Increased Controls without Risk Assessments Negatively Impacts Revenue

While data breaches have dominated the news cycle, The Wall Street Journal’s “Risk and Compliance Journal,” reports that fraud is actually much more common, even if it generates fewer headlines.

In the fiscal year ending March 31^st, 2015, instances of retail fraud averaged a 94% increase from the prior year when calculated by average loss of revenues. Industry reaction to this news has been relatively predictable: as many companies have decided to devote a higher percentage of their budget to preventing fraud. However, the cost of blindly applying risk mitigation activities has resulted in an unacceptable 1.32% reduction in total revenue. Indiscriminately applied screening and cookie cutter control implementations means more red flags, and more red flags means more time and resources expended evaluating potential problems.

The inability for organizations to manage the risk-reward trade-off related to their fraud detection and prevention strategies has resulted in inefficient mitigation activities, more false alarms, unnecessarily harassed customers, and ultimately has translated into less revenue.

Why Best Practice Risk Assessments are Needed

To both prevent fraud and maintain high efficiency levels, organizations need to adopt a best practice risk assessments and frameworks to first identify and assess the risks they face on a daily basis. By prioritizing controls with more effective risk assessments, red flags that are in actuality benign won’t waste time and money.

So why have these bad-for-business, knee-jerk relations been implemented? Visibility is the answer. Data breaches are very often news-worthy because of their potentially major implications and headline value, they’re the classic high impact, low likelihood risk. Fraud, in contrast, occurs incrementally and has a cumulative effect, meaning there is usually no single, cataclysmic event that captures everyone’s attention, but the results can be equally devastating to the business.

The conclusion? Fraud, even though it doesn’t necessarily culminate in a bang like a big data breach can, poses just as much of an organizational threat. The numbers show that attempting to mitigate cybersecurity and fraud without first adopting and conducting best practice risk assessments, will lead to increased inefficiency. The first step to minimizing fraud is using a root-cause risk library to prioritize and escalate concerns across business silos.