Just over half of businesses have continuity plans, and only half of these have been tested, a survey of 495 chief information officers, IT directors and executives around the world by consultancy Ernst & Young reveals.
Forty per cent of the companies questioned do not investigate a security breach, despite the possibility that hackers may have planted malicious code or back doors.
Many firms have failed to take basic security measures, the research shows: 19% do not have anti-virus procedures; 28% do not use access management, although 66% do use firewall management.
Two-thirds of the organisations surveyed admitted that poor employee awareness of security is problem but less than half offer training.
On the positive side, the survey shows that 74% of organisations have an information security strategy, and 70% are planning to enhance their business continuity and IT disaster recovery plans.
Nearly half of the companies surveyed do not recognise business continuity as part of their corporate strategy, but as a technical issue for the IT department.
About 60% of the respondents expect to become more vulnerable as use of the Internet grows, but only 40% feel "very confident" of their ability to detect attacks.
Fifty six percent of organisations said that hardware and software failures where the biggest cause of system unavailability, followed by telecommunications failure.
Malicious attacks, operational errors, system capacity and supplier failures were ranked by 25% of the respondents as causes for system unavailability.