Challenges facing CIOs and CISOs in managing fraud
Digital proliferation is expanding enterprises’ risk footprint and increasing the challenges faced by CIOs and CISOs in mitigating fraud risks
Fraud is increasing globally – across all sectors. The Association for Certified Fraud Examiners (ACFE) says in its 2018 Report to the Nations global study on occupational fraud and abuse that global fraud losses could amount to as much as USD4 Trillion in 2017 alone, with 53% of victims recovering nothing and 32% making only a partial recovery. The most common types of occupational fraud including asset misappropriation, corruption schemes and financial statement fraud. But the challenge of fraud is not isolated to the financial services industry: organisations the world over are falling victim, particularly as an increasingly digital environment presents new channels and opportunities to fraudsters to commit fraud and theft, often with insider collusion and compromised employees.
In Kenya, digital fraud is reported to have topped Ksh 17 billion in 2016 alone, with entities such as the National Bank of Kenya coming under a high profile attack by a syndicate who stole up to Ksh 29 million last year. In South Africa, Absa reported recently that South Africa had seen a significant spike in digital fraud, with digital banking fraud cases increasing by 64% over the past year and impacting the entire financial services industry.
However, publicised fraud losses are often just estimates, as many incidents are not reported. According to the recent 2019 State of Cybersecurity Study from ISACA, losses to cybercrime may be ‘vastly underreported’ globally.
This may come as no surprise to those at the ‘coal face’ – the CIOs and CISOs enmeshed in a daily battle to fraud and cyber risk around the world. IDC’S WE European IT Security Strategies Survey revealed that security teams are understaffed and overwhelmed, IT resources are being used almost to capacity for maintenance and management, and to facilitate rapid service rollouts, limiting their availability to manage security.
On top of this, IDC’s research found that:
- 44% of the operational team is kept too busy with routine tasks
- 38% of security teams spend more time maintaining and managing security tools rather than performing security investigations
- 37% report high levels of demand for new business services
- 34% report there is not enough integration into IT infrastructure teams
- 36% cite management’s lack of understanding as a barrier to effective security
This echoes some of the findings from Myriad Connect’s Fraud Kenya 2018: CIO expert insights research, which highlighted some of the key challenges faced by the financial service industry:
- Lack of strict legislation and penalties for perpetrators of digital transaction fraud Rapid changes in technology and advanced skills of hackers
- The market-wide issue of insider collusion and compromised employees committing fraud
- Cyber-security awareness of consumers is low, so customers often fall victims to scams or don’t protect their sensitive information well enough
- Lack of collaboration between FSI players
Overcoming these challenges demands a combination of legislative will, management commitment, strict policy enforcement, and the technology tools to support cybercrime and fraud prevention. Enterprise efforts to combat fraud can be supported through collaboration in the financial services industry, stepped up efforts to raise fraud awareness among consumers, and increased penalties for the perpetrators of digital transaction fraud.