Prepared by cyber security firm Websense and Ponemon Institute, the report, 'Exposing the Cybersecurity Cracks: A Global Perspective', also revealed that firms have limited visibility into attack activity.
"The report reveals that how better communication and information about cybersecurity, the right investment in skilled personnel and enabling technologies and the adoption of security measures will minimise risk of current and emerging cyber threats," Websense Regional Director SAARC Surendra Singh told PTI.
The study surveyed 545 IT and IT security practitioners in India with an average of 8 years experience in the field, he added.
According to the report's findings, 25 per cent of cyber security teams never speak with their executive team about cyber security.
More From This Section
Of those that did, 25 per cent spoke just annually and 18 per cent spoke semi-annually. Just 1 per cent spoke weekly.
Sixty-seven per cent of respondents said they personally know another security professional whose firm had sensitive or confidential data stolen as a result of an insider threat, the report said.
Only 32 per cent of respondents believe their company is investing enough in skilled personnel and technologies to be effective in executing its cyber security objectives or mission.
In fact, 45 per cent of companies represented in this research do not provide cybersecurity education to their employees.
"Very few companies take steps internally to deal with new and emerging threats. When there is awareness about a new cyber threat, the primary response is to reach out to outsiders such as CERT, law enforcement and industry peers," the report said.
Singh suggested that firms need to eliminate uncertainty of cyber risks and invest in technologies that provide visibility and details about high-risk behaviour and attempted attacks.