Despite publicity about hackers, intrusions into company databases and even the insertion of computer viruses into Iran's nuclear program, most companies simply aren't prepared to handle them, a new study from International Business Machines Corp. (NYSE: IBM) determined.

A survey of 138 chief security officers in the same number of companies worldwide in the first quarter found there's more awareness of cyberthreats but not enough preventive activity, said Marc van Zadelhoff, vice president for strategy of IBM's security systems division and a co-author of the study.

The Armonk, N.Y., computer company established the security systems unit last year to sell new products as well as spearhead cyberawareness across the industry.

The study found companies generally behave as influencers, with technology executives who impress management with the need for security; protectors, who do an adequate job and reactors, who merely react to threats but don't have much of a prevention plan to deal with future threats.

There are not clear differences in the profiles, van Zadelhoff said, noting that some large companies are way behind the curve, while smaller ones are ahead of it.

In an interview, the IBM security executive said he was told by corporate chief security officers that when they had access to the chief executive, the chief financial officer and other top executives and explained the nature of new threats, now increased by products like the iPad from Apple Inc. (Nasdaq: AAPL), the world's most valuable technology company, the companies acted smartly.

Without that access, the companies' reactions were poor. The survey found 71 percent of the more-advanced companies had a dedicated budget for security compared with only 27 percent for the least advanced.

It's easier to roll out strategies when everyone buys into it, including the CEO, van Zadelhoff said.

IBM shares closed Thursday at $207.22, down 82 cents, bringing the company's market value to $239.1billion.