Financial services and professional services are the most vulnerable to information theft, with four out of 10 companies reporting some sort of loss or attack in the past 12 months, the Kroll annual survey of corporate fraud has found.
Technology and media companies were not far behind, with 37 per cent reporting similar problems, according to the survey of 801 global companies commissioned by the corporate risk consultancy.
The report also found that 88 per cent of all companies suffered some sort of loss to fraud. About 83 per cent of companies doing business in the UK reported fraud losses, versus 92 per cent for the Asia-Pacific region and 88 per cent in North America.
Physical theft and management conflicts of interest were the second and third most common types of fraud, but these declined slightly in comparison with the 2009 survey while information and data theft rose 52 per cent.
“Businesses have always tried to leverage technology to improve their businesses, but technology is a double-edged sword. Information systems are complicated and vulnerable to fraudsters,” says Richard Plansky, head of Kroll’s New York office.
Data breaches ranged from the theft of a computer, a DVD or a download on to a USB stick by an employee, to hacking for passwords and account details by criminal gangs.
“It’s often very hard for companies to differentiate from internal theft by an employee versus lost or stolen laptops,” says Jamie Cowper, a data and security expert at Symantec. As a result figures on the extent of crime can be hard to establish. Also, he says, companies – which normally have better IT safeguards than individuals – are often unwilling to release information on how data have gone missing.
Mr Cowper says the key to avoiding security breaches is to identify “what your crown jewels are” – be that a biotech company’s clinical data or a bank’s customer details – and then making sure you have right defences, encryption data and intrusion detection in place.
“You need to figure out where the information is and who you want to have access to it.”
In Europe, authorities have become more alert to data thefts, particularly at banks. This year HSBC had to apologise for the theft of data of 24,000 clients from one of its branches in Switzerland by a former employee.
Security firms say there are signs that hackers who used to target individuals are now focusing attention on corporates, where the potential gains are far greater.
“The bad guys have figured out that rather than getting $500 from 1,000 accounts you can get $500,000 from one corporate account in one go,” says Dave Jevans, chairman of the Anti-Phishing Working Group.
He says data theft can also involve the stealing of intellectual property by external hackers, disgruntled employees looking to make money or governments. The pharmaceuticals, media and manufacturing sectors are often targeted though companies are often reluctant to admit fraud has occurred.
By Brooke Masters and Mary Watkins/FT
Published: October 18 2010 00:02 | Last updated: October 18 2010 00:02
The Kroll survey distinguishes between information and data theft, which was reported by 27.3 per cent of companies, and theft of intellectual property through piracy and counterfeiting, which 10 per cent of companies said they had experienced.