In the last 12 months or so, one of the biggest trends in the IT industry has been the huge increase in cyber attacks - both in terms of the volume of incidents and the level of sophistication involved. And this is getting noticed outside the specialist press, as the most serious attacks now frequently make mainstream headlines.
But despite businesses such as Target, Home Depot, Anthem and Sony Pictures serving as cautionary tales for IT professionals around the world, there is still an unacceptable level of complacency in many businesses about how badly they could be affected.
Often, companies do not recognise their true level of risk, or badly underestimate exactly how much damage falling victim to an attack can cause.
In reality, the effects of a successful cyber attack can be far-reaching and impact almost every area of a company. For starters, there is the financial cost of defending against an attack and upgrading protections to ensure any security holes are closed. But then there is the huge hit to productivity that businesses can face if essential applications are knocked offline or data is deleted.
And these are just the immediate costs. In the longer term, many businesses may struggle with the reputational damage a cyber attack can cause, and be left liable for large fines and compensation from regulators.
In the UK, for instance, the Information Commissioner's Office has the power to levy penalties of up to £500,000 for serious data breaches. But this pales in comparison to the $10 million (£6.54 million) settlement Target recently agreed to pay its customers who had financial details stolen, and the $20 million it is paying MasterCard to reimburse it for losses the credit card provider incurred as a result of the breach.
Despite these huge figures - and warnings from many experts that cyber attacks are only set to increase in frequency in the coming years - too many businesses still do not have an effective plan for dealing with data breaches. In many cases, what defences they do have in place are focused more on preventing attacks and do not consider how they should respond if these plans fail.
Take, for example, the massive Sony Pictures attack that occurred towards the end of last year. As well as the reputational damage caused as the result of having private emails revealed to the world, the company also saw huge amounts of valuable data lost as the attackers systematically wiped servers of information. But the problems were exacerbated by the fact that the company simply had no idea how to respond to the crisis.
Chief executive of the studio Michael Lynton stated earlier this year the firm had "no playbook" for the attack, which left it scrambling for contingencies to conduct even the most basic functions, such as digging out old phones to restore communications and even resorting to paying staff by paper cheque.
"They came in the house, stole everything, then burned down the house. They destroyed servers, computers, wiped them clean of all the data and took all the data," he continued.
This is just one example of the damage that can be wreaked on a business with a severe hacking attack, and illustrates the importance of drawing up reaction plans.
When a company is busy fielding angry calls from customers, enquiries from the press and complaints from workers who can't do their jobs, being able to refer to a detailed, comprehensive plan could be the difference between a company getting back on its feet quickly or losing even more money while it remains non-operational.