9 July 2003

* 60% of UK businesses believe they know what fraud is happening to them - but most counter-measures are reactive and won't prevent 'smarter' fraudsters, says Detica*

Fraud - theft with deception - is a major problem for UK businesses and public sector bodies with corruption, theft, identity theft and falsification cited among the biggest threats organisations claim to be facing according to research commissioned by Detica, the independent security and technology consultancy. The research also shows that many are relying too much on basic technology solutions such as firewalls and virtual private networks to counter the problem whilst the threat of insider fraud is largely neglected.

The survey asked director level respondents across FTSE 500 companies and major public institutions if they believed they had a good understanding of fraud as it affects their organisation. Whilst nearly 60 per cent believed they did, there was a degree of confusion as to what types of fraud were occurring. Theft was cited by 25 per cent as being the biggest incident closely followed by identity theft (20 per cent), corruption (19 per cent) and falsification (9 per cent) Worryingly a large percentage - 27 per cent - did not know.

In combating fraud, organisations were questioned on whether they had people or automated systems dedicated to the task of proactively examining electronic audit trails and other core systems in order to detect insider or outsider fraud? Just 38 per cent replied that they had. When it came to more sophisticated anti-fraud technology measures, only nine per cent were considering intrusion detection systems and seven per cent security monitoring systems.

David Porter, head of security and risk at Detica, commented, "The lack of proactivity in fraud detection is striking. The average length of time to detect a fraudster is 18 months - how much damage can be done both to an organisation's reputation and their bottom-line in that time? It should be a matter of course that all system log data is put into a data warehouse and analysed for anomalous behaviour. Yet most companies are not doing this. It's positive that many companies are admitting to fraud being a problem but with such a high number not knowing what types of fraud they are up against they can't even begin to make a start on tackling the issue."

Porter continues: "The figure that is most worrying is that 65 per cent do not have teams dedicated to the detection of insider fraud. This is one of the biggest fraud threats to businesses. Basic technologies such as firewalls make many feel safe from the external fraud threat when in actual fact the biggest threat comes from within the organisation. Fraudsters are getting 'smarter' and realise that conducting fraud from the inside is much easier than attempting it from the outside. There is no 'out of the box' solution to tackling the problem but, as a first step, teams do need to be set up internally and combine innovative technology with revamped processes to meet the threat."

The research entitled Fraud in the UK 2003 was commissioned by Detica and conducted by The Ashdown Group to ascertain the current situation at 140 FTSE 500 companies and major public sector organisations. Interviews were conducted in April 2003. For a copy of the research report, please contact Lucy Bartley by e-mail: lucy.bartley@detica.com

Nick Miles Text 100 Public Relations Tel: +44 (0)208 846 0700 email: