KPMG is pleased to present its 2022 outlook on fraud, cyber attacks and compliance concerns across the Americas. Our survey of more than 600 executives across multiple industries confirms anecdotal evidence about the effects of the pandemic on these three interconnected threats: it reveals that fraud, compliance concerns and cyber attacks are common, have increased in severity — and are expected to become more frequent.
Are companies in the Americas managing to fend off this triple threat? This research suggests that many have limited defenses in place, and the shift to hybrid or remote working is making existing controls less effective.
Our survey reveals that fraud, compliance concerns and cyber attacks are common, have increased in severity, and are expected to become more frequent.
The majority of companies across North and Latin America reported that they have suffered losses from fraud, compliance breaches, and/or cyber attacks.
Large companies are more at risk of fraud.
Fraud threats differ between North and Latin America.
The COVID-19 pandemic has made things worse.
Businesses expect fraud, compliance risk and cyber attacks to rise.
Not enough companies are completely on top of fraud controls, compliance and cyber security.
A united defense against a triple threat
The results of the survey indicate that fraud, compliance risks and cyber attacks are widespread, growing dangers for companies across North and Latin America. Increasingly, companies need to mitigate what KPMG calls the 'threat loop', which comprises the triple threat of fraud, compliance risk and a growing array of cyber security threats. Defending against this threat loop requires a collective, interconnected effort. Companies need to look at the impact created by these threats in conjunction, rather than just the risks they pose in isolation.
Companies have urgent priorities
- Fraud: Never discount the possibility of an inside job. A significant 31 percent of respondents say their companies have suffered from fraud perpetrated by an insider in the past year.
- Compliance: Compliance is a reputational issue. More respondents say that reputational considerations cause their leaders to pay attention to compliance than say the same of fines and enforcement.
- Cyber security: Slow and steady will not win the cyber security race. Respondents tell us it takes about a month, on average, for a cyber attack to be fully contained, and most seem satisfied with how well their companies do in this area. This indicates that there is a potentially fatal lack of urgency in how companies are responding to the threat of cyber attacks.
Fraud, non-compliance and cyber breaches are the costly norm
Of the risks that we examined, respondents indicated that their companies are most likely to have experienced cyber attacks.
The percentage of profits large companies are losing due to fraud and non-compliance.
The reality of a triple threat
Covid-19 and the impact on the risk environment
Overall, 86% of respondents say that remote working has negatively affected at least one element of fraud prevention, compliance and cyber security programs at their company.
Half of respondents tell us that working from home has negatively impacted their companies’ ability to respond to fraud.
The shift to remote working has increased our risk of fraud, due to a reduced ability to monitor and control for fraudulent behavior.
Working from home has negatively impacted our ability to respond appropriately to fraud in our business.
The anti-fraud controls we had in place pre-pandemic have not been effectively updated to reflect the new working reality.
Risk levels are rising…
of respondents expect an increase in the risk in at least one of either external or internal fraud in the next year.
project a rise in both.
Worries about growing cyber crime are widespread
say that cyber-security risk will increase in the next 12 months.
Only 7% foresee a decline.
New requirements and tougher enforcement ahead
Is your company prepared for the triple threat?
Fraud, non-compliance and cyber attacks present an expensive threat to companies across the Americas, which has been exacerbated by the pandemic.
Most companies have some defenses in place, but comprehensive excellence is rare.
The majority of companies are set to spend more money in, and increase leadership focus on, these areas.
KPMG recommends that they consider taking the following five steps to mitigate the triple threat.
Top 5 things to consider
Set the right tone from the top
Carry out a risk review
Create a culture of enforcement and accountability
Learn more. Read the Industry Spotlights from the 2022 KPMG Fraud Outlook