Recent press coverage of the increasing prevalence of cyberwarfare is causing companies to pay more attention to information security, yet many are underprepared to respond to a data breach, according to the new 2013 IT Security and Privacy Survey [PDF], by the global business consulting firm Protiviti.

Over 68 percent of the 200 chief information officers and IT executives surveyed said they are increasing their focus on protecting their company’s data. But more than a third said their organizations lack (or they are unaware of) a formal crisis response plan that would be implemented in the event of a hacking or data breach.

“Cybersecurity must continue to be a major focus for businesses, especially in light of recent high-profile security breaches,” Cal Slemp, managing director with Protiviti, said in a statement. “While we’re seeing a greater number of companies across a wider range of industries devote more attention and resources to improving their approach to data security, there are still a lot of businesses that are susceptible to attacks.”

The survey also showed that organizations lack clarity on what constitutes sensitive, confidential, or public data, and only 63 percent of respondents said their organization has a formal policy in place for properly classifying data.

“The findings suggest many companies are either ineffective in securing the most important data or attempting to secure all data instead of focusing resources on data that presents the greatest risk, if exposed through a breach,” said Slemp.

As data security continues to play a larger role in business operations, the chief information officer is more often getting a seat at the table during strategic conversations, the survey found. CIOs are also seeing an increase in their responsibilities.

“The role of the chief information officer is becoming more prominent in organizations, in part because of the importance of data, both in terms of advancing the business as well as managing risk,” Slemp said. “The reality is that as data continues to evolve as a critically important asset, it must be managed differently, and more effectively than other assets.”

What steps is your organization taking to secure your data and defend against cyberattacks? Share your story in the comments.