What your business needs to know about commercial crime risk and insurance
In an increasingly sophisticated and digitised business environment, more organisations are at risk of suffering losses due to criminal activity. Traditional threats such as robbery and physical theft have been overtaken by white-collar crime events involving internal actors and third parties. In today’s world, the risks stem from employees, cybercrime and social engineering. With these risks becoming increasingly sophisticated, sound risk management practices are essential to achieve an optimised risk transfer solution.
Trends in the business space:
• According to a recent report by the World Bank, the economic impact of crime on South Africa is estimated to be at least 10 percent of GDP every year [1].
• The most recent SAPS crime statistics found that commercial crime increased by 17% in South Africa, across all provinces [2].
Clayton Ellary of risk advisors and insurance brokerage, Aon South Africa, believes that all businesses are at risk, regardless of organisation size, industry sector or risk controls, with significant losses signifying serious repercussions for the business’s bottom line. White-collar crimes commonly experienced by organisations originate from a trio of sources, that include:
1. Employees
Within an organisation, employees often have the ways and means to commit a plethora of crimes if unchecked. These could potentially include stock theft, fraud, identity theft, money laundering, forgery of specified documents, espionage, payroll fraud (ghost employees), receipt of counterfeit money and insider trading, to name a few.
2. Cybercrime
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses and unauthorised fund transfer scams. These malicious acts often open the door for phishing, ransomware attacks and Distributed Denial of Service (DDoS) attacks that could bring a company down to its knees.
3. Social Engineering
As physical and online security measures have strengthened, social engineering crimes have risen sharply and is largely attributed to the level of improvements in firms’ physical and online security. Criminals now focus on the most vulnerable point: employees. By taking advantage of common human behaviours such as the instinct to be helpful and the tendency to rush under pressure, they trick individuals into sidestepping security protocols. Typical strategies involve posing as high-ranking officials to authorise financial transactions or leveraging personal details found on social media to enhance the credibility of their scams.
It is critical for organisations to implement various control measures to combat white-collar crime, whether from an employee, third-party or external perspective. “Investing in analytics and making use of state-of-the-art Artificial Intelligence (AI) and Generative Artificial Intelligence (GenAI) solutions could provide the tools for organisations to stay ahead of the curve,” says Clayton.
Transferring the risk from an insurance perspective also highlights a delicate cross-over between cyber liability coverage and commercial crime insurance. “Cyber liability cover will respond to data and/or connectivity being affected by a cyber breach and the resulting Business Interruption (BI) thereof. It would also respond to third-party liability where data and personal information are compromised. A commercial crime policy, on the other hand, provides cover for first-party financial losses suffered by the organisation itself and is effectively a fidelity guarantee policy. It would respond to theft that is committed using the insured’s IT system or crimes committed by employees against the business and/or third parties,” Clayton explains.
“It is at this junction where it is imperative to speak to an experienced risk advisor and insurance broker who would be able to provide insight and solutions to the complex threat of white-collar crime. Putting comprehensive risk controls in place is a must to act as a stop-guard and to red flag any events, as is the need to regularly audit these controls and their effectiveness. It is imperative for organisations to be proactive in a hardening insurance market, where prevention is more lucrative than the alternative,” Clayton concludes.
[1] https://documents1.worldbank.org/curated/en/099111723083017868/pdf/P180139079ce0406a09305024e058b594e2
.pdf?_gl=1*bsuq06*_gcl_au*MTkxNTk5MzQ5NS4xNzIzNjQzNTE4
[2] https://www.saps.gov.za/services/crimestats.php - Third quarter stats