New research has claimed that an alarming amount of organisations have not allocated specific budget for information security and data protection.
A report from Mimecast found that a fifth of organisations don't have dedicated budget set aside for these areas, raising serious questions about how seriously they are taking the issue.
The findings are particularly worrying given many businesses don't appear to be able to monitor their own security protection effectively. 15 per cent of organisations surveyed said that they didn't whether they had suffered a data loss incident in the last 12 months, and more than a quarter (27 per cent) blamed human error for previous data loss.
And with just a matter of months before the new GDPR rules come into force, many of the businesses surveyed were found to be somewhat behind in terms of their preparation.
Just under half (44 per cent) of the UK organisations surveyed believe their email system contains personal and sensitive data as defined by the EU GDPR, however only 17 per cent are confident they could retrieve this personal or sensitive data immediately - with the average number of hours it would take for UK organisations to find and retrieve personal or sensitive data clocked at eight hours.
Mayur Pitamber, cyber resilience expert at Mimecast, said that the survey clearly showed that more needs to be done to stop human error resulting in data loss.
"Employees are an organisation’s most valuable asset and the cyber resilience responsibility needs to be shared with everyone to improve the response to new cyber threats," he noted.
"Organisations must have a holistic plan that embodies security, business continuity, data protection and end-user empowerment; and to ensure the entire organisation is educated, engaged and involved in planning and response, from the boardroom to IT and beyond.”