Fraud (credit card, identity and cyber-fraud) is now the crime that British citizens are most likely to become a victim of. In England, the number of reported fraud crimes against the person were 3.7m, outstripping theft against the person at 3.4m (Office of National Statistics, year ending March 2020).

Not only is this alarming, but financially huge. When you add in fraud committed against business and fraud against government departments (benefit, tax credit and student loan fraud), the magnitude is around 10% of UK GDP.  The negative impact on public confidence in law and order, and on investors’ confidence in post-Brexit Britain as a place to do business, is hard to calculate. But it is real.

In a recent paper (The Impact of Fraud on National Security), the Royal United Services Institute (RUSI) argue that a new approach is needed to tackle this crisis, and calls for fraud to be recognised as a threat to UK National Security that needs a unified and well-resourced response to tackle it.

The report states that “The UK has become a target destination for global fraudsters," But the extent to which international criminals focus on the UK is hard to gauge, because intelligence agencies have not traditionally focused on the issue. There is no national strategy for tackling fraud, while the police response is underfunded and lacking focus. This makes fraud "everyone's problem but no-one's priority". In short, the causes are hard to quantify but they are many and varied.  

One feature of criminal fraud, is that much of it is a of high volume/low value nature.  With a high proportion of it cyber or digitally-enabled. In turn, the individual low value element of much of these crimes prevents them getting enough points to be noticed on police action plans. In other words, our digital world with its cheap applications and equipment, is enabling determined crime gangs to commit high volumes of low value crimes, which individually are often not worth investigating. The whole of the problem is now much greater than the sum of the parts.

To remedy this, the RUSI report recommends thirteen specific actions for the UK Government and its agencies.  The unified theme is clearly set out in the first recommendation; “The National Security Council (NSC) should commission a new ‘whole of system’, public–private strategy for tackling fraud. This should include: a new national to local networked criminal justice response; pathways for cross-government collaboration; and a clearer role for the private sector – including the financial, e-commerce and telecommunications sectors – in tackling fraud”.

Reading this report made me think about the parallels in everyday business life that we in the security industry, deal with every day. Its an ongoing battle to keep our information from getting out and unauthorised people and malware from getting in. Criminals spend their time looking for weaknesses and cracks in our defences, and they are there to be found; often between the silos of Physical, Information and IT security. My view has always been what RUSI is now recommending to tackle UK fraud. A unified response, a one-security team approach that is funded appropriately. The question is why is a one-team or holistic approach to security, so rare? The answer is in two parts, priorities and people.

First, priorities. According to McKinsey’s report on Unlocking Business Acceleration (Aug 2019) nearly 60% of CIO’s indicated that their CEO depends on them to achieve the organization’s top three business priorities. The trade-offs CIO’s claim to make in order to achieve more agility, can include a reduction of good process, including security and data governance. This means that business priorities dictate that data security is lower down the organisation agenda, and the acceptance of higher security risk is a trade-off for agility, and speed to market.  This can create a tacit internal view that security is an obstacle to progress, which is then treated as an afterthought within the organisation’s culture. Therefore, the security silos that exist, remain isolated and unconnected. This is one of the main reasons we continue to see organisations apologising in the media every week for the latest data leak, breach or oversight. Unless real change happens, this will continue.

As for people; a Ponemon study (Feb 2019) said the number one issue preventing a unified security approach in organisations was internal turf wars, and people protecting their ‘territory’. To put it in a more positive way, good security-minded individuals are by nature reticent to share.  This is a human nature issue, and up to leadership to resolve.

It will be interesting to see if the RUSI’s plea for UK authorities to tackle fraud, using a unified and appropriately funded approach comes about. It will also have to pass the twin obstacles of priorities and people that we see everyday in our world of security. It is possible to do. It requires thought and commitment, and can save money if done well. The ‘do nothing’ option is too dangerous to consider. Crime has shifted from the streets to cyberspace and our focus and resources now have to at least mirror this new crime landscape. If not, it will only get worse. To cover the financial losses, costs go up and taxes increase for everyone. As time goes on it makes everything unsustainable.

Great security does not mean expensive security. Finance does not need to be a third obstacle to the unified (or holistic) security evolution. For the sake of our country and businesses, our personal data, reputations and our wealth, a unified approach to physical, information and IT security is the future for all organisations, and it should be happening now. We don’t need to wait for government to create its unified solutions, lets do what we can do here and now.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Votes: 0
Email me when people reply –

Introducing the Global Risk Series - Book 1 Risk Management How Tos

Dear GlobalRisk Community member, Our community’s mission is to foster business, networking and educational explorations among members. Learn from some of the top experts in the industry as they clearly explain how to approach the most important Risk management concepts. Check out their expert tips and use the link at the end of each article to navigate back to the website to leave your comment or ask a question.   Some of the topics include: How do you Explain Risk Appetite?  How to Prepare a…

Read more…
16 Replies · Reply by GlobalRiskCommunity Mar 21
Views: 1126

[Free COVID-19 Framework] What's the path to recovery look like?

We created a free presentation (attached), which discusses both global and organizational impacts of the COVID-19 pandemic, along with critical actions organizations should take immediately. This presentation introduces a framework that helps regions and organizations navigate a path to recovery via 9 potential scenarios. These scenarios capture outcomes related to GDP impact, public health response, and economic policies. The presentation also breaks down 6 immediate and critical actions…

Read more…
4 Replies · Reply by Steve Diaz Jul 8, 2023
Views: 243

If risk management is about decision making, are current risk management solutions irrelevant?

Now that the updated COSO and ISO risk management standards emphasize a connection to enterprise objectives and decision making, does this mean ERM and GRC solutions focused on risk registers and regulatory compliance are missing the true value of risk management?Will current risk management solutions evolve to integrate more decision support functionality or will standalone prescriptive analytics and other technology solutions take a more prominent role in enabling risk-informed…

Read more…
3 Replies
Views: 172

A question related to classification of instruments between trading and banking book.

We have an interesting question from one of our members.       "We usually perform OTC FX transactions with clients backed-to-back on the market (with Banks). Now we are going to perform a FX swap (i.e. Spot + forward) JPY/EUR for the Bank account for 1 week at the longest. The purpose is to get EUR place @ CB for LCR compliance purpose (no trading purposes). Bank's Management think that this should be considered as a trading position and therefore be classified within the Bank's trading book.…

Read more…
5 Replies · Reply by Prisha Singh Dec 26, 2023
Views: 380

Plunging oil prices: curse or blessing in disguise?

The recent sudden crash of oil prices has had a major impact on the world economy, leading to many troubled faces in the international arena. The Russians fear the effects of yet another powerful hit on their economy, Venezuela seems to be considering default and the Americans are weary of the consequences for its young and emerging shale oil industry. And then you have the Middle East, where the smallest match is enough to ignite the largest fire. But are these worries really justified or…

Read more…
1 Reply
Views: 112

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead