Over 40 percent of organisations do not know where their data is stored, according to a report by the Institute of Directors (IoD) and Barclays based on a survey of 980 IoD members.
The survey found that 59 percent of respondents now outsource data storage, underlining how popular third-party cloud environments have become.
However, a worrying 43 percent do not know where their data is stored.
"This is a truly frightening statistic. It effectively means that businesses are losing control of their organisation’s data, which may well be the biggest asset of a business,” said the IoD.
The report also found that under a third of respondents do not refer cyber incidents to the police, despite the major risks they pose.
Professor Richard Benham, author of the report, warned that companies must wake up to the serious nature of cyber threats and make cyber security a boardroom-level issue.
“No shop owner would think twice about phoning the police if they were broken into, yet for some reason businesses don’t seem to think a cyber breach warrants the same response,” he said.
“Our report shows that cyber security must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”
The survey found that, despite this risk, only 57 percent of firms have a formal cyber security strategy in place, while just 49 percent provide cyber security training and awareness for staff.
The IoD explained that this is a major failing as human error is often at the root of many cyber incidents.
“Any cyber security strategy should include awareness training to be effective. The biggest risk as technology becomes more sophisticated is human failure,” the organisation said.
The need for such training was underlined by the fact that 71 percent of respondents had received bogus invoices from crooks attempting to elicit payments. This is an increasingly common tactic among scammers, who often try to pass themselves off as top executives to expedite payment.
This type of attack hit Snapchat earlier this week after an email purporting to come from the CEO triggered the leak of staff payment information.
Only 20 percent of companies have any form of cyber insurance, despite the financial risks, but Benham believes that this will rise to 90 percent by the time the next survey is carried out.
"With the threat of cyber attacks becoming more frequent and some household names providing credible case studies, it is no surprise that many are predicting that cyber insurance cover will become a ‘must have’ for businesses," he said.
To hear more about security challenges, the threats they pose and how to combat them, sign up for the Computing Enterprise Security and Risk Management conference on 24 November.
Climate change likely forced inhabitants of Indus Valley civilisation to resettle in the Himalayan foothills
Shift in weather patterns made agriculture almost impossible in the Indus Valley region
Researchers claim that the magnetic properties of a thin-film material can be controlled by applying a small voltage
Dubbed Antlia 2, the ghost galaxy sits just 130,000 light-years away from the Milky Way
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites