KPMG Study: U.S. companies are facing increasing losses from fraud, compliance breaches and cyber attacks

NEW YORK, January 18 – U.S. companies are experiencing increasing losses from fraud, compliance breaches and cyber attacks, with the situation expected to worsen in the next 12 months, according to a KPMG survey of senior risk executives, “A Triple Threat Across the Americas, 2022 KPMG Fraud Outlook.”

In fact, two thirds of U.S. survey participants expect external fraud to increase in the next year, with 84 percent saying that cyber risk will grow, and 73 percent expecting compliance risk to rise. However, only 35 percent say their companies have programs in place to cover prevention, detection and response to fraud.

“Fraud, compliance risk and cyber attacks are increasing at an alarming rate, eating away profits across the U.S.,” said Amanda Rigby, U.S. Forensic Service Network Leader, KPMG LLP. “Collectively, these issues create a ‘threat loop’ which can quickly overwhelm companies with economic loss, regulatory loss and reputation loss. Despite the potential for calamity, the majority of U.S. companies are not ready to fight the threat loop.”

The KPMG survey provides insights from 642 senior executives in the Americas, with 34 percent of respondents being from the United States.

Fraud Prevention is an Urgent Priority

• 67 percent of U.S. respondents say their companies have experienced external fraud in the last 12 months.
• Almost half of U.S. respondents say their companies (42 percent) have experienced 0.5 to 1 percent of loss as a result of fraud and crime.
• The majority of U.S. respondents say their companies (62 percent) expect a loss as a result of regulatory fines and/or compliance breaches that ranges from 0.1 to 2.5 percent.
• 38 percent of U.S. respondents say their companies expect the risk of fraud committed by external perpetrators to somewhat increase in the next 12 months.
• 43 percent of U.S. respondents say their companies indicated that the shift to remote working has increased the risk of fraud.
• The majority (52 percent) of U.S. respondents said that there will be no change in their companies’ budgets for anti-fraud measures.
• Only 35 percent of U.S. respondents say their companies have a program in place to prevent, detect, and respond to fraud.

Cyber incidents and breaches continue to be a growing problem for organizations

• Most US respondents (62 percent) say their company experienced a data breach or cyber incident in 2021, and that same number say they experienced an economic loss as a result of cyber-crime in the past year.
• The number and type of threats are growing, according to U.S. survey respondents. Over the last year, respondents’ companies experienced an increase in phishing (59 percent), scamming (43 percent), and spyware/malware (26 percent). And while 25 percent of respondents say their company experienced an increase in ransomware attacks over the last year, more than 70 percent say they would not pay a ransom if they were hit with an attack.
• Risk executives are taking note of the significant impact a cyber incident or breach can have on their business; in fact, almost 70 percent of U.S. respondents expect to increase cyber budgets in 2022.

“There is no question that cyber criminals have been emboldened from recent successful attacks, especially ransomware which has monetized their illegal activity,” said David Nides, Principal, Cyber Response Services, KPMG LLP. “Firms must be ready to act quickly, comprehensively and work collectively with other firms and government entities to help prevent and mitigate these attacks.”

Compliance is Now a Reputational Issue

• Over 80 percent of U.S. respondents report that rigorous enforcement, increasing regulatory burdens and potential penalties increase the time and attention that their corporate leaders pay to compliance issues.
• 60 percent of U.S. respondents report that suppliers and customers are increasingly demanding proof of compliance with data-privacy regulations, and 48 percent say the same about corruption and money-laundering legislation.

Fraud Threats Differ Sharply Across the Americas

• External fraud (e.g. credit card fraud, identity theft, etc. perpetrated by individuals outside the company) was the biggest issue across the Americas according to respondents, but there was a significantly higher incident rate in North America (67 percent) as compared to South America (40 percent).
• Cyber security was the preferred mode for attacks in North America according to respondents, with a 46 percent incident rate versus 17 percent incident rate for South America.

“Given the incident rates, it’s understandable for U.S. companies to prioritize external threats, but they cannot neglect the threat loop, because fraud incidents and non-compliance are also increasing,” added Rigby. 

About KPMG LLP

KPMG LLP is the U.S. firm of the KPMG global organization of independent professional services firms providing audit, tax and advisory services. The KPMG global organization operates in 146 countries and territories and has close to 227,000 people working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients.

KPMG is widely recognized for being a great place to work and build a career. Our people share a sense of purpose in the work we do, and a strong commitment to community service, inclusion and diversity, and eradicating childhood illiteracy. Learn more at www.kpmg.com/us.