Half of the CEOs questioned as part of The Economist Intelligence Unit's Information Risk report admitted that they had not been trained in what to do in the event of a major data breach.
The HP-commissioned survey of 300 business leaders worldwide looked to determine what approaches companies are taking to manage the risk of information.
The perceived value of information has never been higher. One-in-three respondents estimate the value of information held by their organization to be between 10% and 50% of total assets.
"Enterprises must identify the appropriate governance procedures to assure that their information and that of their customers is given the appropriate protection. This increases the burden of care on the service provider," Andrzej Kawalec, HP Chief Technologist told CBR.
"With the line between public, personal, sensitive and private data being blurred, the industry desperately needs a clear definition of what is public and what is private. Cloud is no different from outsourcing or shared services."
Just as technology has transformed information into a valuable business asset, outsourcing, cloud computing, social media, bring-your-own device and other technology-enabled business trends have meant that information is increasingly dispersed across the globe. This has increased its appeal and accessibility to competitors and attackers, as well as made it more vulnerable to careless employees.
"For enterprises, it is no longer a case of if they are breached, but when. How enterprises respond in the first minutes and hours following a major incident can be the difference between success and failure," warned Kawalec.
Kawalec has advised businesses to adhere to the following tips to keep minimise their information risk:
Do not panic
Enterprises have been living with these vulnerabilities now for years. In many cases these vulnerabilities rely on a user action - clicking on a link or website - to unlock their potential. Always click carefully.
Close applications when they aren't being used
Cyber criminals and hackers will often use information gathered from a mobile device - contact/social media/location - to build up a profile of an individual and perform more targeted attacks aimed at the employer or corporate systems.
Update software, both the applications and the operating system on mobile devices.
At HP we are constantly working with our partners to close security flaws in their mobile applications, which often prey on old versions of software. Lastly, if in any doubt, users should delay the actions they were going to take on their mobile devices, and wait until they can perform it using a laptop or desktop. The same encryption standards applied across PCs are not yet being applied to mobile devices.