Fraud risk management within the insurance sector

Uncertainty continues to rise, as the UK grapples with the cost-of-living crisis, rising inflation, an impending recession, the impact of Brexit, a tight labour market and conflict within the European continent. And when uncertainty rises, so too does the risk of fraud.

Fraudsters are seeking to exploit organisations by targeting systems for financial gain, data or to simply cause disruption. This is teamed with the additional threat of real, or perceived, overseas targeted state attacks. This article seeks to promote fraud risk management by exploring how insurance companies, with their mass of data, are at risk of fraud and cyber-crime.

The current (costly) climate

Our latest Real Economy topical survey found that 42% of those experiencing increased cost pressures expect it to last well into 2023. With inflation becoming more pronounced, insurers might struggle to increase rates enough to offset rising expenses, putting a squeeze on profits.

If we look at property damage as an example, the European building materials index from Bloomberg, which includes the companies involved in the building material sector of the Bloomberg Europe 500 Index, illustrates an upward trend in costs. Team this with increased labour costs, and you will see an increase in average claims.

A similar challenge is faced by auto claims, with CPI (consumer price inflation) for auto parts set to continue its upward trend from the past three years, alongside labour costs also increasing. This is leading to inflated costs for fixing vehicles as well as personal liability costs for victims of accidents.

As a result of these increasing (and costly) challenges, underwriting will be more of a focus for insurers looking to increase their profits now and going forward in a low investment-return environment.

As Peter Allen, Co-Head of Financial Services says, “historically, fraud risk always goes up in a recession. Whether or not the UK is technically in one, economic times are tight, and firms need to be extra vigilant to the risk.”

Pressured workforce

43% of businesses surveyed face higher labour costs to attract and retain a skilled workforce in an inflationary environment and 31% of businesses surveyed are looking at reducing staff planning or thinking about redundancies. This can add pressure to employees who may be experiencing demands outside of their role due to the rise in cost of living.

Insurance companies need to focus on cost savings, which can ultimately lead to layoffs. These layoffs Increase the strain from within the company as well as externally due to the rising cost of living. Together, these circumstances can increase the risk of insider fraud. This is because there are conditions within a working environment that can influence a person’s behaviour, explained below by Dr Donald Cressey’s Fraud Triangle.

Dr Donald Cressey, a criminologist, hypothesised that three things are at play when an offence of fraud takes place: pressure, rationalisation and opportunity.

1. As pressure rises due to internal cost pressures, the cost of living or the demand to hit targets, increases. This element of the fraud triangle also increases and can motivate an employee to commit fraud.

2. Although we are seeing wages within the financial services sector rise higher than other sectors, this is still below inflation, which then increases the ‘rationalisation’ element of the fraud triangle. This is also teamed with a 27.6% increase in vacancies compared to 2021 (*according to Vacancysoft and Morgan McKinley). This may lead to disgruntled employees, who may be covering additional responsibilities, justifying fraudulent behaviour.

3. The third part of the triangle is ‘opportunity’. Employees may seize the opportunity to commit fraud due to weak internal controls, for example. This is the element whereby insurers can really make a difference because it is, in the main, within their control. 

External fraud threats

Not only are insurers faced with increased internal fraud threats but, externally, cyber fraud threats can cause extreme damage both financially and reputationally within insurance firms. There has been an increase threat of cyber-attacks with a rise in phishing emails, scam phone calls, malware and ransomware as well as account takeovers.

In the last decade, according to the Office for National Statistics, the number of reported fraud and computer misuse offences in England and Wales has had an upward trend, doubling in 2021/22 to 965,162.

It was estimated by Statista Technology Market Insights that last year, the global cost of cyber-crime was $8.4 trillion. Within the next three years, the estimated global cost of cyber-crime is set to exceed $20 trillion.

It’s not just the financial gain fraudsters are after but the rich data, which makes insurers a prime target. In late 2022, a known ransomware group declared they were behind an attack on Kingfisher Insurance, where it was alleged that 1.4 terabytes of data were taken from the insurers. This included personal data of customers, as well as employees.

The cost of cyber claims has increased due to the sharp rise in number and cost of ransomware attacks, which has reflected in the inflated costs of cyber insurance products. When focusing on the increase in the cyber fraud landscape across insurers’ customers, in January, the Prudential Regulation Authority advised insurers that their modelling of cyber were falling short, particularly around the likelihood of events occurring.

This can generate risks of untested cyber policies, thereby impacting insurers from a cost-perspective, where court rulings may not go in their favour.

How to improve fraud risk management

Considering the elements of Dr Donald Cressey’s Fraud Triangle, and examples of poor cyber management as demonstrated by the Prudential Regulation Authority, ensuring an adequate control environment and regular testing, teamed with staff training, is paramount to protecting any organisation. Below are a few measures you can take to protect your organisation.

• Maintain adequate fraud policies and a fraud strategy
• Ensure segregation of duties within processes
• Implement call monitoring and surveillance
• Tighten payment controls
• Keep IT systems up to date
• Consider the terms of your cyber insurance policies both for your own cover and customers
• Have a secure data storage
• Test defences regularly to identify shortfalls
• Provide adequate and regular fraud and cyber risk training to the first line of defence – the workforce

For more information about improving fraud risk management, get in touch with Erin Sims.