Michael Colao, global head of IT security at German bank Dresdner Kleinwort Wasserstein, said that when it comes to reporting incidences and dealing with the police, most companies are left clueless.
"My own personal attempt failed first time around," said Colao. "A lot of firms don't know how to respond to a crime properly, they don't have a crime strategy."
The problem, Colao said, was that there are very few solutions that actually deal directly with cybercrime and that when money is being spent it's spent in the wrong areas.
"What's the most likely form of attack?" Colao asked. "It's social engineering. Yet the budget is spent protecting from Russian hacker gangs."
Esther George, policy adviser at the Crown Prosecution Service HQ Policy Directorate, also suggested that more funds should be concentrated on social engineering.
"Staff are increasingly falling foul of social engineering by criminals," George said. "Data security is actually very high now, the problem is with education and recruitment [of the wrong sort of people]."
Colao and George were speaking at the Infosecurity Europe conference and exhibition in London.