The enemy within

Corporate fraud is rapidly emerging as a pressing challenge, taking advantage of organizational weaknesses and human vulnerabilities. Our latest global study shows that the typical fraudster is a male between 36–55 and is highly respected by his colleagues. The most common type of fraud involves misappropriation of assets (52%) such as embezzlement or procurement fraud. Although the value is often below $200,000, 55% of the cases rely on group collaboration involving two to five people. These schemes can be found in any part of an organization including operations, finance, procurement and the CEO’s office, with weak internal controls being the main reason for their success. Notably, whistleblowers remain the leading sources to detect fraud, highlighting the need to encourage and protect those who report unethical behaviour.

In the Middle East, online fraud is becoming a growing concern, especially as the adoption of real-time payments expands. Authorized push payment (APP) scam losses in the UAE are projected to reach over $30 million by 2028. While the UAE’s losses are still relatively low compared to other major real-time payment markets such as the US, UK, India, Brazil and Australia, the speed of real-time transactions has created new opportunities for scammers looking to move funds quickly before they can be traced. This report gathers insight from KPMG’s Forensic teams around the world to form a detailed picture of the perpetrators and fraud incidents. It analyses 256 cases investigated by KPMG member firms over the past 5 years, covering at least 669 fraudsters as some cases involve more than one.

Saudi Arabia has been largely shielded from these global fraud trends. Research shows that despite a 15% annual increase in cases, the country has some of the lowest rates of financial fraud worldwide. This strong position is supported by robust government services and advanced systems like Absher and the National Single Sign-On, which treat citizens’ data as strictly confidential and secure. Additionally, legal measures and quick action by authorities such as the Public Prosecution ensure fraudsters are held accountable and citizens’ funds are protected.

With over 223,800 assets hosted within the UAE potentially exposed to cyber-attacks, the country has made significant progress in combating online fraud through technology advancements, government regulations and international collaborations. Established in 2020, the Cyber Security Council reflects the UAE’s commitment to promoting a safe digital space by driving awareness campaigns, providing services across sectors and ensuring proactive measures to protect users from online threats. KPMG’s latest CEO outlook survey found that 72% of UAE CEOs believe their organization is well-prepared for a cyberattack, a significantly higher confidence level compared to 59% in the Middle East and 48% globally. Meanwhile, new laws against commercial fraud are enhancing consumer protection and business integrity in line with global standards.

Looking ahead, information security spending across the MENA region is projected to reach $3.3 billion by 2025, a 14% rise from 2024 levels. Nearly half of this spending is expected to go to security software, as businesses place greater emphasis on protecting unstructured data and turn to synthetic data generation as an alternative to traditional anonymization methods. As the corporate environment becomes increasingly complex, the focus on effective anti-fraud measures will remain a top priority for organizations worldwide.