Protecting the perimeter: The rise of external fraud

PwC’s Global Economic Crime and Fraud Survey 2022

April 20, 2022

External threats are on the rise

PwC’s Global Economic Crime and Fraud Survey 2022 shows good news: the proportion of organisations experiencing fraud has remained relatively steady since 2018. However, the survey of 1,296 executives across 53 countries and regions found a rising threat from external perpetrators—bad actors that are quickly growing in strength and effectiveness. Nearly 70% of organisations experiencing fraud reported that the most disruptive incident came via an external attack or collusion between external and internal sources.

46% of surveyed organisations reported experiencing fraud, corruption or other economic crimes in the last 24 months.

Cybercrime stood out among 19 categories of economic crime as the most widespread — and most disruptive — event experienced globally. It’s not news that cyber attacks have risen and spread over the past two years. What’s not often reported is businesses’ experience with cybercrime compared to other types of economic crime. This survey provides valuable context and broader lens.

Is your company allocating resources properly to fight the most important fraud risks to your business?
Can your company reap efficiencies from improvements that address classes of crime that tend to go together?

Download the report

In the spotlight: cyber-enabled economic crime

Cybercrime is perpetrated for direct financial gain: ransom to get data and systems restored, intellectual property theft, proceeds from sales of data in the dark web. And then there’s cyber-enabled economic crime: the kind that starts as a cyber attack and then morphs into vendor fraud, customer fraud or money laundering, as the fraudster wends its way through systems, devices, and user identities to reach its final price.

Arrayed against businesses is a growing economy of commercial cybercrime providers. Fraudsters need only to buy from these providers for offensive security solutions. The established cybercrime providers operate globally and can provide tools such as phishing-as-a-service or ransomware-as-a-service or access-as-a-service.

Cybercrime, if not stopped, is an enabler of many other forms of economic crime. The clear implication? Companies need to find new ways to bring together disjointed departments and identify risk scenarios across various functions. Cyber threats and fraud are often handled by separate departments that don’t work together or communicate about risk.

Download the report

“Organisations need to adopt a unified approach that successfully fuses cyber, finance, and non-financial controls. Taking this panoramic view, organisations might find that they need to refresh their fraud management programme framework to organise teams differently, align roles, and develop better playbooks and technology strategies.”

Gianfranco MautonePartner, Forensic Services and Financial Crime Leader, PwC Switzerland

Platforms are the new fraud frontier

What’s the point of entry for external fraudsters? Many are exploiting new technologies being deployed by companies. Digital platforms, such as social media, services (for example, rideshare or lodging) and e-commerce, open the door to fraud and economic crime risks that most companies are just beginning to appreciate. Of those organisations experiencing fraud in the last two years, for four in ten it was connected to the digital platforms they rely on.

40% of those encountering fraud experienced platform fraud.

The pandemic created additional vulnerability as organisations accelerated the shift to digital operations. Meanwhile, new fraud risks are emerging and new predators are gaining strength. What, exactly, is the fraud risk that companies face today? Read the full report to learn more.

Understand your platform risks by taking our survey, and watch for deeper insights on platform fraud coming soon.

Three actions to protect your perimeter

1. Understand the end-to-end life cycle
2. Strike the proper balance
3. Orchestrate data

1. Understand the end-to-end life cycle

Identify where opportunities exist for a fraudster to exploit customer-facing products and cause financial, legal or reputational damage.

2. Strike the proper balance

Good user experience and effective fraud controls are both achievable, through the right combination of fraud technology, strategy and processes.

3. Orchestrate data

Consolidate data from disparate, disconnected systems into a centralised platform that can track the end-to-end life cycle of users (fraudsters or not) and generate meaningful alerts.