"Oftentimes, we speak to business leaders who simply dont think they are a target. They dont realize the wealth of information they have and how valuable that information is to a criminal," Cole explained, when asked for an opinion on the five percent, and how such a belief could exist these days.
"Or, quite simply, they think they have nothing worth taking (which most likely isn't true). However, even if that is the case, where the attackers target a business that may not have data they can profit from, they can still use that business as a pivot point into other organizations," Pogue added.
Still, 58 percent of the respondents overall cited customer data loss as the top pressure point during an incident's aftermath, but is this just a byproduct of risk assessment? Is the fact that data loss trumps fines and legal action because such a loss means perpetual damage to the business and its customers, versus a fine, which is often a one-off type of hit?
"Its all risk assessment. How much protection is enough? One breach could lead to losing the integrity of your business, whether it's losing customers, intellectual property, customers' trust and/or a financial loss. Small and mid-size businesses would suffer the most from this loss. They cannot afford to lose customers and still stay in business," Cole said.
The topic of how much is enough was also referenced in the pressures related to features vs. resources. A majority of respondents said they feel pressure to select the latest security technologies, but at the same time, they also lack the proper resources to use them.
In addition, there's a good deal of pressure to use cloud-based technologies and mobile applications, but those were also the top two items listed when it came to security risks from emerging technologies. Staffing was another pain point, with nearly half the respondents reporting that if they had twice the staffing levels currently available, they'd be able to lower the stress levels and improve job effectiveness.
The report also covered internal stress, specifically those who reported being pressured to rollout IT projects despite security concerns. When asked, 79 percent of the respondents said that they've had to launch an IT project despite security concerns at least once or twice, or worse, they're frequently pressured to do so.
"Its logical business," Cole said, when asked why something would be pushed with valid security concerns.
"Business leaders have to find new ways to market their products and those are at the forefront of their business decisions, not security. We often see companies launch websites that are not secure because they are solely focusing on selling their products."
Sign up for CIO Asia eNewsletters.