Businesses reported all-time high levels of fraud, cyber and security incidents during 2017, according to senior corporate executives surveyed worldwide for the 2017/18 Kroll Annual Global Fraud & Risk Report.

About 84% of companies surveyed worldwide experienced a fraud incident in 2017, according to the report. 

The proportion of executives reporting that their companies fell victim to at least one instance of fraud over the past 12 months increased to 84%, from 82% in the previous year. Levels of reported fraud have steadily risen every year since 2012, when the reported occurrence was just 61%.

ecommerce-fraud-arm-out-of-screen-feature.jpg

An even greater percentage of executives surveyed (86%) said their companies had experienced a cyber incident or information theft, loss, or attack over the past 12 months, slightly up from 85% in 2016. 70% reported the occurrence of at least one security incident during the past year, compared to 68% in the previous survey.

For the first time in the report’s 10-year history, information theft, loss, or attack was the most prevalent type of fraud experienced, cited by 29% of respondents, up 5 percentage points from the previous year. This edged out theft of physical assets or stock, long the most common type of organizational loss, which this year was the second most frequently cited incident (27%).

Cyberattacks represent one of the most persistent threats to confidential information. In fact, the reported level of occurrence for every type of cyber-incident included in the survey increased in the last 12 months.

“In a digitized world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats,” said Jason Smolanoff, senior managing director and global cybersecurity practice leader for Kroll. “Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetize confidential information, including personal data.”

He added, “People instinctively think about data being targeted by cyber-attacks, but not all threats to information are confined to the digital realm. There is a convergence between physical and digital threats, with issues arising from equipment with sensitive data being stolen or lost, for example, or employees with access to highly sensitive information accidentally or intentionally causing a breach.”

With reported cyber incidents at an all-time high and perpetrators seeming to develop new methods of attack virtually every day, at least half of all executives surveyed are apprehensive about every type of cyber incident identified in the survey.

Insiders and ex-employees continue to pose the greatest threat to companies around the world. Respondents revealed that fraud, cyber, and security incidents are often inside jobs perpetrated by members of management or current, former, or temporary employees.

Of those reporting a fraud incident, 81% cited one or more insiders as perpetrators. Additionally, 58% of respondents who reported a cyber incident and 71% of those who experienced a security incident primarily identified insiders as the perpetrators.

In addition to reporting extremely high incidence levels, survey respondents indicated that the repercussions of fraud, cyber, and security events were costly and wide-ranging - affecting customers, employees, and the organization’s reputation and bottom line.

Reflecting the high levels of vulnerability reported by respondents to cyber intrusions, the top three cyber risk mitigation measures that executives expect their companies to implement in 2018 all address the problem of intrusions, including: endpoint threat monitoring tools, and intrusion detection systems that are both device-based and network-based.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.