Despite the recent security breaches to major companies like Adobe and Target, a majority of businesses still do not have a response plan in case an online security attack occurs. In a study conducted by the Economist Intelligence Unit and sponsored by Arbor Networks, research revealed that 83% of businesses are not fully prepared to handle a cybersecurity attack.

“As these findings show, when it comes to cyber-attacks, we live in a ‘when’ not ‘if’ world,” said Matthew Moynahan, president of Arbor Networks. “In the wake of recent high-profile targeted attacks in the retail sector, a company’s ability to quickly identify and classify an incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.”

(Related: 2014 is the year developers focus on security)

The report found that over the past two years, 77% of companies suffered from a cybersecurity attack, and more than a third of those companies still don’t have a response plan.

Arbor Networks reported that one of the problems is that businesses have a lack of understanding about threats. Forty-one percent of survey respondents stated an understanding of potential threats would help them be better prepared.

Other survey key findings include 37% of respondents saying they on the IT department to lead a response to an incident; 57% don’t report incidents if they’re not legally obligated; and about two-thirds of executives believed responding effectively to an attack would enhance their reputation.

The report also provided some advice about incident responses from security experts. They included determining the incident, applying a plan to the incident, communicating with caution, and reviewing the response outcome.

The full report, “Cyber Incident Response: Are business leaders ready?” can be found here. Report findings are based on 360 business leaders (of which 73% are corporate-level managers or board members) from the United States, Europe and Asia.