57% of French companies fell victim to a cyber attack in 2016
- 8 out of 10 French companies experienced at least one instance of attempted fraud in 2016
- 25% of companies suffered more than 10 fraud attempts in 2016
- “Fake president” fraud is the most frequent threat (58%), followed by cyber attacks (57%)
For the third consecutive year, Euler Hermes, the European leader in insurance fraud, and DFCG, the national association of directors of finance and management control, have collaborated on a major survey on the risk of fraud in French companies. Two hundred financial directors were asked about their company’s fraud exposure and experiences as well as the preventive measures they have taken to address the risk of fraud.
According to the study, the risk of fraud continues to loom large over French companies. Indeed, more than 8 out of 10 companies report falling victim to at least one attempted fraud during 2016. The threat is intensifying and French companies are continually targeted; Indeed, 25% of them suffered more than 10 fraud attempts in 2016.
Commenting on the findings, Eric Lenoir, Chairman of the Executive Committee of Euler Hermes France, says: “These are worrying statistics, especially when we know that 20% of respondents failed to thwart all fraud attempts, and that the losses caused can significantly affect business cash flow and profitability. In fact, 10% of the companies attacked last year suffered a loss of more than €100,000.”
From identity theft to cyber risk, fraud is a multifaceted threat
"Fake president" fraud is one of the most common threats cited by respondents (58%). It is followed by identity theft based fraud: "fake suppliers" (56%), "fake customers" (25%), and even "fake bankers, lawyers or auditors" (29%). But the striking phenomenon is the rapid increase of cyber crime. Some 57% of companies reported having experienced at least one cyber attack in 2016 (up from 32% in 2015).
"We are facing a veritable explosion of this type of fraud, which manifests itself in various forms. The most common is still ransomware, which affected 22% of responding companies last year. The scope of cyber fraud is constantly evolving, like its perpetrators, in a rapidly changing technological universe. Fraudsters have easier access to highly developed and powerful tools, allowing the industrialisation of some attacks, hence it is a growing and multifaceted threat," explains Sébastien Hager, Fraud Expert at Euler Hermes France.
Fraud prevention systems can be strengthened
Given the rapid evolution of fraud, companies are increasingly aware of their rising risk exposure with 81% of financial directors surveyed fearing a higher risk of fraud in 2017. How should they react and fight against the growing phenomenon of corporate fraud?
"The study shows one essential thing: it is by combining tools, human intervention and processes that companies manage to fight fraud," says Sophie Macieira-Coelho, Chair of the Scientific Committee of DFCG. "Human reactions predominate (53%), ahead of internal control procedures (28%) and IT devices (19%), but they all come together in a comprehensive and collective discipline making it possible to organise the company’s response."
Nevertheless, the study emphasises that 63% of companies have no emergency plan to activate in case of fraud. A worrying figure, as reactivity is paramount to limit the damage suffered. "To meet this need for information and training on fraud, DFCG has set up a dedicated training programme,” says Sophie Macieira-Coelho. "It also publishes articles or files on this subject in the journal “Finance & Management”. More generally, the fight against fraud is part of a risk management approach, and companies would benefit from greater commitment to such an approach. The study shows that only 22% of companies have conducted a risk mapping exercise, yet this is essential. Moreover, risk management, particularly among SMEs, is a priority if we are to anticipate and prevent risks rather than suffer damage."
"87% of companies which responded are concerned that fraud will seriously affect their cash flow. Insuring against fraud is the most effective way to protect businesses against such risk. To help companies proactively protect their assets, we launched a fraud insurance product in France in 2015. It covers losses due to internal fraud, external fraud and cyber fraud, as well as certain other costs incurred. Since reactivity is the key to effective protection, we also offer personalised support upon discovery of the loss, and compensation within 30 days after agreement on the amount," concludes Eric Lenoir.