With a challenging economy and an already overflowing to-do list of preparation for the new year, CFOs must be mindful of technological threats to their businesses. Consequences of limited or misguided approaches towards cybersecurity can be lethal to an organization. According to the recent State of Fraud Benchmark Report from Alloy, six and seven-figure-costing data breaches are becoming more common among financial institutions of all sizes.
“Fraud is the highest it’s ever been,” said Tommy Nicholas, CEO and co-founder of Alloy. “Rapid digitization and an influx of cash from pandemic relief scams have created the perfect conditions for fraudsters to thrive.”
Ninety-one percent of the report’s respondents said fraud rates have increased at their organization year-over-year. The report, which surveyed 251 people working in fraud-related roles at financial institutions, also found that 71% of respondents increased spending on fraud mitigation.
The nexus of where security breaches occur is the first step in identifying where a company needs improvement post-infiltration. According to findings, 62% of breaches were labeled as first-party fraud, meaning an individual misrepresents their own identity, financial situation, or intention to repay a financial institution.
For the other roughly two-thirds of case degrees, second-party fraud was nearly identical to third-party fraud in terms of response rate. Second-party fraud is when a perpetrator convinces another person to use their identity or personal information, and was responsible for 39% of fraud cases. Third-party fraud, or financial crimes that are committed while using someone else’s (stolen) identity, was responsible for 38% of crimes.
“Regardless of sector or size, financial institutions must do more to keep their customers’ assets safe from fraud, but without compromising on the customer experience,” Nicholas said.
Among these different fraud types, the sectors of financial industries varied. Online or pure-play lending institutions led the way in both first and second-degree fraud (75% and 58% respectively), and community banks and credit unions fell victim to the most third-degree fraud, with more than half (56%) of the fraud using someone else’s already stolen identity.
While nearly 70% of respondents said their company fell victim to at least $500K in fraud in 2022, allocations towards cybersecurity should no longer be viewed as insurance, but as required costs to deter a larger, much more costly potential situation.
Out of the group that had $500K of fraud or more, nearly a third (34%) of that group (24% of total respondents) fell victim to breaches that resulted in seven-figure losses. Few data breaches (3% of total respondents) occurred at costs of eight figures or more.
Regardless of sector or size, financial institutions must do more to keep their customers’ assets safe from fraud, but without compromising on the customer experience. — Tommy Nicholas, CEO of Alloy
Despite over half of respondents saying they were able to obtain some of the funds back from their breaches, few receive all that was lost. Only 5% of total respondents were able to fully recover from their breaches, with a fifth (20%) of all victims recovering more than three-quarters of all their fraud losses.
The size of an organization was a large determining factor in the amount of loss that was able to be recovered after a breach. According to findings, 74% of enterprise organizations were more likely to recover fraud losses, compared to 64% of mid-market organizations and 55% of growth companies.
A major portion (95%) of respondents told surveyors their organizations could manage their fraud issues in-house. With this, the choice to push for automation was the most common choice (46%) by respondents as a way to implement in-house cybersecurity measures. Things like an absence of individual fraud teams (41%) and an inability to adapt to new types of threats (39%) were also top choices on how organizations can combat fraud first-hand.