The Unknown Unknowns

Bob Pointer - CFIL Global

Let’s not beat around the bush, fraud is at epidemic proportions and shows no signs of slowing down. The total cost of reported fraud in the UK August 2016 to August 2017 is £193 billion, of which £144 billion was lost in the private sector, according to figures from Portsmouth Universities Centre for Counter Fraud Studies.

Furthermore, £1.9 billion of the private sector figures accounts for the cost of loss suffered by charities whilst £10 billion was against individuals. Whilst there is no official breakdown, my knowledge and experience leads me to the conclusion that at least 50% of the loss to individuals will be through or connected to their business (sole traders, micro companies).

The creation of a dedicated fraud reporting pathway Action Fraud, which bypasses the Police and makes reporting much easier, is quoted regularly as the reason why the fraud figures have soared and keep on going up unabated. However, my experience on the ground is different, I meet many small businesses who don’t bother reporting fraud as they believe its just a paper exercise.

There is some truth is this. The sheer size of fraud coupled with ever decreasing numbers and higher and wider demands mean our Police service cannot effectively respond to every single report of fraud.

All reports made are sent directly to the National Fraud Intelligence Bureau (NFIB) where patterns and trends are identified, and where needed reports sent out to individual forces to deal. The NFIB also regularly shut down websites and act to deny service to fraudsters. Still it is a fact that over 95% of all reported frauds are not actively investigated.

Trends identified within the figures support the view that fraudsters are now turning their attentions towards smaller businesses and individuals.

Small businesses have significantly fewer anti-fraud controls than large organisations. This gap in fraud prevention and detection leaves small businesses susceptible to frauds that can cause significant harm to their limited finances.

The fact that small businesses, especially in locations like the Forest of Dean, tend to do business with people they know does offer some level of security.

However, the risks are not always from outside. As far back as 2015 compliance and risk specialists Kroll identified that globally 81% of reported fraud had an insider involvement to some extent.

There are two types of insiders - conscious and unconscious. Conscious Insiders are those who for whatever reason decide to work against the company – skimming money off sales, false invoicing, inflated expense claims etc. However, there are others who are just consciously incompetent, sloppy, inattentive and “wilfully blind” to the risks of their actions – they may have been told not to open email attachments from non-trusted source’s, but they do it anyway.

Far more dangerous though are those individuals who are unconsciously incompetent they simply don’t know what they don’t know – and here’s where I potentially upset and alienate readers because I’m sorry to say THIS COULD BE YOU!

This is not seeking to unjustly apportioning blame, it is a fact that we all need but fail to keep ourselves updated to the risks and latest scams. Training companies know this, and it is often reflected in the cost of many programmes which prices out those who really could benefit from the knowledge.

This is the premise upon which myself and fellow CAP member Mark Davies seek to address by firstly holding a 2-hour awareness session - GDPR security and Identity on the 14th March and secondly using this as a forum to discuss the viability and appetite for the development of some form of local security community.
​
I sincerely hope you will not only support this event by attending but by spreading the word to those who do not network but who really need to know what they don’t know.
​

---