Identity theft at the top of cyber fraud

Two in three companies have been victims of a cyber fraud attempt in the past twelve months, one in five at least five attempts and one in seven at least fifteen. A fraud attempt is generally successful one in four times and 28% of the companies surveyed state that they have suffered at least one proven fraud. These are the main findings of the seventh edition of the Fraud and Cybercrime Barometer carried out by the insurer Euler Hermes and the DFCG association (Financial Directors and Management Controllers). 84% claim to have informed their partners after having suffered an attack and 57% to have been informed by a partner that he himself has been the victim of a fraud.

A third of the victim companies declared damage greater than ten thousand euros and 14% more than one hundred thousand euros, proportions increasing by, respectively, 3 and 4%. 64% of companies say they have noticed an increase in the phenomenon in 2020 and 87% anticipate an increase in the coming months. The generalization of teleworking seems to be linked to this upsurge according to half of the respondents. But, however, 91% of companies have provided their employees with adequate professional IT equipment to work remotely. 66% of the companies questioned have adapted their internal procedures so that they correspond better to the framework of the generalization of teleworking. Finally, 67% of respondents have strengthened their security procedures in order to protect themselves from possible new vulnerabilities.

The most cited fraud against the false president

Identity theft is by far the most common type of fraud: false president fraud (47% of respondents, +9 points compared to the previous Barometer), false supplier fraud (46%, -2 points), other identity theft (banks, lawyers, auditors, etc. 38%, +7 points) and false client fraud (25%, +1 point). Ransomware / cyber extortion (21%, +6 points) and data theft or destruction (8%, +2 points) are far behind. If the risk mapping includes, most often, cybersecurity (80% of cases) and the risk of fraud (90%), this mapping only exists in 44% of cases (falling: 60% during the barometer previous).

Worse: six out of ten companies say they have not allocated a specific budget to fight fraud and cyber threats. However, 55% of the companies surveyed plan to allocate or increase their anti-fraud budget next year. Among the main measures that will be the subject of an investment: internal awareness (73%), information system security audits (69%), audits to strengthen internal control procedures (47%), business recovery plans (44%) and insurance solutions (32%).