Businesses are in an "arms race" with criminals over the threat of cyber attacks, according to a new report by BT and audit firm KPMG.
Only a fifth of IT bosses within major corporations are confident they are fully prepared for a cyber attack, the report claims, despite findings that showed 97% of those asked had experienced an attack of some kind.
BT Security CEO Mark Hughes said: "The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft. The 21st-century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market."
"With cyber-crime continuing to escalate, a new approach to digital risk is needed - and that means putting yourself in the shoes of attackers. Businesses need to not only defend against cyber-attacks, but also disrupt the criminal organisations that launch those attacks.
"They should certainly work closer with law enforcement as well as partners in the cyber security marketplace."
In 2015, telecoms firm TalkTalk was the victim of a large-scale cyber attack.
But, according to the new report, Taking the Offensive - Working Together to Disrupt Digital Crime, fewer than half of the IT bosses asked said they had a strategy in place to prevent criminals gaining access to their organisations.
The report calls for cyber security to no longer be regarded "simply as a defence exercise", adding more companies should take on the role of the "enabler" in order to become more secure.
Paul Taylor, KPMG's UK head of cyber security said: "It's time to think differently about cyber risk, ditching the talk of hackers and recognising that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources - intent on fraud, extortion or theft of hard-won intellectual property.
"Talking generically about cyber risk doesn't deliver insight. You need to think about credible attack scenarios against your business and consider how cyber security, fraud control and business resilience work together to prepare for, and deal with, those threats.
"If that's done, then cyber security can become a mainstream corporate strategy as a vital component of doing business in the digital world."