Story image

Survey finds China’s a hotspot for all types of fraud: Whistleblowing may be the answer

23 Jan 2017

Last year saw a jump in fraud and risk incidents across China, and one third of these were perpetrated in part by senior or middle management, according to a new survey by Kroll.

The new survey, titled the Kroll Annual Global Fraud and Risk Report, surveyed 545 senior executives across a range of industries worldwide.  

It found that 86% of respondents with operations in China experienced a fraud incident last year, a 13% jump since 2015. It is now well above the global average of 82%.

Overall, the global average has also jumped from its 75% rating in 2015, highlighting the growing threat to corporate reputation and regulatory compliance.

What’s more, a further 25% of respondents were reluctant to operate in China because of fraud concerns.

“China is the dominant trading partner of many countries, therefore, it wouldn’t be in the best interest to shy away simply because of concerns over fraud,” says Violet Ho, senior managing director and co-head of Kroll’s Greater China Investigations and Dispute practice.

“Managing fraud risk in China is achievable with a clear and consistent strategy. It is essential to treat the fight against fraud as a long-term game. Getting the most out of the whistle-blowing system, ensuring independence of investigations and building a strong compliance culture with the right tone from the top could be effective approaches to mitigate risks,” Ho continues.

The report also found that 41% of breaches were regulatory or compliance breaches, followed by vendor, supplier or procurement fraud. Both were higher than the global average.  

Other fraud types include theft of physical assets, stock, data and information. The survey also found that corruption, bribery, market collusion and misappropriation of company funds also contributed to ‘above average rates’.

52% of respondents attributed joint venture partners as the key perpetrators of fraud – almost twice the global average.

“Apart from junior employees, fraud in China was often committed by senior or middle management, resulting in potentially more significant losses. It also often involved cross-departmental and multiple-party-collusion, rendering many traditional internal control measures ineffective,” adds Colum Bancroft, managing director and co-head of Kroll’s Greater China Investigations and Dispute practice.

Bancroft says that rapid staff turnover and expansion have contributed to a lack of continuity in fraud detection and governance, while fraudsters are targeting those gaps.

As protection, 90% had invested in partner, client or vendor due diligence, while 86% had invested in physical asset protection.

Cyber incidents also hit 86% of respondents within the past 12 months. 41% were phishing attacks, 39% were viruses or worms and 39% were due to malware issues that caused file deletion or corruption.

Most cyber attacks targeted customer records (82%), as well as trade secrets, intellectual property and R&D. 48% of respondents said their company’s relationship with regulatory authorities was strongly affected by cyber attacks.

To fight back against fraud, 86% had invested in board engagement in cyber policies and procedures.

Whistleblowers and external audits accounted for (55%) of discovered fraud cases.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.