The government replied by saying it was "committed to tackling cyber-crime".
It comes as police are investigating a ransom demand from a group purporting to be behind the TalkTalk attack.
The Home Office said it had invested £860m in cyber security through the National Cyber Security Programme.
`Urgent priority`
TalkTalk revealed on Thursday it had been the victim of a cyber-attack in which the personal and banking details of up to four million of its customers may have been accessed by hackers.
The company said a criminal investigation had been launched into the attack. It has said it does not know how much of the customer information was encrypted.
BBC business correspondent Joe Lynam said it was not clear what the encryption requirements were for companies holding customer data.
He said there had been some reports of TalkTalk customers seeing suspicious activity on their bank accounts but so far no confirmation of fraud relating to the hack.
IoD senior corporate governance adviser Oliver Parry urged the police to make cyber-crime an "urgent priority and investigate theft of data just as it would theft of physical property".
He said that while the government had a role to play in passing information onto companies, companies themselves "are ultimately responsible for protecting their customers` data".
"The risks need to be reviewed regularly by the board of directors, who must ensure they know where the potential threats are coming from and are prepared in case the worst happens.
"The UK is a world leader in the digital economy, so we urge the government and companies to work together to make us the world leader in countering the scourge of cyber-crime."
TalkTalk chief executive Dido Harding said she did not know whether the ransom email was genuine.
More about:
