Almost half of Ukrainian companies were victims of fraud in last two years

03 July 2018 7 min. read

Almost half of all companies in Ukraine were hit by economic crime in the last two years, according to a new study. Bribery and corruption was the most reported type of economic crime – identified by a staggering 73% of Ukrainian respondents, while interestingly, 56% of frauds were perpetrated by internal actors.

Conducted biennially in Ukraine since 2009 as part of PwC’s Global Economic Crime Survey, the 2018 survey results reveal that 48% of Ukrainian organisations were victims of economic crime and fraud in the past twenty four months. The figure matches closely to global results, which stood one point higher at 49%. The Ukrainian results are an increase of 5% from the 2016 edition of the report, when 43% said their organisations experienced economic crime.

Bribery and corruption is the most endemic fraud experienced in Ukraine (73%), outstripping the global average by almost 50%. The economic problem of corruption and bribery is more intense in Eastern Europe, the legacy of Soviet Bloc institutionalised graft. High levels of bribery and corruption are particularly problematic aside from simple morality and ethics, because they increase the costs of doing business while also reducing the ease of conducting business. Additionally, high levels of corruption, especially institutionalised corruption, dissuade foreign (Western) businesses from expanding into areas which are particularly rife with it.

Has your organisation experienced any economic crime and-or fraud within the last two years

Asset misappropriation dropped from being reported by 62% of organisations in 2016 to 46% in 2018, near the global average of 46%. PwC surmises that the drop could be due to tightening organisational controls and investments into prevention that are bearing fruit.

33% of Ukrainian respondents experienced procurement fraud in 2018, 11% more than the global average. The higher rates of procurement fraud may be related to less-than-adequate due diligence work on vendor integrity and conflicts of interest, according to the authors.

HR fraud (recruitment fraud, payroll fraud etc) ranked in fourth among Ukrainian firms, higher than the eighth place global ranking. The reported rate rocketed from 4% in 2016 to 33% in 2018 among Ukrainian respondents. The report suggests the boost in reporting may be the result of increased awareness of HR fraud and its status as actual fraud instead of ‘business optimisation.’

Rounding out the top-five was cybercrime, which grew 7% from 2016 to reach 31% in 2018 (also the global rate of reported cybercrime). As businesses get more tech-integrated, they are becoming more exposed to malware, phishing, network scanning, and brute force attacks. Cybercrime has boomed in recent years – according to one estimate by Grant Thornton, damages induced by e-criminals now stand at above $300 billion globally.

What types of fraud have your organisation experienced in the last two years

In terms of monetary damage, 31% of Ukrainian respondents reported losses of over $100,000 in their most disruptive fraud, while 12% sustained a loss of between $1 million to $50 million. 34% of Ukrainian organisations said they increased spending on combating fraud over the past two years (42% globally), while 37% said they expect spending to increase in the next two years (44% globally).

Aside from the monetary damage, fraud can also have a devastating impact on brand image and employee morale. Half of Ukrainian respondents said their reputation/brand strength suffered significantly from economic crime, while 58% said employee morale was damaged by the most serious fraud.

The PwC survey revealed a significant jump in the proportion of economic crime committed by internal (organisational) actors in Ukraine, leaping from 28% in 2016 to 56% in 2018. There was also a big increase in fraud attributed to senior management, which jumped from a 27% share in 2016 to 55% in 2018. Aside from shifty employees, the report identifies third-party actors like vendors, agents, and customers as a large blind spot for fraud. Firms apparently need to step up their efforts in vetting third parties through corporate intelligence/background checks as a key part of fraud prevention.

Let’s get digital

Digital fraud is become increasingly sophisticated, and more disruptive. Attacks are now extending further than simple ransom demands, with cyberattacks now an additional tool in the arsenal of subversive statecraft. State actors, in the cloak of flimsy denials, are using hacking to disrupt rivals, markets and even state activities. In a cyberattack on the Kyivan power grid in 2016, hackers took out electricity to more than 225,000 residents, similar to a hack-and-blackout attack perpetrated a year earlier. Ukrainian President Poroshenko said the attack was part of an extensive cyberattack campaign conducted by Russia in the wake of the annexation of Crimea and subsequent proxy war in the east of Ukraine.

Has your organisation been targeted by a cyber attack using any of the following techniques

In the summer of 2017, a series of Petya malware attacks hit the systems of Ukrainian organisations, including government departments, banks, electricity firms and newspapers. Originating in an update to tax software and exploiting a security fault in Windows, the malware posed as ransomware, though the main point was likely to cripple Ukrainian public and private sector activities. The Ukrainian government, as well as the UK government and the CIA, identified Russian agents as the originators of the attack – with the CIA fingering Russian intelligence services (GRU) as the developers of the malware.

In this state of cyber insecurity, Ukrainian firms are right to be anxious; indeed, 16% not only expect a cyberattack in the next two years, but also believe that it will be the most damaging economic crime they face. However, only one-third (31%) of firms have a fully operational cybersecurity programme in place to deal with attacks.

The most common cyberattack technique experienced by respondents was malware, at 35%. Over half (51%) said these attacks disrupted their business processes, while 38% said their organisations were digitally extorted. With recent major ransomware attacks affecting both public and private sector organisations, it seems increasingly imperative that Ukrainian institutions and businesses should strengthen their cybersecurity preparedness.

Meanwhile in Ukraine, PwC is actively recruiting for 350 new professionals in the coming two years to staff its just launched Shared Delivery Centre in Lviv.