New research developed by the UK government shows British businesses lagging far behind rival countries in responding to cyber attacks.
Two in three bosses of the biggest companies in Britain have not been trained to deal with a cyber attack or major data breach, it found.
Mobile operator Three has seen two embarrassing data leaks in the past year, where 130,000 customers logging in to their My3 website could see the accounts, names and addresses of other customers.
And TalkTalk were hit with a £100,000 fine by the Information Commissioner’s Office for allowing an outside IT contractor easy access to customer accounts.
The government surveyed companies on the FTSE 350, the largest companies in Britain on the London Stock Exchange.
Half of the 350 businesses surveyed said cyber threats were a “top risk”, but only a third had had any training on the issue.
Minister for Digital Matt Hancock said: “We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.
“These new reports show we have a long way to go until all our organisations are adopting best practice.
“The Government is fully committed to defending against cyber threats and a five-year National Cyber Security Strategy was announced in November 2016, supported by £1.9 billion of investment. This includes opening the National Cyber Security Centre and offering free online advice as well as training schemes to help businesses protect themselves.”
45% said they have serious concerns about meeting government targets over deleting personal data they hold.
Only 6% said their company was fully prepared for the new regulation.
The government will soon be bringing forward its new Data Protection Bill and new data protection laws are due to come into force in May 2018.