Reinsurance
Explore our offerings

By

In today’s rapidly evolving business landscape, organizations face a variety of threats that can jeopardize their operations, reputation, and financial stability. Crimes targeting businesses have become increasingly sophisticated and prevalent, and more often than not, it’s an inside job.

According to industry statistics, employee theft costs businesses around $50 billion each year, and 57% of fraud is committed by company insiders or a combination of insiders and outsiders.

Employees may commit theft or other crimes for a variety of reasons - financial pressure, perceived opportunity, rationalization of their actions, dissatisfaction with their workplace, peer influence, personal issues like addiction, to name a few. Understanding these motivations can help organizations implement preventive measures, such as fostering a positive work culture and improving oversight, to reduce the likelihood of such behaviors.

Employee theft or dishonesty involves deception for financial or personal gain and is one of the most prevalent corporate crimes. According to the Association of Certified Fraud Examiners’ (ACFE) Occupational Fraud 2024: A report to the Nations, organizations lose 5% of revenue each year to fraud including acts that involve employee theft and dishonesty.


Boosting protective protocols

Businesses can take proactive measures to prevent corporate theft, including implementing robust internal controls and conducting regular audits to detect any irregularities in vendor transactions. Due diligence in selecting and vetting vendors can also help prevent vendor fraud, ensuring that business partners are reputable and trustworthy.

Implementing a clear code of conduct and ethics policy, coupled with regular training on theft awareness, can help employees recognize and report any suspicious activities. Additionally, establishing a confidential reporting system for employees to raise concerns about potential fraud can help uncover fraudulent activities before they escalate. By fostering a culture of integrity and transparency, businesses can deter and prevent various forms of corporate fraud.


The many faces of fraud

Asset misappropriation such as embezzlement involve an employee stealing or misusing the employing organization’s resources. This is by far the most common category of fraud, occurring in 89% of the fraud cases, according to the ACFE.

Fraud and embezzlement are both forms of financial crime, but they have distinct definitions and characteristics. Fraud is a broad term that refers to any deceptive act or practice intended to secure an unfair or unlawful gain. Fraud can take many forms, including false representation, misrepresentation of facts, or deceitful conduct. It can occur in various contexts, such as financial fraud, insurance fraud, or securities fraud. The key element of fraud is the intention to deceive another party for personal gain.

Embezzlement, on the other hand, is a specific type of fraud that involves the misappropriation or theft of funds or property and occurs when an employee or official takes money or assets for their own use, while having legal access to those resources. Examples include skimming profits before they are recorded, using company funds for personal expenses or misappropriating inventory or resources.

Given the diversity of employee fraud, it’s important for businesses to understand the scope of their commercial crime insurance coverage and how it would address instances of theft and embezzlement as well as other fraud scenarios.


Upending embezzlement opportunities

The key aspect of embezzlement is the breach of trust and the unauthorized use of funds that one is responsible for managing. Businesses can take several steps to prevent embezzlement and other forms of theft:

  • Implementing strong internal controls and regular audits can help uncover any irregularities in financial records.
  • Segregating duties, so that no single individual has control over an entire financial transaction, can also reduce the risk of embezzlement.
  • Conducting thorough background checks on employees before hiring them can help identify any previous instances of dishonesty or financial misconduct.

Businesses should foster a culture of transparency and ethical behavior, where employees feel comfortable reporting any suspicions of wrongdoing. Providing regular training on ethical conduct and the consequences of embezzlement can also act as a deterrent. Finally, having a clear and robust disciplinary policy in place can help deter potential embezzlers and demonstrate the seriousness with which the company takes financial misconduct.

Social engineering is a type of crime where perpetrators manipulate employees into divulging confidential information, often through psychological tactics, often to steal money or other assets.

The hottest crime scheme - Social Engineering

Several high-profile incidents have brought social engineering to the forefront of public consciousness. Social engineering is a type of crime where perpetrators manipulate employees into divulging confidential information, often through psychological tactics, often to steal money or other assets. While such schemes are not necessarily perpetrated by employees, employees are targeted to gain access to business’ assets.

One form of social engineering, phishing attacks—where attackers impersonate legitimate entities to trick individuals into providing sensitive information—have become increasingly sophisticated. Over 80% of all business organizations have reported phishing attempts that target employees (Splunk). An estimated 3.4 billion spam phishing emails sent every day. The message typically includes a link to a fraudulent website designed to capture login credentials or personal information that, in some cases, could potentially give access to finances or other assets.

It’s important to note that crime policies cover the loss of money or other insured assets, not intangible assets like data.

Other common tactics include:

  • Tailgating: Also known as "piggybacking," this tactic occurs when an unauthorized person gains physical access to a restricted area by following an authorized individual. For example, they might ask someone to hold the door open for them.
  • Vishing (Voice Phishing): This tactic uses phone calls instead of emails. The attacker may impersonate a legitimate entity, such as a bank or government agency, to extract sensitive information over the phone.
  • Impersonation: Attackers may directly impersonate someone the victim knows, such as a colleague or vendor, either in person, via phone, or through email, to gain trust and access sensitive information. Attackers are leveraging AI to produce highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. (Read more in our article – Deepfakes: an emerging cyber threat that combines AI, realism and social engineering.)

To stave off such attacks, organizations must invest in employee training and awareness programs to recognize and respond to social engineering attempts. Implementing strong security protocols and verification processes can also play a big role in preventing.


Recovery and resilience

No one likes to be duped. For businesses, the loss of trust—whether among employees, customers, or partners—can be significant. Businesses may worry about their reputation and how the incident will affect relationships with clients and stakeholders. Additionally, there may be a sense of vulnerability, prompting concerns about security measures and the potential for future incidents.

There is also the financial loss. To recover lost assets, organizations look to commercial crime insurance. A commercial crime insurance policy for businesses typically covers losses resulting from various types of criminal activities. It serves as a crucial safety net that supports a company's stability and continuity. Businesses should work closely with their insurance provider to understand the specifics of their crime insurance policy and ensure they have adequate coverage tailored to their needs.

Corporate crimes not only harm businesses but can also erode trust in the corporate sector as a whole. By understanding these common crimes and implementing preventive measures, businesses can protect themselves, maintain their integrity, and ensure compliance with legal standards.

By fostering a culture of transparency, accountability, and cybersecurity awareness, companies can minimize risks and focus on sustainable growth.

To contact the author of this story, please complete the below form

First Name is required
Last Name is required
Country is required
Invalid email Email is required
 
Invalid Captcha
Subscribe
Subscribe to Fast Fast Forward

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. AXA XL Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.