Insights & Reports > Kroll Global Fraud Report

Fraud heatmap: where industry feels the pain,
and how it reacts

As in previous surveys, we have attempted to plot significant areas of fraud loss for particular sectors using a heatmap. The pattern that emerges is clear and straightforward – each sector has its own risk profile, typically caused by its exposure to risk from clients, suppliers, staff and governments or regulators. These dictate the types of threat it faces from fraud. The grid in Figure 1 averages the findings from Kroll’s Global Fraud Surveys in 2007, 2008 and 2009 and it shows specific fraud threat by sector. We have regarded a sector as especially highly exposed if its exposure is higher than other sectors. So calling money laundering a high threat to financial services reflects the fact that it experiences this more than other sectors, not that money laundering is common in banking (it isn’t).

Figure 1: Fraud experienced by survey respondents by sector

What also emerges is that some fraud threats are relatively pervasive – most sectors experience them at different times: theft of assets or stock, financial mismanagement, and (a sign of changing times) information theft, loss or attack and IP theft, privacy or counterfeiting. These are the most basic forms of fraud. Others are more specific to certain sectors: corruption and bribery, regulatory and compliance breach apply to sectors with government as a regulator or client. Internal financial fraud or theft affect businesses in particular where cash and cash handling is important (financial services, retail, wholesale and distribution, and travel, leisure and transportation). Vendor fraud strikes those businesses with extended or complex supply chains (construction and engineering, consumer goods, and retail, wholesale and distribution). Money laundering is quite specific to financial services, with lower levels of incidence in a couple of other areas. It figures, therefore, that each industry has its own profile when it comes to fraud countermeasures. Banks need more elaborate measures to safeguard their finances than consumer goods companies, but they don’t need to spend as much on IP protection. Figure 2 shows the pattern of measures they have taken. Some areas (financial controls, physical security, IT security and protection of assets) are generic protection against several kinds of threat. Others (due diligence, staff screening, IP protection) are specific to sectors that face complex supply chains, sensitive internal issues or regulation or high-value IP. Together, this mixture of threat and counter-measure makes for the risk profile of the industry concerned. Each has prioritized the threats it faces and the measures it is ready to take to prevent, detect or mitigate them.

Figure 2: Fraud countermeasures adopted by survey respondents by sector