The Cyber Aftershock report, created by insurance broker Lockton, surveyed 200 professionals earlier this year.
It reveals that just 26 per cent of UK businesses involve their head of PR and communications when planning their response to hacks. This is despite 63 per cent saying reputational damage is one of the biggest impacts on a business following a cyber security attack.
The report also shows that less than half (42 per cent) of businesses include managing PR in their current response protocol after a data breach.
Peter Erceg, senior vice president of global cyber and technology at Lockton said: "In recent times a number of big brands have become synonymous with the large, well-publicised attacks that have befallen them, in part because they didn't take communication seriously enough. It could take years for them to shed that stigma."
Responding to the report, Insignia Communications' MD Jonathan Hemus said PR should be integral to all stages of cyber security planning.
Hemus said: "There is a long list of actions this team [PR] can take responsibility for as part of the planning process, including identifying stakeholders and appropriate channels of communication, agreeing messaging and approval processes for post-breach communications and providing media training for spokespeople."
PR for Lockton on the report was provided by Instinctif Partners.