The report from Mimecast, also reveals that many businesses are not even able to monitor their own security protection effectively. Some 15% of organisations surveyed said that they did not know whether they had suffered a data loss incident in the last 12 months, and more than a quarter (27%) blamed human error for previous data loss.
Mimecast cyber resilience expert Mayur Pitamber said the survey should send out a stark warning to companies to act.
"Employees are an organisation’s most valuable asset and the cyber resilience responsibility needs to be shared with everyone to improve the response to new cyber threats," he said.
"Organisations must have a holistic plan that embodies security, business continuity, data protection and end-user empowerment; and to ensure the entire organisation is educated, engaged and involved in planning and response, from the boardroom to IT and beyond.”
Meanwhile, the study also showed a worrying level of preparedness for the new EU regulation; just under half (44%) of the UK organisations believe their email system contains personal and sensitive data as defined by the EU GDPR, yet only 17% are confident they could retrieve this personal or sensitive data immediately.