UK companies are not on top of cyber-security incidents or their causes just yet, according to PricewaterhouseCoopers' Global State of Information Security Survey 2016 report.
The survey shows that nearly 10 percent of UK companies do not know how many cyber-security attacks they had in the past year and 14 percent don't know how they occurred.
PwC interviewed more than 10,000 executives (637 from the UK) in 127 countries across various industries about the challenges that companies encounter when defending against cyber-attacks.
Many organisations don't know how to prevent or detect attacks or lack the resources to fight today's cyber-criminals.
However, the survey shows that organisations worldwide are starting to act and think seriously about cyber-security, said Dave Burg, global and US cyber-security leader at PwC.
“We are seeing an increase in awareness of the risk and opportunities, and more boards are becoming more actively engaged in cyber-security preparedness,” Burg said.
The report said keeping a precise inventory of personal data is a top priority for UK organisations in the next year. In the past year, the survey found that the percentage of customers records that had been comprised had risen to 38 percent, up from 28 percent the previous year, while compromises of employ records grew to 33 percent, from 29 percent the year prior.
The survey found that a third of reported UK incidents are due to mobile devices being exploited. Insiders, whether current or former employers, are at the top of the list as major sources of incidents which now cost an average of £1.7 million.
Cloud computing and the internet of things are making huge impacts on technology innovation, but also the sum of attacks.
There was an increase of 38 percent in detected information security incidents and a 24 percent boost in security budgets in 2015.
In the past year, UK security budgets on average were 3.7 percent of the total IT budget, compared with 3.65 percent in Europe and 3.78 percent in the US.
Only 36 percent of UK survey respondents had an approach to address risks from the internet of things.