The ‘silent fraud’ – tackling the growing issue of the insider threat

Fraud and financial crime pose a significant threat to the UK’s economy, with the Public Sector being a primary target. Public institutions play a crucial role in providing essential services in healthcare, housing, and security. However, they are increasingly vulnerable to fraud, costing taxpayers billions annually.

The scale of the problem
Identifying and preventing insider threats
Building a resilient workforce that can detect insider threats

The scale of the problem

According to the National Audit Office, fraud and error cost the UK taxpayer between £55 billion and £81 billion in 2023-24. Given their access to vast amounts of sensitive data, Public Sector organisations are particularly attractive to criminals.

However, not all threats originate from outside organisations.

A rising concern throughout many sectors is the ‘insider threat’ – employees who are willing to abuse their position and put their organisations at risk. Filings to the Cifas Insider Threat Database rose 14% in 2023, with nearly half (49%) of these involving dishonest actions by employees. Alarmingly too, 38% of employees involved in dishonest conduct had been in post for less than a year, while 17% had been in their roles for over a decade. Financial pressures remain a primary motivator.

Identifying and preventing insider threats

Insider threats can manifest in different ways in the Public Sector. For example, an employee might steal money or goods (such as laptops) or sell sensitive information to organised crime groups in exchange for cash.

Those who misrepresent qualifications on their CV and/or job applications to obtain a role could also pose a risk to their employers and may continue deceiving others in the organisation. Recent Cifas research discovered nearly 1 in 5 (18%) UK people had lied on their CVs, or knew someone who had, to secure employment.

While there is no single profile of an insider threat, Public Sector organisations can identify early warning signs to mitigate risks before damage occurs. Some key behavioural ‘red flags’ from dishonest staff include:

• Avoiding time off for fear of being ‘discovered’.
• Accessing systems that are not part of their job.
• Living beyond their financial means.
• Sharing passwords and misusing confidential information.
• Disgruntled behaviour.
• Being resistant to security protocols.

By monitoring for irregularities in system access, financial transactions, or data sharing, Public Sector organisations can detect and act on suspicious activity – before it’s too late.

To further strengthen internal defences, sector professionals should ask themselves three key questions:

1. Are there opportunities within our organisation for employees to commit fraud?
2. What factors might motivate an employee’s dishonest behaviour?
3. How might they justify their fraudulent actions?

Addressing these questions helps identify security gaps and improve counter-fraud measures. As a result, organisations – if they haven’t already – should consider implementing:

• Enhanced vetting processes – it is recommended that thorough checks are conducted across an employee’s entire lifecycle, not just at the on boarding stage (although this is still very important when verifying qualifications and employment history).
• Proactive monitoring – carrying out regular risk assessments and system audits can help detect and remedy vulnerabilities at the earliest opportunity.
• Robust policies – these should ensure employees understand that dishonesty will be investigated and addressed. It is vital these policies are reviewed regularly and updated where appropriate.
• Whistleblowing mechanisms – by establishing confidential reporting channels, this can encourage employees to report suspicious activity.
• Physical and digital security measures – for example, this could include having multi-factor authentication to log into devices and restricted data access for sensitive documents, to prevent misuse.

Building a resilient workforce that can detect insider threats

Alongside implementing important counter-fraud measures and controls, Public Sector organisations should also cultivate a workplace culture that prioritises security, transparency, and ethical behaviour.

To help develop a robust counter-fraud culture, an essential consideration is the roll out of comprehensive fraud prevention training. An effective programme can help safeguard employees and equip them with the tools and knowledge to detect and report threats to the organisation.

Training does not have to be time-consuming either – concise, interactive and engaging content can ensure employees absorb key insights seamlessly as they work. This approach keeps training effective, enhances daily operations, and empowers employees as the organisation’s first line of defence.

Finally, Public Sector organisations should also do more than simply share data and intelligence – they must make certain they are sharing the right data and intelligence. This requires access to real-time, cross-sector information on issues affecting the sector, as well as challenges faced by private organisations, and insights from other government departments and law enforcement agencies. By integrating this information, they can develop a clearer understanding of criminal activities and take proactive measures to disrupt risks at the source.

Through the adoption of these strategies, Public Sector organisations can enhance their resilience against insider threats, safeguard taxpayer funds, and maintain public trust. A proactive, security-focused culture ensures that employees feel supported while deterring dishonest behaviour – securing the integrity of essential public services for years to come. Cifas’ Insider Threat Protect solution enables your organisation to target internal risks through data, intelligence, and learning.

Alongside Fraud & Cyber Academy qualifications and specialist courses, Cifas has also launched a Digital Learning programme – an interactive video series equipping employees with the tools to future-proof the workplace and protect against risk such as insider threat, staff approaches, and bribery and corruption. Book a free 7-day trial.

Discover Cifas’ work in the Public Sector here.