And, the accountancy firm said, if companies do not have a firm view of how many security breaches they have had, it is questionable how they can make informed choices around budgets and prioritisation of
resources.
As a result of the issues raised in the report, PricewaterhouseCoopers said that UK firms and public sector organisations are losing ground to many of their major overseas trading partners when it comes to the security and protection of data.
The survey - which drew in responses from 7000 IT professionals around the world - found that only 37% of UK respondents said their organisation had an accurate inventory of where sensitive data was stored.
According to the research, which was carried out in conjunction with CSO magazine, just 37% said they employ a chief information security officer (CISO), and less than half (47%) have a disaster recovery plan.
Both figures, said the report, are significantly higher in the US.
William Beer, director of PricewaterhouseCoopers' One Security practice, said that the recession means all budgets are under pressure but many companies know that now is not the time to slash their security spend.
"There are a host of new and emerging threats that range from complex malware to attacks from cyber-criminals and e-espionage, all of which can result in material loss and reputational damage", he said.
"We are also aware that, at a senior level, UK executives are extremely anxious about moving to digital business models, where core information assets, such as customer data and intellectual property, may be shared with business partners and outsourced suppliers, often in other countries. This adds another dimension to the risks involved."