A remarkable one third of global enterprises have no set systems or plans for dealing with a cyber attack, despite the very obvious threats and risks.
The startling number was revealed by security firm RSA in a study called Closing the gap on breach readiness (PDF). The study showed that many companies are still putting staff, partners and customers at risk.
"Organisations are struggling to gain visibility into operational risk across the business," said Dave Martin, chief trust officer at RSA.
"As business has become increasingly digital, information security has become a key area of operational risk.
"While many organisations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits the visibility into their actual risk profile."
Evidence of the sort of threats out there is plentiful. Heartbleed remains a problem one year after its discovery, and there have been major breaches at large high street retailers and entertainment companies.
The US government has had to fend off attacks on its own systems, and has recommended better information sharing and response.
The RSA survey looked at company readiness in terms of incident response, content intelligence, analytic intelligence and threat intelligence.
RSA claimed that companies cannot handle all four security elements and need to get a better grasp of the available solutions and information.
"People and processes are more critical than the technology as it pertains to incident response," said Ben Doyle, chief information security officer at RSA partner Thales.
"First, a security operations team must have clearly defined roles and responsibilities to avoid confusion at the crucial hour.
"But it is just as important to have visibility and consistent workflows during any major security crisis to assure accountability and consistency and help organisations improve response procedures over time."
RSA's study looked at the readiness of 1,000 companies that are members of the Security for Business Innovation Council. The report also found half of the remaining two thirds regularly review or update their policies.
Deal intended to help organisations chip away at their unstructured data
Nvidia takes aim at organisations looking to incorporate AI and VR
Cook told Apple staff in an email that "hate is a cancer"
Galaxy Note 8 will offer IP68 certification, a Samsung Exynos 8895 CPU, 6GB of RAM, 64GB of storage and IP68 certification