Many companies are unprepared for data breaches and hacking incidents - and the percentage of companies without any form of crisis response plan has actually grown in the past year, according to research by consulting firm Protiviti.

Protiviti's 2013 IT Security and Privacy Survey found that mainstream media reports of "cyberwarfare" had raised awareness of security issues - but just 66% of IT and security staff surveyed said that their firm had a data breach crisis plan in place, in contrast to 73% in 2012.

More than a third of the CIOs, CTOs and IT staff polled said they either didn't know whether their company had a crisis plan, or that their organization didn't have one.

"What is perhaps most intriguing, or even puzzling, is that one out of five organizations - 21% - do not have a formal and documented crisis response plan in place. This is far from best practice when considering the volume of cyber attacks occurring today," Protiviti said in its report.

"While a majority of organizations report they are prepared to respond effectively in the event of data breaches or hacking events, the downward trend in the year-over-year results is unexpected, considering the growing number of data breaches and privacy laws as well as the many reported data breach incidents over the past year," the consulting firm's report said. "A surprisingly high number of companies are not adequately prepared to respond to such a crisis."

The survey polled 200 CIOs, CTOS and IT staff in large organizations in fields ranging from manufacturing to financial services.

"More than two out of three companies – 67 percent – report they are elevating their focus on information security in response to recent press coverage on so-called “cyberwarfare,"" the firm said in its report.  "Without question, the market is becoming more sensitive to this topic, which is good news. The“bad” news is that expectations are also rising for CIOs and information security and IT professionals to protect the enterprise and its data."