More than two thirds of companies say their directors have no training in responding to cyber-attacks, according to a government survey.
Of 105 businesses from the FTSE 350 questioned, one in 10 revealed they have no plan to cope with hacking.
Digital Minister Matthew Hancock said May’s NHS attack showed the “devastating effect” of breaches.
He urged companies to take advice as well as training by the National Cyber Security Centre.
The Cyber Governance Health Check – an annual survey – found of which 54% of company boards said computer hacking was one of the main threats to their business.
yet 68% of them had no specific training to deal which has a hacking incident.
The survey found some progress, however, with 31% of boards receiving comprehensive information about computer security risks, compared to 21% in 2015-16.
Mr Hancock said: “We have a long way to go until all our organisations are adopting best practice.”