Over 90% of chief information security officers at FTSE 100 and FTSE 500 companies expect they will be targeted by cyber attacks in 2016 and almost three-quarters said they didn’t think they had adequate security in place to deal with the danger.

This is one of the stark and worrying findings from the ‘IT Budget Benchmark 2016’ survey by CEB, a consultancy firm of 160 FTSE-level organisations.  Many are throwing money at the problem in response, with CEB finding that security spend will account for 6.2 per cent of all IT budget spend this year.

Targeted cyber attacks often rely on IT infrastructure vulnerabilities. The best way to protect against these is to find and fix them before the attackers do.

Yet, there’s a difference between what is said and what is done when it comes to keeping company-sensitive data secure. Despite the recent high-profile cyber attacks and increased privacy regulations, employees (including those in IT and top management as well as others) appear to be largely unaware of the behaviors that put corporate and personal data at risk. 79% of corporate executives surveyed in a Symantec Survey (1) admit to—intentionally or unintentionally—engaging in behaviors that wind up placing corporate data at significant risk of security breach.

Cyber attacks have become an ever-increasing threat. The F.B.I. now ranks cyber crime as one of its top law enforcement activities, and President Obama’s proposed a budget in 2015 sharply increased spending on cyber security, to $14 billion. The average cost of a data breach is rising for companies to $3.8million in 2015.  Cyber attacks have increased in frequency and in the cost to remediate the consequences.  The cost of data breaches due to malicious or criminal attacks increased from an average of $159 in 2014 to $170 per record in 2015 (2).

(1) “Keeping Your Data Safe: Protecting Corporate Information in the Cloud” Study conducted by WSJ. Custom Studios in collaboration with Symantec Corporation.

(2) “2015 Cost of Data Breach Study: Global Analysis” Study conducted by IBM and Ponemon Institute.