The current figure of 64% is significantly above the last time the survey was conducted in 2020, when it stood at 56%. Of the types of fraud reported, cyber crime was the most frequently observed, with almost one-third – 32% – falling victim to a breach, although this was down from the 42% observed in 2020, probably a result of more publicity around issues such as ransomware.
Its high incidence also tended to reflect the fact that 22% of respondents to the initial survey said it was the most serious fraud risk they faced.
PwC also highlighted that cyber crime is often a precursor to other types of fraud or economic crime – citing the trend towards double extortion ransomware as an example.
“With increased levels of disruption being experienced, and the fact that more UK organisations have experienced fraud than in our last survey, it is surprising to see a decline in some types of fraud and economic crime, such as cyber crime, bribery and financial statement fraud,” said Fran Marwood, PwC partner and head of digital and forensic investigations.
“From what we are seeing in the market, I believe some of the trends are temporary, with, for example, instances of fraud and misconduct potentially remaining undiscovered as traditional controls and corporate culture evolve to keep pace with remote working.
“Encouragingly, in some cases, incidences of economic crime have reduced due to the investment organisations have made in effective compliance programmes, cyber defences and fraud prevention controls.”
Just over half of UK respondents said fraud was committed chiefly by external actors – compared with 43% globally – mostly by customers, hackers, and vendors or suppliers.
In terms of detecting incidents, PwC found the most serious fraud cases were detected in the first instance by forensic technologies or internal auditors, followed by corporate security, and whistleblowing or tip-offs.
“The message to organisations is clear,” said Marwood. “With fraud now a greater and more costly threat than we’ve seen before, and the risk landscape continuing to undergo rapid change, it is important that organisations invest in prevention, and take the time to make sure their defences are match-fit for any attacks. Organisations also need measures in place so they can act at pace when fraud happens to them. Failing to do so can end up with them suffering the penalty.”