Although 36 percent of surveyed organisations had experienced economic crime in the previous 24 months, fully 22 percent of the respondents had not conducted a single fraud risk assessment in the previous 24 months - leaving them wide open to exposure from evolving fraud techniques that are changing on a daily basis.
Given that two-thirds of CEOs surveyed agreed that there are more threats to the growth of their companies than ever, the low rate of detection and checking suggests "that too much is being left to chance," the PwC analysis concluded. "In fact, our findings indicate that one in ten economic crimes are discovered by accident."
Better utilisation of traffic analysis and big-data tools is finally providing ways for businesses to get more proactive about their defence against economic crimes.
"We are now at the point where we can identify where people are getting lots of login abuse," Smith said. "If they have a large volume of traffic going to a target URL from individual IP addresses, they probably have an account takeover problem and we can proactively reach out to them."
Having refined the company's data collection and analysis capabilities over the years, Akamai is now looking at ways of packaging up its analytics services to empower businesses to get more proactive about their investigation of suspected fraudsters.
"We're currently doing this with people but that doesn't scale out very well," he said. "We're trying to figure out how to do bundles of packages so that customers can come with a problem and find a solution that can help them out."
If big-data analytics can help them identify potential risk vectors based on contemporary hacking patterns, Smith reasons, businesses of all sizes will be able to leverage such tools to follow through on breaches - identifying where remote fraudsters have sought to use their stolen credentials for malicious purposes.
By comparing their internal customer databases with activity data that Akamai is collecting, businesses will be able to contextualise observed activity and respond to it more appropriately. They should also consider downloading copies of compromised credential databases to proactively identify user accounts - theirs, their customers', or their suppliers' - that may be exploited by hackers for nefarious purposes.
"All the smart folks are getting copies of that, which is normally a black-hat activity, and they are taking that to their customer database to find out about any customer accounts they have that could potentially be compromised," Smith. "There are things like that that most companies should be doing, but probably aren't."
Sign up for MIS Asia eNewsletters.