More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.
More distressing is that 40 percent of executives said they don't feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq.
"I think the most shocking statistic was really the fact that the individuals at the top of an organization — executives like CEOs and CIOs, and even board members — didn't feel personally responsible for cybersecurity or protecting the customer data," Damato told CNBC's "Squawk Box" on Friday.
"As a result they're handing this off to their techies, and they're really just placing their heads in the sand right now," he said.
The findings come at a time when companies around the world are losing $445 billion due to cybercrime last year, according to an estimate by the Center for Strategic and International Studies.
The frequency and severity of cyber penetrations, as well as the sophistication of hackers, has increased dramatically, said Lou Modano, chief information security officer at Nasdaq.
"What has not kept pace with that is the education level, the understanding of the impact of cyber across all industries," he told "Squawk Box."
While the topic is complex, executives need to be educated about cybersecurity and become fluent in the issue, Damato said. Further, the corporate world lacks a standard measure for cybersecurity, which means companies cannot be assessed by a common metric, and executives have no rubric to determine their performance, he added.
Other findings from the study showed that 98 percent of the most vulnerable executives have little confidence their firms constantly monitor devises and users on their systems.
The survey was conducted by Goldsmiths and included responses from 1,530 nonexecutive directors and C-level executives in the United States, United Kingdom, Germany, Japan and Nordic countries.