A lack of investment and attention to detail in data security is putting customer data at risk, even though nearly half (46%) of all firms recognise they have a probable - or even greater - risk of an online data breach.
So says a new report from Ensighten which investigated the views and attitudes of 100 businesses - both global and UK firms - on their data security strategies.
For some it is already too late; over two in five firms (41%) had already experienced a data security incident, although the majority of those affected (56%) were at least putting new security measures in place.
Even so, 15% of firms admitted that they have a definite, known risk, while nearly three-fifths (67%) have not even evaluated, considered, or yet implemented data security for their website. Some 10% admitted that they do not measure vulnerabilities or areas of potential data leakage at all.
Moreover, the study revealed that 13% only review the security of their customer data just once every six months. This creates a risk to customer data security and privacy, as well as the regulatory threats to brands under the GDPR compliance regime, the study claims.
When looking at the most common issues to blame for large businesses' security vulnerabilities, poor management systems (39%) and insufficient budgets (38%) were the top concerns.
Some 17% of enterprises with over 5,000 employees also confessed they only spend between as little as £1,000 and £20,000 on the protection of customer data each year.
Ensighten chief revenue officer Ian Woolley said: "It's astonishing that nearly half of enterprises admit they are at risk of a website breach – and some are only checking security measures just once every six months. This is a global problem.
"We should question why companies aren't taking better care of their data. It shouldn't take a leak or breach to inspire action to improve marketing security when customer details are so sensitive. Prevention is better than cure. Brands must put the safety of their customers' data first.
"A lot of enterprises are on the brink of a website breach by failing to put a holistic security strategy in place. Companies must properly assess their strategies and defences to protect their customers - and ultimately their reputation and future."