The Fraud Examiner
Leaving the Door Open: When Fraud Happens From the Inside
Misty Carter, CFE, CIA, CISA
Research Specialist, Association of Certified Fraud Examiners
the Ponemon Institute conducted a study to examine the financial impact insider threats pose to an organization. Based on results of the study, the total average cost of insider incidents was approximately $4.3 million annually — with the largest
cost resulting from contractor and employee negligence (68%) and malicious insiders (22%). Breaches due to employee and contractor carelessness cost organizations $2.2 million annually, while those related to malicious insiders cost organizations $1.23 million per year. In addition, incidents by malicious
insiders cost an average of $347,000 to resolve, while incidents due to employee carelessness cost organizations an average of $206,000. The findings of this study emphasize the need for organizations to be alert to insider threats by malicious insiders and internal weaknesses that contribute to
Insiders do not always act alone and they may not even realize they are being used as part of a fraudulent scheme to obtain data. For example, an employee might unknowingly click on a link in an email from an unknown source that automatically installs malware on their computer. Once compromised,
the perpetrator can use the employee’s computer to exploit the organization’s networks and data systems, thus causing an external data breach due to internal negligence. Some examples are:
- In August 2016,
Whitehead Nursing Home was fined £15,000 when an employee took home an unencrypted laptop that was later stolen. The laptop contained medical information for 29 of Whitehead’s residents, including mental, physical and do-not-resuscitate records. The computer also contained data on 46 Whitehead staff members, such
as disciplinary actions taken against employees and reasons for absences or sick leave. The data breach occurred because Whitehead had inadequate processes for data security and lacked adequate data protection training for their staff.
Not a member? Click here to Join Now and access the full page.