CIFAS, a UK-based nonprofit association with members in both the private and public sectors, reports that they measured a 14.5% increase in the number of reported cases of staff initiated fraud in 2011 over those reported in 2010.
The organization initiated the Staff Fraud Database in 2006 which collects data from more than 220 member organizations across multiple sectors.
"This type of fraud can damage businesses reputation, brand and staff morale - as well as losing thousands of pounds. Employers must be on their guard when vetting prospective employees and ensuring that appropriate controls and a zero tolerance culture exists within their organisations to ensure that staff fraud cannot prosper," CIFAS states.
The group also reports the following trends:
- CIFAS Members' data sharing efforts have revealed the most common way for staff frauds to be identified are through an organisation's own monitoring and controls - demonstrating the important role that effective management plays.
- The value of reported fraud, as revealed in BDO Stoy Hayward's Fraudtrack report rocketed to more than £2bn in the UK in 2011, representing a 50% increase on 2010's figure of £1.4bn. This means that since its launch in 2003, when fraud totalled £331m, there has been a seven-fold increase in the cost of reported fraud.
- There has been a massive rise in identity theft in recent years: from 77,500 cases in 2007 to over 113,000 cases in 2011, with organised criminals frequently targeting insiders within an organisation in order to obtain the personal data needed to commit this crime.
The insider threat is particularly troublesome for organizations, as the the perpetrators have access to the most confidential of information, and breach detection usually only occurs after the damage is done.
"The majority of staff within any organisation are trustworthy and honest. But businesses must understand the scale of the threat posed by the small proportion of staff who act dishonestly and defraud their employer and the numerous ways in which an organisation can be targeted," said Arjun Medhi, CIFAS Staff Fraud Adviser.
"The way in which organisations approach the issue of staff fraud is changing to respond to the increased risk. Many organisations have historically been anxious to play down the threat from within and focus, instead, on the fraud risks presented by customers. The days when the majority of cases would be handled quietly with no publicity are long gone however, with customers and shareholders wanting to know that organisations are doing all that they can to safeguard against the threat," Medhi continued.
A survey of 1000 white collar employees conducted by Imperva in 2010 revealed that more than two-thirds of employees admitted they are willing to take everything from client and customer records to the intellectual property of their employer.
The study reported that 85% have confidential company information on their home computers or personal mobile devices, 75% admit to having client records, and 27% admit to having sensitive intellectual data.
At least half of the employees surveyed had reported they had accessed data they were not cleared to peruse, and three-quarters stated that the data access control mechanisms in place were easy to bypass.
"Employers should adopt a risk-based approach to managing employee fraud and dishonesty which is appropriate to the organisation, the industry sector and different job roles. It is also vital that [counter] fraud teams engage with HR departments as a balanced approach is required to manage the risks while maintaining the trust of the vast majority of honest employees," said Mike Emmott, CIPD Employee Relations Adviser.
The trick is to implement controls in such a was as to avoid developing an atmosphere of mistrust. Emmot recommends that along with controls, clear and concise policies need to be developed and the intentions of those policies need to be clearly communicated to employees.
"CIPD research shows that organisations that seek to monitor their employees excessively are unlikely to create a work environment that encourages trust, loyalty and commitment. So, it is important for employers to communicate clearly why policies are in place, so that employees know that there is a good reason behind the approach being taken and that it is not simply a 'Big Brother' encroachment on their privacy," Emmott cautioned.