Almost three quarters of security managers at financial institutions have experienced an insider data theft in the last 12 months.
According to research by Actimize, 72 per cent of security managers at financial institutions had experienced a case of data theft by an employee in the last 12 months, despite an average of 27 people working on the effort to detect and investigate employee fraud.
The report ‘measuring the impact of employee fraud within financial services' found that employee financial distress (71 per cent) was the top contributor to employee fraud, followed by greed (58 per cent) and job dissatisfaction (48 per cent).
Respondents also claimed that the nature of employee fraud is becoming more sophisticated (68 per cent), yet 49 per cent claimed to be moderately concerned about employee sabotage in comparison to four per cent who said they were extremely concerned.
Fraud is also anticipated to increase, according to 70 per cent, while the slowing economy is causing an increase according to 64 per cent.
Bruno Piers de Raveschoot, vice president and head of Actimize Europe, claimed that the numbers were quite interesting as banks are realising the threat of fraud.
De Raveschoot, said: “One number that was quite interesting was on the chance of another large (over $100 million USD) rogue trading fraud loss being uncovered at another large financial institution in the next 12 months. If you put likely and very likely together then 85 per cent of banks believe that there will be rogue trading in the next 12 months, it seems that the case is the challenge to do anything at all.
“There is a huge understanding of banks that there will be employee fraud in large retail banking. I don't really know why, but my gut feeling is that it is down to several reasons – financial pressure, the dangerous situation around the economic climate and that people are under stress and pressure and may move into criminal activity.”
In terms of prevention, 86 per cent of respondents are replying on basic physical security, and 65 per cent use first generation security, including running IT managed queries against databases and manually looking over results for suspicious behaviour.
Second generation, including putting tools in place to automate queries and deliver reports is used by 55 per cent. Third generation security, including single platform and workflow tools that automatically execute analytics and data mining to detect defined and unknown patterns across many databases and applications, is used by 29 per cent.
“Third generation is so low as the technology is still very new and banks have not equipped themselves. Also because the budget has been cut significantly there are delays in the project for everyone and also because it is a big project and a big decision for the bank,” said De Raveschoot.
“Management are aware of this but another element is that when banks are merging there are gaps so it looks easier for fraud as the providers are not reinforced. No one prepared to tackle fraud? The problem is that banks need more and more control and processes in place, and more understanding of fraud per year, and this is not possible anymore.”