Page 24

Insider Threat

By Danny Boles Security Consultant, DFB Security

Do you know the risk from employee theft? Do you have an effective strategy to reduce the opportunity for theft and are you aware as to what you should be looking for?

Each business will have different risks, depending on the nature of the operation, cash flow, whether a stock or services supplier, number of employees etc. So, if asked for the top 3 Business risks there will be variations but what would be your top 3 business risks? Expect fire and flood risk being high on the list, but would you include employee theft as high risk? Recent research conducted by DFB Security, identified that only 7% of businesses would include employee theft as a top 3 risk, but 35% would include external theft in the top 3. In the retail sector, it is estimated that 45% of loss is due to shoplifting, 35% employee theft and rest made up of supplier/vendor and operational failings (Retail Excellence Ireland, 2008). To come to an exact figure on level of employee theft is not easy to determine, as theft could be happening, but it does not show as a loss, but could show as an overhead or business expense. In some instances losses due to employee theft in all businesses can average anywhere between 35% - 60%. In some cases, losses of up to 80% caused by employee theft or more in businesses have not been uncommon. It is not always possible to place the loss in either bracket as it could be unknown loss such as an employee making it look like external theft.


Both internal and external theft is a risk to any business and if the strategy is not robust enough then the theft problem will continue. Indeed. Some businesses fail to admit that that there is an internal theft problem, which means no action is taken to identify and deal with it. Therefore, you don’t know what you don’t know, which means if you don’t know what the losses are then you don’t know the cause. The question is why would some businesses have a higher rate of employee theft compared to others, and as a comparison why would different branches of the same business have higher levels? There are numerous papers and research on why employees steal, but to keep it simple remember these three golden rules as to why (i) What is the risk of being caught? (ii) What is the reward? and (iii) What is the opportunity? If the chance of being caught is low (risk) due to no controls (CCTV, Security officer, alarm etc.) and the business has high value stock or cash (reward) and it is easily accessible (opportunity) then you should expect higher levels of employee theft. On the contrary, with good levels of physical and procedural security combined with audits, restricted access and reduced rewards (i.e. cash in the safe) then you should have lower levels of employee theft. However, even with tight controls

in place, does not mean that an employee will not steal but it will make it will easier to identify their activities and increase the risk that they will be identified. Some businesses, especially retail, would certainly look at the risk of external crime such as shoplifting and resource this risk accordingly with CCTV, security guards, electronic article (EAS) barriers and tagging to name a few, but is this resource in proportion to the loss suffered as a result of shoplifting compared to employee theft? In my experience, the answer is no and there are several reasons for this. Firstly, employee theft is not obvious so is not on the radar for many businesses . Secondly, some businesses will not accept that an employee would steal as they are all deemed as trustworthy so there is no acceptance. Thirdly the analysis of data is not robust enough to identify potential employee theft. There have been many newspaper stories over the years of employees stealing hundreds of thousands Euros over a period of years, where that employees are in a position of trust and some Businesses struggle financially or even go out of business due to the theft. More recently, in December 2010 a court case in the USA concluded where the loss to a multi-national company (Best Buy) was $33 million as a result of an employee working in collusion with

Profile for Rosebank Media

Risk Manager Magazine Spring 2011  

risk manager magazine spring 2011

Risk Manager Magazine Spring 2011  

risk manager magazine spring 2011

Profile for anndaly