Crimes against companies

Four out of ten companies report exposure to crime

The questionnaire study asked whether the company had been exposed to a number of different types of crime. In total, four out of ten companies reported that they had been the victim of at least one offence in the past twelve months (41 per cent). Companies are exposed to different types of crime, with some being more common than others. Just over one fifth of the companies reported that they had been the victim of theft or burglary, and an equal proportion reported being the victim of fraud (21 per cent). A total of 14 per cent of the companies reported that they had been the victim of vandalism, with graffiti and other types of vandalism being equally common (9 per cent), while a smaller proportion reported being the victim of arson (1 per cent). Around one in ten companies reported being the victim of data breach (11 per cent). A roughly equal proportion reported that someone within the company had been subjected to some type of offence against the person (just under 9 per cent), with threats being the most common, followed by sexual molestation (approximately 6 and 3 per cent, respectively).

The companies were also asked about their exposure to various types of crime that could contribute to unfair competition or constitute undue influence, as well as about internal crime. Examples of this include attempted bribery, extortion, and theft or fraud by employees. Overall, a lower proportion of the companies had been the victim of this type of crime compared to the other offences asked about in the questionnaire.

As regards the companies’ concerns over becoming victims of crime, two out of three respondents reported feeling this type of concern at least to some extent. One in ten reported feeling this type of concern to a great extent.

The hotel and restaurant sector generally reported high levels of exposure to crime

Exposure to crime differs significantly between different sectors. The highest proportion of companies exposed to crime was found in the hotel
and restaurant sector, where more than six out of ten companies reported having been victimised. The lowest proportion of companies exposed to crime was found in the SNI category “Information and communication”, where three out of ten companies reported having been victimised. Companies in the SNI category “Professional, scientific and technical activities” also reported a relatively low level of exposure to crime. Generally speaking, the variation in exposure to crime between sectors is greater for theft or burglary, vandalism, and offences against the person than for fraud and data breach.

The majority of companies have not reported crimes to the police

Of the companies that reported being the victim of at least one crime, more than half stated that they had not filed a police report for any of the incidents. Companies that were most likely to state that they had not filed a police report for any of the incidents were those working in sectors where exposure to crime is dominated by fraud and data breach and to a lesser extent by traditional crimes such as theft, burglary and vandalism. Conversely, companies that were more likely to have filed a police report often worked in industries in which the risk of theft, burglary, or vandalism is higher. The construction industry has the highest proportion of victimised companies that stated they had reported all criminal acts against them to the police (28 per cent).

The most common reason for not reporting a criminal act to the police was that it was not considered serious enough – just over half of the companies stated this as the reason. Another common reason was the perception that reporting a crime rarely leads to the arrest of the perpetrator, which just under half cited as the reason.

Crime consumes companies’ time and resources

The most commonly reported consequence of crime described by companies was that it consumed time and resources that could otherwise be used for other purposes. More than half of the victimised companies stated this. In terms of financial impact, victimised companies most often stated that the crimes had little financial impact. However, approximately 7 per cent of companies stated that the crimes had a large or very large impact on their operations.

Use of an alarm system is the most common security measure

The companies were also asked whether they had used different security measures in order to prevent crime. The most common security measure was the use of an alarm system (39 per cent). Other relatively common security measures were camera surveillance inside or outside the premises (23 per cent) and the use of digital mailboxes that require e-identification to log in (21 per cent).

Overall, one-third of companies stated that they were well prepared to deal with potential exposure to crime. One quarter stated that they have established procedures for dealing with potential exposure to crime. Just over one in ten companies stated that they have participated in some form of collaboration on crime prevention measures with other companies or organisations during the past twelve months. The results in the report show that many of those who have participated in such activities report positive experiences of these collaborations, even though it is more difficult to determine what effect the crime prevention measures have had.

More security measures and a higher level of preparedness among victimised companies

The results also show that the number of different security measures used by companies to protect themselves against crime tends to be higher among companies that have been the victim of crime than among those that have not been victimised. Similarly, according to the respondents, the level of preparedness to deal with potential victimisation is higher among victimised companies. This also applies to the proportion of companies that have participated in crime prevention initiatives together with other societal actors. All of these correlations are relatively strong. A reasonable interpretation is that the companies that have the greatest need to protect themselves against crime also implement various crime prevention measures.

A company’s exposure to crime is linked to a number of factors

A company’s exposure to crime over the past twelve months is linked to a number of different factors to a varying degree. When examining the links between exposure to crime and a number of structural background factors, factors that are linked in various ways to the size of the company, particularly the number of employees and turnover, show the clearest links to exposure to crime. Furthermore, a high level of concern that the company may become a victim of crime is linked to the extent to which the company has previously been victimised and its consequences. The same applies to a certain extent to having a low level of confidence in the police’s work in relation to crimes against companies.

Results from regression analyses show that factors that appear to increase the risk of a company becoming a victim of crime include the following:

• the company is in the SNI category “Real estate activities” or “Accommodation and food services activities”
• the company is large in terms of turnover and number of employees
• the respondent stated that there were public order problems in the vicinity of the workplace.

Factors that appear to increase the risk of concern that the company will become a victim of crime include the following:

• the company has been the victim of crime in the previous twelve months
• the company experiencing a high degree of negative consequences as a result of crime victimisation
• the respondent stated that there were public order problems in the vicinity of the workplace.

Factors that appear to indicate an increased risk of having a low level of confidence in the police’s work in relation to crimes against companies include the following:

• the company has been the victim of crime in the previous twelve months
• the company has experienced a high degree of negative consequences as a result of crime victimisation
• the occurrence of public order problems in the vicinity of the respondent’s workplace.

When it comes to concern about future victimisation, the link to previous victimisation is stronger than the link to confidence in the police.

Reported crimes against companies

Theft and vandalism are the most commonly reported crimes in most sectors

When police-reported crimes against legal persons are examined, it can be seen that theft and vandalism are the two crimes most commonly reported
to the police in most sectors. By far the largest number of reports of theft related to the retail sector. As regards vandalism, by far the largest number of reports related to the SNI category “Transportation and storage”. Fraud is generally the third most commonly reported crime when the injured party is a legal person. However, in the “Financial and insurance activities” and “Information and communication” sectors, fraud was the most commonly reported crime. Police reports of data breach, robbery, and extortion are fewer in number.

Differences between businesses in police-reported thefts

According to crime statistics, police-reported thefts (with or without breaking and entering) have generally decreased over the past ten years. Most of the police reports examined related to theft without breaking and entering from a shop, which primarily affects the retail sector. A review of the written descriptions of these offences in the police reports shows that in many cases the theft involved customers taking goods or products worth a few hundred or a couple of thousand SEK and then leaving the shop without paying.

In terms of reported burglaries (i.e. thefts in combination with breaking and entering), companies operating in the industrial sector, workshops, construction sites, warehouses, garages, and port areas appear to be at the greatest risk. The written descriptions of the offences in the police reports indicate that the most common method of burglary involves breaking the lock, door, or window of the premises or vehicle belonging to the company.

Thefts that escalate to robbery account for a significant proportion of police-reported robberies in shops

Reported robberies of shops, both with and without firearms, have decreased significantly in recent years. The written descriptions of these offences in police reports indicate that just over half of shop robberies in 2023 targeted grocery stores. Other shops targeted for robberies include kiosks, petrol stations, and retail shops, such as jewellery or clothing shops, as well as the state-owned liquor store chain Systembolaget. Over time, there has been in increase in proportion of reported thefts from shops that have been registered as robberies due to the offender having used violence against staff members when the latter have intervened following the theft. The proportion of robberies targeting shops’ checkout areas has instead decreased. A smaller proportion of reported shop robberies involve smash-and-grab robberies or robberies targeting the back rooms of the shop.

Companies are often secondary victims of fraud

Among police-reported crimes committed against legal persons, the most common types of fraud are card fraud, identity fraud (sometimes called credit fraud), and frauds classified by the police as “other fraud”. Frauds involving various forms of social manipulation and invoice frauds were also frequently found in the police reports, whereas fraudulent adverts for goods or services and insurance fraud were comparatively less common.

In cases of card fraud and identity fraud, the police reports often relate to private individuals whose card or identity details have been used to take out loans or make purchases without their knowledge or consent. Companies are thus exposed in two ways: either as the lending credit institution and financial intermediary, or as the mail order company/e-commerce company that sends goods to the perpetrator based on stolen information. When the crime had been registered as “other fraud”, the description of the offence was often similar to the offences otherwise registered as card and identity fraud.

Reports of vandalism often concern public transport, schools, and property owners

In 2023, just over 80,000 incidents of graffiti were reported to the police, along with approximately the same number of incidents of other vandalism, where at least one legal person was registered as the injured party. The sector most often affected by vandalism was by far the category “Transportation and storage”. Four out of ten incidents of graffiti reported to the police related to graffiti on public transport. The graffiti often consisted of random words or sentences or “illegible text”, and was found on both the inside and outside of train carriages and buses, as well as at stations and bus stops. A minority of the graffiti had offensive content and appeared to be more targeted. Other graffiti (i.e. not on public transport) had often been reported to the police by schools, municipal organisations, and property companies.

When it comes to other types of (non-graffiti) vandalism, many of the reports related to damage to public transport, schools, and municipal property. This damage ranged from stickers placed on metro trains or on lampposts, electrical cabinets, or road signs to broken windows, and fences
and benches that had been damaged or destroyed. Reports of damage caused by fire, arson, and destruction causing public endangerment by means of explosion, with a legal person as the injured party, are comparatively rare. Several of the arson cases included in the sample of police reports involved someone setting a fire at a school, or on school grounds, which had resulted in relatively limited damage.

A large proportion of reports of extortion relate to ransomware

In 2023, 139 cases of extortion against a legal person were reported to the police, with the majority of these reports relating to attempted extortion. Many of the incidents involved internet-related extortion, with someone having taken over a company’s website or data and demanded a ransom to restore access (known as ransomware). In the police reports, this type of crime was found under two different crime codes, namely data breach and extortion, and the victimised companies operated in many different sectors.

The police reports also included examples of extortion based on alleged debts, and labour or civil law disputes. Many of the companies affected were operating in the construction sector, although other sectors were also represented.

Various intentions are seen in reports of data breach

In 2023, 995 cases of data breach were reported to the police with a legal person as the injured party. Many of these involved data breaches in social media or e-services. A common scenario was that a company’s Facebook account had been hacked, with the perpetrator then using the company’s registered payment details to purchase advertisements. The police reports also included examples of denial-of-service attacks against legal persons. Several of these had been directed at activities of importance to society at large, such as the transport sector, public administration, and defence, as well as the health and social care sectors.

Another type of data breach found in the police reports involved unauthorised record searches. This type of data breach differs from the other forms reported to the police in that a suspected perpetrator is also reported in the majority of cases. In most cases, the perpetrator was an employee in the healthcare sector. Common scenarios involved an employee searching for healthcare information about their own relatives, or a relative of someone receiving care discovering that staff had accessed healthcare information without permission.