The DFCG and Euler Herms have presented a study on fraud in 2019. A subject that the DAF must take seriously since it concerns 7 out of 10 companies. The most common methods are identity theft for two thirds and the intrusion into the IS for the remaining third. (Image Pete Linforth / Pixabay)
The network of French financial leaders DFCG and the credit insurance company Euler Hermes published a survey on the attitude of businesses towards fraud and cybercrime in 2019, the results of which they presented at the digital automation week from Itesoft, automation editor and process orchestration. 200 companies were questioned about the state of the threat
More than 7 in 10 companies in the sample report having undergone at least one attempted fraud in 2019 and for more than one in 4, fraud has been proven. “Most of the time, fraudsters repeat their attacks up to 5 times against the same target, until they break the company’s lines of defense,” said Christian Laveau, president of the DFCG cyber fraud working group. And the impact is heavy since for a third of the respondents, the damage exceeded 10,000 euros and for one in ten, it amounted to more than 100,000 euros. Unsurprisingly, 84% fear an increase in these risks, 6% more than in 2018. All the more worrying that the survey was conducted before the covid-19 crisis.
In 29% of cases, fraud is a cyber fraud
In addition to identity theft (false supplier, false president, false customer, etc.), intrusions into the information system represent for 29% the most frequent forms of fraud. Increasingly, they are used for direct attacks via ransomware (15%) but also to prepare fraud. In more than half of the cases, it was a human initiative that exposed the problem. According to the DFCG, this can mean that the control systems are too weak or not systematic enough, or that too few technical tools are used.
Six out of ten companies have allocated no budget to combat this cyber threat. The investments undertaken go as a priority (56%) to raising awareness and training other departments than the DAF, to the IT security audit and internal control procedures. According to Christian Laveau, to better protect themselves, the DAF must absolutely take several types of steps. They must revisit their control standards and the modus operandi with their bankers (identify free access signatures, for example), take into account weak signals of vulnerability (control procedures, IT, temporary or vacation employees, etc.) and initiate internal investigations. “And after a cyber fraud,” he adds, “they must not forget to communicate on what happened, to analyze the causes and to give feedback in due form. “
To read other news on innovation in the fields of DAF, visit our site DAF issues