A global survey of 1,600 executives and IT practitioners published today suggested the level of risk organizations face is not being correctly assessed by nearly half of respondents.

Conducted by the market research firm Vanson Bourne on behalf of Veritas, a provider of data management and protection tools, the survey initially found that 48% of respondents could not identify any risk to their organization. However, when asked about specific issues, nearly all respondent (97%) identified data security (46%), economic uncertainty (38%) and emerging technologies (36%), such as artificial intelligence (AI), as threats to their organization. Notably, 15% of respondents even went so far as to say they did not believe their organizations could survive another 12 months given the risks they currently faced.

Overall, a full 87% also acknowledged their organization had experienced a negative impact from risks, with data security (40%) followed by economic uncertainty (36%), competition (35%) and emerging technologies (33%) all having an impact.

A sizable majority (65%) said that, over the past two years, their organizations had been the victims of at least one successful ransomware attack. More than a quarter (26%) said they did not report those attacks. Breaches that caused a failure to comply with regulatory requirements cost respondents’ organizations, on average, more than $336,000 in regulatory compliance fines during the last year than the previous year, according to the survey.

The survey also found more than half of respondents (54%) were likely to say risks to data security have increased rather than decreased (21%) over the last 12 months.

Sonya Duffin, director of solutions marketing for Veritas, said the survey results make it clear there is a need for a more holistic approach to data security. Too many organizations are still managing cybersecurity and data protection in isolation from one another.

Of course, the biggest concern remains a lack of awareness unless a crisis occurs. Far too many executives and IT practitioners still view cybersecurity as a response to an event rather than an ongoing process that needs to be maintained. There are more conversations occurring about cybersecurity as more regulations are imposed, but it has yet to approach the level where it is recognized as a potential existential threat to an organization.

Hopefully, as cybersecurity professionals become more adept at framing risks in a context business leaders can understand, there will be a greater appreciation for cybersecurity. In the meantime, a steady stream of breaches involving organizations of all types and sizes doesn’t appear to have the same impact as it once might have as business leaders become more inured to cybersecurity threats. It’s not clear to what degree that shift in attitude is the result of having already experienced a breach or whether a lack of robust cybersecurity defenses has become just one concern of many.

Regardless of the root cause of the issue, however, it’s only a matter of time before most organizations experience some type of breach. The issue then becomes how quickly an organization can recover from the damage that breach might inflict when they are often  more fragile than many business leaders might actually appreciate.