According to the results of a recent survey of 150 IT decision makers at U.K. organizations with between 200 and 1,000 employees, fully 58 percent of surveyed companies acknowledged having suffered data breaches in the last two years.

The survey, conducted by Vanson Bourne and commissioned by GFI Software and Infinigate UK, also found that 37 percent of those attacks were deliberate acts that came from within the company, and 49 percent were deliberate acts from outside the company.

In response, 81 percent of respondents said preventing data breaches and increasing cloud security are among their organization's top priorities, and 89 percent respond to high-profile breaches by reviewing their current IT security posture.

Still, only 9 percent of IT budgets, on average, are dedicated to security. "The first major step in improving data security is giving it the priority it needs," GFI chief operating officer Sergio Galindo said in a statement.

Eighty-five percent of respondents said their organization could place more of a priority on IT security, and 79 said improvements could be made to their organization's IT security.

Key challenges to IT security, according to the survey, are lack of management buy-in (54 percent), insufficient internal resources and skills (48 percent), budget limitations (43 percent), and a lack of suitable solutions (29 percent).

"New trends are bringing new challenges to IT managers out there," Infinigate UK senior technical consultant Chris Payne said in a statement. "Sixty-one percent of surveyed organizations already have a BYOD policy in place, allowing employees to access internal resources through privately-owned mobile devices, and 71 percent of them are identifying Internet of Things as the next major threat to IT security."

"Only about 25 percent of respondents stated that they are completely confident in their organization being able to successfully tackle security incidents, which is really disappointing given the fact that there are many affordable tools which can simplify infrastructure administration and improve IT security," Payne added.

A separate survey [PDF] of 133 senior IT professionals and decision-makers at larger enterprises in Ireland found that 33 percent of respondents had suffered a data breach in the past year.

Fully 46 percent of respondents said they wouldn't disclose a data breach to impacted third parties, including customers and suppliers.

The survey, commissioned by Ward Solutions and conducted by TechPro, also found that 26 percent of respondents haven't planned for potential data breaches, and 23 percent don't have policies or controls in place regarding third-party handling of data.

And while 32 percent of respondents don't believe their board understands security threats, 42 percent believe IT security concerns and precautions hinder business growth.

Still, 63 percent of respondents plan to spend more on their IT security in the next 12 months.

"It's a major concern that almost half of Irish companies would not inform their customers, partners or suppliers that their information has been compromised through a data breach," Ward Solutions CEO Pat Larkin said in a statement.

"Customers place their trust in the companies they deal with and it is every business' obligation to be transparent with those customers and inform them of any risk to their data," Larkin added.

A recent eSecurity Planet article offered advice on improving database security.

Photo courtesy of Shutterstock.