These findings underscore the importance of companies providing younger staff with clear guidance and ethical training. This generation is the future of our businesses. If companies do not take action now to combat unethical conduct at all levels of their organizations, such behaviors may increase in the future.
Blowing the whistle
One of the steps that companies can take to address this is to encourage whistleblowing, but only 21% of respondents to the EMEIA survey were aware that their company had a whistleblowing hotline. Moreover, those who were aware weren’t necessarily comfortable with the idea of using them.
The survey also found that 73% of respondents would consider providing information about fraud, bribery and corruption in their business to a third party, although the majority said they would only do so if no action was taken after reporting internally. Of those who said they would provide information to a third party rather than reporting internally, 57% said they would report to a law enforcement agency, 49% to a regulator and 15% to a journalist.
The APAC survey findings also suggest a lack of faith in whistleblowing hotlines. Given the choice, only 27% of respondents would opt to report misconduct using their in-house whistleblowing hotline, with 23% preferring to go directly to senior management. In contrast, 20% would prefer to go directly to the law enforcement authorities:
How technology can help
While whistleblowing is a “bottom-up” solution to tackling unethical practices, technology can offer a “top-down” alternative. The EMEIA survey highlights how advances in technology have given companies access to new information, insights and ways of working that can help in the fight against fraud, bribery and corruption.
By focusing on behavioral patterns such as anomalies in employee work hours, attempts to access restricted work areas and the use of unauthorized external storage devices, companies can identify individuals who may pose a higher risk to the business.
Despite the need to collect such data, the survey identified a tension between opinions about what channels companies should monitor and the types of surveillance that their employees consider a violation of privacy. Companies should bridge this gap by raising awareness of the importance of collecting such data and of the potential consequences if company data is leaked or stolen. Employees need to understand that companies can only protect themselves from such exposure by embedding an integrated insider threat program into their business.
When it came to cybercrime – another key threat to companies worldwide – only 37% felt that their company had a robust cyber breach management plan in place. In fact, only 59% thought their company needed one, which seems to indicate that this very real threat is not being taken as seriously as it should be.
As for APAC, there appears to be a wide range of levels of understanding of cybersecurity threats and how to guard against them. The survey identifies personal mobile devices as a specific area where organizations are vulnerable to cyber breaches through their employees. Just under half (47%) of respondents said their organizations have no policies against using personal devices for work-related activities. Almost half (49%) admitted to conducting business using their personal mobile device, even though their organization provided them with a work device – and 36% do so frequently. These figures were even more prevalent among senior management, 53% of whom said they frequently conduct business using their personal mobile device.
Opportunities and threats
Both reports suggest that technology provides both an opportunity and a threat for compliance teams. The APAC report says that “cyber and insider threats are part of one larger risk that will require a holistic approach for its detection, investigation and prevention,” while the EMEIA report concludes: “Information is the key to mitigating the risks and businesses should maximize the value they get from their data. This can be achieved by making better use of machine logic and embracing the opportunities arising from an increasingly disrupted world.”