A business owner calling a helpline. We have a guide to help protect you from internal fraud.

The growing threat of internal fraud

Internal fraud is a growing problem for British employers, but ensuring robust controls are in place, as well as addressing employee wellbeing, can turn the tide.

How adverse circumstances can drive bad behaviour

While most companies focus their cyber protection efforts externally, internal fraud and economic crime are growing threats for businesses. In PwC’s Global Economic Crime Survey 2020, the consultancy reported that economic crime had reached its highest level in the previous 24 months, with 56% of UK businesses surveyed stating that they were impacted by fraud, corruption, or other economic crime.1 While 28% of companies cite cybercrime as the most disruptive type of fraud, 43% of economic crimes affecting UK firms were perpetrated internally.

Internal fraud, also known as insider fraud, is committed by a very small proportion of staff, but it can have a large impact on a business. From payment and receipt fraud to travel and procurement fraud, these crimes are often carried out by employees who are under pressure, and then tempted or coerced into committing a crime that they would never have considered under normal circumstances.

The pandemic has been a perfect driver of the Fraud Triangle – opportunity, motivation, and rationalisation.

Tracey Carpenter, Cifas

The Fraud Triangle

The Fraud Triangle is a name given to the three factors that can prompt an employee to cross the line. When employees are given a new opportunity, at a time when they have a strong motivation to receive money, and the ability to rationalise their behaviour, they are much more likely to commit fraud. During the pandemic, all three of these factors have been present.

The opportunity was created by the sudden shift to home-working. Figures from the Office for National Statistics show that 46.6% of employees in the UK worked at home in April 2020.2 That rose to almost 70% of workers in professional occupations. Internal systems at many companies were unprepared for that change and had to be quickly adapted, which meant that security solutions and adequate oversight were sometimes not in place.

There are fewer opportunities to spot suspicious behaviour while working from home, because you can't physically see what your colleagues are doing. You can’t see who’s doing what or which systems they’re using.

Tracey Carpenter, Cifas

Motivation and rationalisation

The second apex of the triangle, motivation, was the considerable financial pressure that many people found themselves under during the crisis. As of 31 July 2021, there were 484,000 employers across Britain with 1.6 million staff on furlough.3 All of these employees were only receiving 80% of their wages. Many more employees likely experienced pay and promotion freezes throughout 2019 and 2020 or were asked by employers to accept a cut in wages or lose their job. At a time when many people were anxious about their own and their family’s health, they also had to worry about their job, the future of their company, and making ends meet.

Even for those who didn’t take a financial hit, other employer behaviours may have left them feeling aggrieved. Workers who had to attend the office may have felt that risking their health and paying for their commute while others did not was unfair. Companies that had no choice but to reduce headcount or put people on furlough were also increasing the workload for those still employed.

These grievances likely contributed to rationalisation. Employees could explain away their fraud as they felt they were owed more by their company than what they were getting. Or that their company deserved to be defrauded because it wasn’t treating people fairly.

The fraud triangle during the pandemic:


Staff have been working from home and under less direct supervision.


The general economic downturn or staff being on furlough may have put employees under new financial strain.


In such extraordinary circumstances, it’s easier for people to justify an act they wouldn’t normally consider as being “just this once” or “just until things get better”.

Strengthening your company against internal fraud

It’s important to note that internal fraud is not just a problem that has arisen from home-working during the pandemic. While these factors impacted the Fraud Triangle, there’s no specific set of circumstances that can be avoided by every employer. Instead, they have to assess individual employees.

“All companies are vulnerable to employee fraud, and they need to be on the lookout for the signs, whether it's a small business that only employs a few people, or a large corporate organisation,” says Carpenter. “They need to make sure that they’ve got robust employee monitoring in place. That’s very important throughout the whole employee lifecycle, right from the moment a candidate provides their CV.”

Companies need to take the onboarding process seriously, performing background checks on prospective staff, including on Cifas’ Enhanced Internal Fraud Database, which records previous instances of fraudulent conduct. Once employees are enrolled, the company can use robust controls to ensure staff only have access to the data and programs they need to perform their role, and systems which detect and alert them to suspicious activity.

It’s also important to talk to employees about fraud so that they can be a company’s first line of defence.

“Companies need to make sure that they've got a robust whistleblowing policy in place. It’s really important to have the trust of your employees, and create a culture where they feel able to raise any concerns. If they do report a potential issue, if they suspect suspicious activity, they need to know that it’s going to be thoroughly investigated,” says Carpenter.

Clearly communicating a zero-tolerance policy is important. Let your employees know that you do not tolerate fraud. Share the steps that they should take if they suspect that a colleague is involved in such activity, even if that’s a line manager or maybe somebody higher up.

Tracey Carpenter, Cifas

Putting employees first

There are adverse circumstances at work that can be unavoidable, but employee wellbeing plays a huge part in stopping these from becoming motivations and rationalisations for fraud. It’s natural for people to feel under pressure if they’re furloughed, worried about the long-term security of their job, or simply not being paid enough. Making sure that employees feel supported and that you are transparent about what’s happening and why can go a long way towards helping them through hard times.

“We often hear in the media that the cost of living, and particularly food, is increasing. This can put extra pressure on individuals who may already be in financial difficulty, and make fraud look like their only way out. Somebody who maybe last year would never dream of stealing from their employer could be in a very different position this year.”

Removing the opportunity is critical, particularly for hybrid working policies, but addressing motivation and rationalisation is important too. Companies should encourage an open dialogue about any challenging circumstances employees may be experiencing in or outside work. They should also have transparent and equitable hiring and promotion processes, which will not only reduce potential rationalisations but also improve employee satisfaction.

Where to next

Fraud Protection

Fraud Protection

Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.


People – your first line of defence in the war on cybercrime

Mobilising your human resources may be your best line of defence against cybercrime, as Lee Fitzgerald, Director of Fraud Risk Strategy, explains.

Latest insights