Only 51% of UK companies have fully secured critical data, according to a new report issued by NTT Security. This has implications for data breaches as well as GDPR and regulatory compliance and could result in heavy fines for almost half the companies in the UK.

The Risk: Value 2018 Report was created by interviews and surveys conducted with over 1800 global participants. The report found several areas of concern when it comes to data security in the UK and internationally.

While the risk and impact of cybersecurity breaches are increasing, it appears that companies are unprepared for the possibility. Only 38% of respondents worldwide have a dedicated cyber insurance policy. However, 21% say that they intend to get cyber insurance in the near future.

Regionally, the U.S. has the most respondents with cyber insurance at 54%; followed by APAC at 38% and EMEA at 34%. The lack of cyber insurance is even more troubling in the face of increased risk of a data breach, and the rising cost of recovery from one.

The expected cost of recovery from a data breach is $1.52 million USD. This is an increase from $1.35 last year, and less than $1 million in 2015. 24% of the survey respondents were unable to predict the recovery cost for their organization at all.

The study found that a company’s greatest concern in the event of a data breach is the effect it would have on the corporate image. This concern includes the loss of customer confidence and damage to the company’s brand and reputation.

Financial costs followed, with 40% of respondents citing it as a primary concern.

The 2018 Thales Data Threat Report found that the risk of a data breach has increased over 2.5 times over 2017. However, one in three respondents said that they do not expect to suffer a breach.

And due to this overconfidence, one in five UK firms would pay ransom to retrieve data from a hacker, rather than invest in cybersecurity today. And that number was significantly better than the global average of one in three.

This reactive mindset may be due to a skills shortage as well.

The report found that almost half of UK companies (46%) do not have the skills and resources in-house to deal with security planning and implementation.