Companies must revisit cyber threats left unsolved during pandemic

Visibility360, PDF version to share

By The IJ Staff | April 14, 2022, 10:48 a.m.

Photo: Pixabay

A new report from KPMG has found that almost half of North American executives believe that working from home has hurt the effectiveness of their companies’ triple threat defences – fraud prevention measures, compliance risk mitigation and cybersecurity.

Alexander Rau, Partner, Cybersecurity, KPMG in Canada, said the rapid move to remote work forced many companies to quickly put into place new processes and technologies without being able to conduct the proper due diligence.

“With all the challenges of the pandemic, more than two-thirds have not gone back to revisit these, leaving them exposed to on-going risk,” said Rau. “To protect themselves, businesses need to develop an interconnected defence strategy where compliance, fraud and cyber efforts work together to defend against this threat loop."

According to the report, 60 per cent of those questioned said the shift to remote working has increased the risk of fraud occurring within their company due to a reduced ability to monitor and control for fraudulent behavior.

Risk of fraud increases

Some 67 per cent say they experienced external fraud in the last 12 months, with 61 per cent suffering an economic impact (loss of money, loss of customers or physical damage), 41 per cent citing legal or compliance impacts (review or investigation by regulators) and 21 per cent experiencing reputational impact (such as negative coverage in the media).

Respondents cited a rise in the frequency of cyber attacks, including phishing (44 per cent), scamming (33 per cent), malware (22 per cent) and ransomware (20 per cent). Two-thirds of respondents expect fraud (internal or external) to increase in the next year, and even more (77 per cent) expect that cyber risks will grow.

At the same time, respondents said they aren't overly concerned, with 88 per cent somewhat or completely satisfied with how long it takes their company to recognize a cyberattack.

"With the average cost of a cyberattacks going up, identifying and addressing these incidents earlier should be a priority for business leaders," said Rau.