERABLE TO THE FOLLOWING MOST COMMON TYPES OF CYBER INCIDENT Global Avg. SECURITY RISKS Global Avg.
likely perpetrators (41%), much higher than the global FRAUD RISKS Global Avg.
Email-based phishing attack 43% 33% Physical theft or loss of intellectual property 66% 47%
average of 26%. Perpetrators cited by respondents were
Management conflict of interest 63% 52%
equally likely to be junior employees (also 41%), followed by Virus/worm attack 41% 36% Workplace violence 64% 49%
ex-employees and vendors/suppliers (each at 30%). Information theft, loss, or attack (e.g., data theft) 62% 57% Environmental risk (including damage caused by natural
Alteration or change of data 35% 22% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 59% 51%
Insiders are the main source for uncovering fraud in this IP theft (e.g., of trade secrets), piracy, or counterfeiting 59% 56%
MOST COMMON PERPETRATORS Global Avg.
sector, with whistleblowing the most prevalent way in which
fraud was detected (59%). MOST COMMON ANTI-FRAUD MEASURES Global Avg. Ex-employees 43% 28%
Assets (physical security systems, stock inventories, tagging,
Respondents in this sector are most likely to report that they asset register) 88% 77% RESPONDENTS ARE MOST LIKELY TO FEEL HIGHLY
feel highly or somewhat vulnerable to management conflict OR SOMEWHAT VULNERABLE TO THE FOLLOWING
Information (IT security, technical countermeasures) 84% 78% CYBER RISKS Global Avg.
of interest (63%), more than double the number reported two
years ago (31%). Similarly, the number of respondents with Risk (risk officer and risk management system) 82% 75% Email-based phishing attack 67% 57%
concerns over market collusion more than tripled from two IP (intellectual property risk assessment and trademark monitoring
Ransomware attack 65% 55%
program) 82% 73%
years ago, 55% versus 17%.
MOST COMMON TARGET Global Avg.
The most common anti-fraud measure reported to be taken MOST COMMON MEANS OF DISCOVERY Global Avg.
relates to assets, such as physical security systems, stock Customer records 53% 48%
By a whistleblower at our company 59% 47%
inventories, and tagging, according to 88% of respondents. Employee records 51% 41%
Anti-fraud measures taken by respondents in this sector
relating to information, such as IT security, were reported to MOST COMMON PARTY TO CONTACT
WHEN A CYBER INCIDENT OCCURRED Global Avg.
be slightly lower (at 84%).
IT service vendor 38% 35%
Transportation,
PERCENTAGE OF RESPONDENTS AFFECTED BY PERCENTAGE OF RESPONDENTS AFFECTED BY
60
CYBER INCIDENTS IN THE PAST 12 MONTHS. SECURITY INCIDENTS IN THE PAST 12 MONTHS.
of physical assets or stock (34%) and information theft, Theft of physical assets or stock 53% 55% Random perpetrator 38% 30%
Email-based phishing attack 28% 33%
loss, or attack (34%), both of which are higher than the Corruption and bribery 51% 50%
Data deletion 25% 25% RESPONDENTS ARE MOST OR SOMEWHAT LIKELY
global averages of 27% and 29%, respectively. These were
Market collusion (e.g., price fixing) 51% 50% TO FEEL HIGHLY VULNERABLE TO THE FOLLOWING
followed by internal financial fraud (23%). Ex-employees SECURITY RISKS Global Avg.
MOST COMMON TARGET Global Avg.
(36%), customers (27%), and senior or middle management Management conflict of interest 49% 52%
Customer records 55% 48% Physical theft or loss of intellectual property 63% 63%
(27%) were reported as the most likely perpetrators of fraud Money laundering 49% 43%
Environmental risk (including damage caused by natural
by respondents in this sector. Company/employee identity 39% 35% disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) 60% 56%
MOST COMMON PERPETRATORS Global Avg.
Those surveyed for the report from this sector reported that Geographic and political risk (i.e., operating in areas of
MOST COMMON PERPETRATORS Global Avg. conflict) 51% 53%
fraud is most often discovered internally, with whistleblowing Ex-employees 36% 34%
and internal audits the most common ways in which Random cyber criminals 32% 34%
Senior or middle management employees 27% 27%
incidents are discovered (each at 39%).
RESPONDENTS ARE MOST OR SOMEWHAT LIKELY
Customers 27% 22%
Respondents were most likely to say that they feel highly TO FEEL HIGHLY VULNERABLE TO THE FOLLOWING
CYBER RISKS Global Avg.
or somewhat vulnerable to theft of physical assets or stock Junior employees 20% 39%
(53%) and corruption and bribery (51%). Additionally, the Alteration or change of data 58% 56%
number of those concerned over market collusion nearly MOST COMMON ANTI-FRAUD MEASURES Global Avg.
Ransomware attack 56% 55%
tripled from the number reported two years ago, 51% Risk (risk officer and risk management system) 82% 75%
versus 18%. Virus/worm attack 56% 62%
IP (intellectual property risk assessment and trademark monitoring
program) 78% 73% Data breach (e.g., resulting in loss of customer or employee
The most common anti-fraud measures put in place by data, IP/trade secrets/R&D) 55% 55%
Reputation (media monitoring, compliance controls, legal
organizations in this sector, as reported by respondents, review) 78% 72%
MOST COMMON PARTY TO CONTACT
were the introduction of measures relating to risk, such as WHEN A CYBER INCIDENT OCCURRED Global Avg.
Partners, clients, and vendors (due diligence) 78% 73%
a risk officer (82%); intellectual property (78%); reputation,
Financial (financial controls, fraud detection, internal audit, IT service vendor 34% 35%
such as media monitoring (78%); partner, client, and vendor external audit, anti-money laundering policies) 78% 77%
due diligence(78%); and financial controls (78%). Incident response firm (investigations, breach notification) 11% 11%
MOST COMMON MEANS OF DISCOVERY Global Avg.
Webhosting/website provider 11% 8%
By a whistleblower at our company 39% 47%
We help our clients anticipate, detect, mitigate, and respond to risk. Boston Bogota London Hong Kong
Daniel Linskey Pablo Iragorri Neil Kirton Paul Jackson
T +1 617 210 7471 T +57 1 742 5556 T +44 20 70 29 5000 T +852 2884 7763
daniel.linskey@kroll.com pablo.iragorri@kroll.com nkirton@kroll.com paul.jackson@kroll.com
San Francisco
OUR VALUES Betsy Blumenthal
T +1 415 743 4825
• We work tirelessly to earn the trust and confidence of our clients bblument@kroll.com
• We are responsive and take pride in understanding our clients’ needs
Toronto
• We look beyond the commonplace to find answers that others do not see Peter McFarlane
T +1 416 813 4401
• We work together across the globe and embrace the entrepreneurial spirit of our people pmcfarlane@kroll.com
© 2018 Kroll. All Rights Reserved. These materials have been prepared for general information purposes only
and do not constitute legal or other professional advice. Always consult with your own professional and legal
advisors concerning your individual situation and any specific questions you may have.