Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

The race to mitigate fraud’s triple threat

The KPMG Fraud Outlook: Companies assess progress amid persistent rise in fraud, cyber, and compliance challenges.

First, the bad news: Cyberattacks, fraud, and compliance concerns are now everyday corporate threats, they’re costing companies more, and they’re steadily increasing in frequency.

The good news? Well, 17 percent of the companies in our recent fraud survey said they had not suffered a cyberattack within the last year.

OK, so maybe that’s not exactly “good news.” But when it comes to the latest macro view of fraud and cybersecurity, it’s about as “good” as it gets, as we detail in our broad new report, “A triple threat across the Americas: 2022 KPMG Fraud Outlook.”

For the report, we surveyed more than 640 executives from a cross-section of major industries, including manufacturing, retail and consumer products, financial and insurance services, telecommunications and entertainment, and more.

In truth, the overall sentiment was not so much doom-and-gloom, but rather a realistic acknowledgment that the risk of fraud is here to stay, it’s getting more complex by the day, and most companies realize they still need to do much more to combat it.

It is now a case of when a cyber attack will happen, not if.

Larissa Galimberti

Partner at Brazilian law firm Pinheiro Neto Advogados, as part of KPMG's 2022 Fraud Outlook.

The triple threat

To understand the complexity of fraud and the related risks today, it’s important to understand the three primary threats—cyberattacks, corporate fraud, and compliance issues—and how they are increasingly connected.

Breaking down fraud’s triple threat:


Cyber security

Cyberattacks continue to rise and take, on average, about a month to fully contain.



Among respondents, 31% have suffered from insider fraud in the last year.



Reputational risk is as important to leaders as fines and regulatory enforcement.

In each of the three areas, the topline numbers are stark:


Percent of survey respondents who said their companies had suffered at least one cyberattack over the past 12 months.


Companies that experienced some form of internal or external fraud.


Companies that reported losses due to regulatory fines or compliance breaches.

The bottom-line impact is significant, with the executives we surveyed reporting an overall average profit loss of 1 percent between fraud and compliance-related fines in the last year. Not surprisingly, the bigger the company, the bigger the target: 85 percent of companies of $10 billion revenue or more reported losses from fraud in the last year, compared to 71 percent for smaller companies. And, clearly, neither of those stats is very heartening.

But this fraud triple threat also has repercussions well beyond the dollars involved. Of the companies we spoke with for our survey, for example, 20 percent cited a significant level of reputational damage in the last 12 months, and 1 in 3 was subject to a compliance investigation.

Cause and defects

Try this scenario on for size: You’re a large public company that rapidly moved much of its staff to remote work amid the pandemic. An employee then decided to use your software to steal client data and commit fraud. It’s the triple threat in one single stroke—fraud, cyber, and compliance breaches.

And, unfortunately, it’s not an exotic scenario, especially at a time when companies are desperately trying to play catch-up with postpandemic cybersecurity requirements and infrastructure. In fact, 86 percent in our survey said remote work had negatively affected at least one of the three fraud areas, and 7 in 10 cited remote work as a major cyber risk for their business.

Given the triple threats’ increasing variety and speed of development—and especially since the pandemic—it’s perhaps not surprising that the survey, broadly, found mitigation efforts still lagging well behind. Two insights of particular note:


Leading practices: 

A relatively small number of the companies in the survey said they are meeting established standards for each of five different compliance/control measures. Data privacy at just 27 percent confidence ranked the best of the bunch, for example, while anticorruption (18 percent) was the most problematic.


Half measures: 

When we looked at controls specific to each of the triple threat areas, 9 in 10 of respondents rated their company as “excellent” in at least one area. But the broader view of all three combined, based on a “half-or-more” measurement, demonstrated that there is still significant work to be done at most companies, with less than one-quarter of our survey respondents saying their company was meeting the halfway mark.

The road(s) ahead

Fraud didn’t start with pandemic, of course. As our discussions with more than 640 executives for this report reinforced, fraud—in all of its increasingly complex forms—has been on the rise for years. Yes, the pandemic supplied some very favorable tailwinds. But most companies had already been losing ground on what increasingly felt like whack-a-mole efforts to battle the triple threats.

The choice for most companies today is one of resolve versus resignation: aggressively expand defense measures or simply accept fraud as an inevitable loss-leader for the business.

Our own KPMG security specialists fall squarely on option #1. We believe companies can make a significant impact on the triple threats with a five-step approach:

  1. Set the right tone from the top
  2. Carry out a risk review
  3. Communicate effectively
  4. Strengthen detection
  5. Create a culture of enforcement and accountability

A triple threat across the Americas: KPMG 2022 Fraud Outlook

A review of the fraud, compliance and cyber security risks facing the Americas

Read more

Meet our team

Image of Marc Miller
Marc Miller
Partner, Forensic Network Leader, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.