As fraudsters use AI and social engineering to exploit vulnerabilities, the need to buttress defences mounts
TORONTO, March 7, 2024 /CNW/ - The rising popularity and frequency of AI-generated deepfake scams is keeping Canadian business leaders up at night, with new KPMG in Canada research showing that nearly all organizations that have been defrauded are concerned it could further increase the risk of fraud.
In a survey of 300 Canadian organizations victimized by fraud, leaders said they are very concerned (95 per cent) that the threat of deepfakes has increased the risk of fraud at their companies, with 91 per cent worried that generative AI will give criminals more opportunities to launch corporate misinformation and disinformation campaigns using deepfakes.
Nearly one third (31 per cent) of organizations that have experienced external fraud have been the target of misinformation or disinformation campaigns (where outsiders spread false or misleading information on social media).
"Because fraud is rarely reported to the police, we wanted to speak to business owners and C-suite leaders across Canada to get a deeper understanding of how the evolving fraud landscape of new technology, a shifting economy, geopolitical tensions and remote work was giving perpetrators the opportunity, motivation and rationalization to commit fraud," says Enzo Carlucci, National Forensic Leader at KPMG in Canada.
"Respondents overwhelmingly told us the fraud landscape is becoming more complex, with 95 per cent saying generative AI and social engineering scams make it easier for fraudsters to deceive, manipulate, misrepresent and conceal their crime. As fraudsters are becoming increasingly sophisticated in their attack methods, it's more and more challenging to deter criminals," he says." Organizations need to find new ways to strengthen their anti-fraud programs and stay one step ahead of scammers, or else they could be facing increased financial, legal, regulatory and reputational risks," Mr. Carlucci adds.
- 95 per cent of the 300 Canadian companies currently experiencing fraud or that have experienced fraud agree the rising popularity of generative AI and deepfakes has increased the risk of fraud occurring within their business
- 91 per cent are concerned that generative AI will give criminals more opportunities to launch corporate misinformation/disinformation campaigns using deepfakes
- 84 per cent worry that current economic conditions could potentially drive their employees or their customers to commit fraud out of desperation
- 87 per cent say the shift to remote work increased the risk of fraud occurring within their company, due to a reduced ability to monitor and control for fraudulent behaviour
- 89 per cent admit they had to "scramble or react quickly" to implement a robust fraud detection and prevention program due to a fraud incident
- 43 per cent victimized by fraud disclosed that they are currently experiencing a form of internal fraud, such as embezzlement, data or personally identifiable information (PII) theft, environmental, social and governance (ESG) fraud, or procurement fraud
- 33 per cent victimized by fraud say they are currently dealing with an external fraud, such as payment fraud, synthetic identity (ID) fraud, a cyberattack, or social engineering campaigns (from intentional online deception to manipulating visual media and fabricating content or deepfakes)
- 53 per cent say their company lost between 1-to-5 per cent of their profits to fraud in the past 12 months, 35 per cent lost up to 1 per cent, and 7 per cent suffered losses over 5 per cent. Only 4 per cent that were impacted by fraud didn't suffer any loss.
Just over four in 10 companies victimized by fraud are currently experiencing internal fraud, while one third are currently experiencing external fraud, the survey data shows.
"It's not unusual for fraud to increase during a recession or times of economic uncertainty when people face financial difficulties, so the current environment could be driving some individuals to resort to committing fraud at work as an act of desperation," Mr. Carlucci says. "It's possible some individuals might also find it easier to commit fraud when they are working remotely and not being monitored closely."
Survey data shows fraud and crime-related events cost nearly nine in 10 Canadian companies up to 5 per cent of their profits in the last 12 months – something Mr. Carlucci says companies can't afford right now.
"In the current economic environment, many companies are struggling to stay profitable, so any profits that are lost to fraud is too much," he notes.
The most common types of external fraud schemes involve the use of manufactured or falsified information, often created or aided using technology. The top three scams reported by respondents include: payment fraud, where criminals use false or stolen payment information to make a purchase; misinformation or disinformation campaigns, such as malvertising or malicious advertising and deceptive editing (deepfakes) or missing content; and account takeover or synthetic identity (ID) fraud, where fraudsters use fake personas to gain access to accounts.
The most common types of internal fraud that respondents reported were: embezzlement; exaggerating, distorting, or embellishing environmental, social and governance (ESG) data; and theft of personally identifiable information (PII) or using PII to commit fraud.
The respondents said their company learned of the fraud primarily through internal audits, management reviews, whistleblowers and proactive monitoring.
The research finds that 77 per cent of companies have a fraud detection program. However, only about four in 10 (39 per cent) call it "extremely effective". When it comes to prevention, just over half (54 per cent) say they have a fraud prevention program in place. Yet only 37 per cent describe their anti-fraud policies and 38 per cent describe their financial controls as "extremely effective". Further, only 42 per cent call their fraud risk assessment programs "extremely effective".
Almost half (47 per cent) say that they are actively using emerging technologies, such as AI, advanced data analytics, generative AI, automation and biometric verification to mitigate the risk of fraud.
"It's encouraging to see organizations starting to use technology to deter fraud, but not enough of them are," says Marilyn Abate, a partner in KPMG's Forensic and Financial Crimes practice. "Companies need to use AI to fight AI. These tools are fast-becoming essentials in the fraud toolkit to prevent fraudsters from gaining the upper hand. But if you don't perform regular fraud risk assessments to identify external and internal risks and vulnerabilities, you will always be at a disadvantage."
KPMG in Canada surveyed business owners or executive level C-suite decision makers at 300 small-and-medium-sized Canadian companies that were victimized by fraud. The survey took place between February 13-21, 2024 using Sago's premier business research panel. Seventy per cent of the companies surveyed have annual gross revenue between $50 million to $299.9 million; 20 per cent have between $300 million to $1 billion; and 9 per cent have over $1 billion. No respondents under $50 million in annual revenue were included in the survey. Over half (51 per cent) are privately held and 49 per cent are publicly traded. Thirty-seven per cent are based in Ontario, 34 per cent in Quebec, 12 per cent in Alberta, and 7 per cent in B.C. The remaining respondents are from other regions across Canada.
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs more than 10,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see kpmg.com/ca
For media inquiries:
Roula Meditskos
National Communications and Media Relations
KPMG in Canada
(416) 549-7982
[email protected]
SOURCE KPMG LLP
Share this article