Cyber security ‘blind spot’ leaves businesses exposed