Only one-third of UK businesses have insurance coverage that protects them from information security breaches and the financial impact of having data lost or stolen.
That is according to a new report from NTT Security, which also reveals that less than a third of British companies have dedicated cyber security insurance in place.
This is despite eight in ten senior executives saying it is "vital" for their business to be insured against the threat, with firms typically spending an average of £1m recovering from a breach.
The research also found that nearly half of executives do not know if their insurance covers data loss or breaches - higher than in 12 countries studied and well above the average of 23%.
"With estimated annual losses from cyber crime now topping £291bn, you would hope more would be beating a path to insurers' doors," NTT Security EMEA senior VP, Kai Grunwitz, said.
"But while the insurance sector is certainly seeing growth in the number of policies being taken out to cover such losses, it's an issue that many senior decision makers are not on top of."
The research involved a survey of companies in the UK, US, Germany, Austria, Switzerland, France, Benelux, Sweden, Norway, Hong Kong, Singapore and Australia.
While the UK compares poorly to the US and Singapore, where around half of firms insure against both breaches and data loss, it still fares better than Benelux and the Nordics.
The UK also ranks second from last for having dedicated cyber insurance, alongside Germany and just above Benelux.
It was also found that 19% of British firms do not have, or are not in the process of implementing, an incident response plan, despite potentially facing huge fines under General Data Protection Regulation.
"While cyber risk insurance should be put in place to help mitigate the potential fallout of a data security breach, a policy must not be seen as a 'get out of jail free card'," Grunwitz, said.
"Cyber insurance must be complementary to an effective risk-based information security strategy, not a replacement for it."
