Canadian organizations are faced with mitigating a ‘threat loop’ comprised of fraud, compliance risk and a growing array of cybersecurity threats. But defending against this threat loop will require a collective, interconnected effort, rather than dealing with the risks they pose in isolation.
A KPMG¹ survey of more than 600 North and South American executives across multiple industries confirms anecdotal evidence about the effects of the pandemic on these three interconnected threats. Based on the results of this survey, we’re sharing our perspective on what these findings mean for Canada.
Are Canadian companies managing to fend off this triple threat? Our view of the landscape suggests that many have limited defences in place, and the shift to remote or hybrid work is making existing controls less effective — requiring a new approach to close this threat loop.
Fraud, non-compliance and cyber breaches are the costly norm
The majority of companies across North America reported that they’ve suffered losses from fraud, compliance breaches and/or cyberattacks. Larger companies are more likely to experience losses from either internal fraud (which originates with an employee, manager, officer or owner) or external fraud (which originates with a third party, such as a customer or vendor).
Businesses expect fraud, compliance risk and cyberattacks to intensify in the year ahead
Two-thirds of respondents expect either external or internal fraud to increase in the next year, and even more (77%) expect that cyber risks will grow. Nearly every respondent expects to see more regulatory or compliance requirements related to data privacy, labour relations and the environment in the next five years.
Not enough companies are completely on top of fraud controls, compliance and cybersecurity
Looking specifically at how respondents say their companies perform across a series of measures relating to cybersecurity, fraud control and compliance, KPMG found that only a small proportion report strong controls across at least half of the relevant measures.
Our findings show that many larger Canadian organizations have an intent to improve cyber resilience, fraud detection and compliance—but not the urgency to do so. Unfortunately, awareness of the threat loop frequently comes after they experience a cyberattack, fraud incident or regulatory breach. Being proactive, however, can help to mitigate risk and lessen the impact when an incident occurs—because it’s a matter of when, not if.
Read our report below to learn more.
¹In this instance KPMG refers to a collaboration among the KPMG Member firms across Latin America, Canada and the USA.