Security firm RSA has released the results of its global breach readiness survey covering 30 countries.
It compared the global results with a survey of the Security for Business Innovation Council (SBIC), a group of security leaders from the Global 1000.
Using the SBIC as a benchmark, the results suggest the majority of organisations are not following incident response best practices.
As a result, they are not prepared to face the challenges of advanced cyber threats.
The survey report provides quantitative insights into real-world security practices and highlights gaps in technology and procedure.
It also included prescriptive advice from the SBIC for how to best close those gaps.
The survey focused on measures within four major areas of breach readiness and response: incident response, content intelligence, analytic intelligence and threat intelligence.
The results indicate that while leading SBIC members have developed an incident response function, 30 per cent of organisations surveyed do not have formal incident response plans in place.
In organisations with a plan, 57 per cent admit to never updating or reviewing them.
RSA chief trust officer, Dave Martin, said organisations are struggling to gain visibility into operational risk across the business.
"As business has become increasingly digital, information security has become a key area of operational risk and while many organisations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile."
Sign up for CIO Asia eNewsletters.