If you think you're able to dodge a data breach without putting in the work, think again. This year, organizations have reported more data breaches than the year prior, seeing on average a 10 percent jump in breach frequency. So what are they doing to improve these numbers? A new study says: not enough.

That's according to a new Ponemon Institute report, which examined organizations' breach readiness across 14 different sectors. The big takeaways? The lion's share of groups has seen more than one big breach this year – a staggering 60 percent. That's up from 52 percent last year. (In healthcare, all told, nearly 39 million individuals have had their protected health information compromised in privacy and security breaches since 2009.)

Moreover, most respondents are unsure their organization even understands how to respond and handle the aftermath of a breach – not to mention considering the nearly $2.4 million price tag these breaches come with.

It's not all bad news, however. Study findings also underscore a significant 12 percent uptick in the number of respondents who have established both data breach response teams and plans. This year, some 73 percent of companies have these, compared with 63 percent in 2013.

"Compared to last year's study results, survey findings show encouraging signs that organizations are beginning to better prioritize data breach prevention, but more needs to be done," said Larry Ponemon, chairman and founder of the privacy research firm Ponemon Institute, in a press statement announcing report findings this month. "Companies should be careful of not becoming complacent because they have a response plan in place or just completed a security audit. Preparedness requires ongoing maintenance and diligence."

Simply because organizations have the plans in place does not denote effectiveness, researchers note. In terms of how effective respondents actually rated their breach response plans, a sizable 30 percent considered their company's plans ineffective.

Contributing to this ineffectiveness is the fact that these organizations fault to review these response plans in a timely manner, findings suggest, with 37 percent of respondents saying the plans have not been updated or even reviewed since they have been implemented.

"A checklist response plan alone doesn't mean you're prepared," noted Michael Bruemmer, vice president of Experian Data Breach Resolution, which sponsored the study, in a statement. "There should be an incident response team in place that practices the plan and ongoing investment from the C-suite to ensure technologies are up-to-date, external breach experts are secured, and selection of an identity protection product for affected customers is determined prior to an incident to ensure a quick and smooth response."

Beyond response plans, the study also underscored another notable finding: that as these breaches increase in scope and frequency, cyber insurance policies are becoming more integral to an organization's response plans. In fact, the percentage of companies who have purchased these policies has more than doubled from last year, going from 10 percent in 2013 to 26 percent today.

One caveat to those considering jumping on this train? "You need to be very careful in what you buy," said Gerry Hinkley, partner at Pillsbury Winthrop Shaw Pittman's healthcare practice, who talked to these insurance policies at the Healthcare IT News Privacy and Security Forum this summer.

In preparing properly for a HIPAA breach, he advises that organizations should engage their risk management department and look into purchasing cyber insurance. But first, know what's in the insurance policy, as many of the cyber insurance policies are services agreements with pre-selected approaches to deal with breaches and subsequent notification.