UK businesses are lagging behind many of their overseas trading partners in protecting data, according to PricewaterhouseCoopers.
Nearly half (49%) of UK executives do not know how many security incidents their organisations have experienced in the past year, the report said.
That is compared with just 7% in China, 18% in India and 41% in the US, according to the 2009 Global State of Information Security Survey by PricewaterhouseCoopers.
Only 37% of UK respondents said their organisation had an accurate inventory of where sensitive data was stored, compared with 50% in China and 48% in the US.
Almost two-thirds (63%) of UK respondents admitted they do not have a chief information security officer. This puts the UK 5% behind the US 18% behind China.
More than half (53%) of UK companies said they do not have a disaster recovery plan, compared with 35% in the US.
Global investments in information security are led by the use of biometrics, especially in China, where 69% of respondents said they were used, compared with just 22% in the UK.
Jon Hayton, a director in PwC's forensic investigations team, said good security practice needs to be embedded into the DNA of a business, not bolted on as an afterthought.
"Unfortunately, there are many organisations where this is still the case. This makes their security performance very fragile," he said.