Just half of senior executives and managers in the UK believe their organisations have good strategies in place to deal with cyber attacks, new research has revealed.
And almost the same amount think their employers are not even worried about cyber attacks, with 13% describing their strategies as "poor", and 30% labelling them "average".
This is despite 43% of senior executives believing their organisation has suffered at least one attack in the past two years, 21% of which thought it was dealt with poorly.
"The chances of suffering a cyber attack are increasing, but our research suggests many employers are not taking this growing risk seriously enough," said Bruce Hepburn, CEO at Mactavish, which carried out the research.
"Given this, it is fair to assume that many have also not reviewed their insurance policies to make sure they have adequate cover here."
This comes after research from Accenture found that cyber attacks could hit companies with $5.2trn (£4trn) in additional costs and lost revenue over the next five years.
The consultancy firm revealed that insurance and banking are in the top 10 sectors most at risk from cybercrime, potentially losing $305bn and $347bn respectively.
Accenture said a growing dependency on complex internet-enabled business models would outpace companies' ability to introduce adequate protections for critical assets.
After surveying 1,700 business leaders, it found that just 30% are very confident in internet security, with 80% adopting new technologies quicker than they can address cyber security.
"Internet security is lagging behind the sophistication of cyber criminals, and is leading to an erosion of trust in the digital economy," said Accenture's global communications, media and technology lead, Omar Abbosh.
"To become cyber-resilient, companies need to start bringing CISOs' expertise to the board, ensuring that all business managers are held responsible for security and data privacy."